Mr.Un1k0d3r

We are going live tonight at 7 PM EST

@everyone we are going live tonight at 7 PM EST.

Episode 34: Spawning a process through token impersonation. The proper way to gain another process's user privileges.

truecyber.world

#redteam #training

We’re going live tonight at 7 PM EST.

Tonight’s session is about revisiting obfuscation and evasion techniques to hide malicious payloads from EDRs. We’ll discuss what’s working in 2026 and what can be done to ensure your tooling remains effective.

truecyber.world

NorthSec Training 2026 - Red Team Training | Charles F. Hamilton In May in Montreal, I will present my red team training in person during the NorthSec. If you're interested in leveling up your red teaming skills or gaining a better understanding of how attacks wor...

In May, during @NorthSec_io, I will present my red team training in person. If you are interested in learning more about the conference and the training, all the information is here:

www.linkedin.com/posts/charle...

#training #redteaming

Join TrueCyber Learning Platform | Charles F. Hamilton Tonight’s session will cover the web infrastructure utilities that can support your red team exercise. Having simple web services and a CDN ready will make testing easier. You can expect topics such as proxying downloads, domain setup and basic PHP code. #redteam #training

We are going live tonight 7 PM EST.

Web infrastructure utilities that can support your red team exercise. Having simple web services and a CDN ready will make testing easier. You can expect topics such as proxying downloads, domain setup and basic PHP.

www.linkedin.com/posts/charle...

We are going live tonight at 7 PM EST.

This session is about understanding how drivers can be misused to kill protected processes such as EDRs. We will explore and learn how to identify kernel drivers that can be exploited and how to automate the process.

truecyber.world

#redteaming #pentest

We are going live tonight at 7 PM EST.

We have a special guest from Flare tonight. Flare specializes in continuous monitoring of dark and clear web sources, gathering information from various sources.

Lets see how the data can be used during a red team exercise.

truecyber.world

This is your last chance to benefit from the Black Friday deals on my learning platforms. Get up to 60% OFF on the bundle. You can even get an extra 10% OFF if you check the page source code.

Offer end on Sunday!

truecyber.world/promo.me

#BlackFriday #redteam #Training

Black Friday sale on TrueCyber content and Mr.Un1k0d3r platform: up to 60% OFF.

There is a challenge hidden in the promo page source code to get an extra 10% OFF 🙂

truecyber.world/promo.me

#RedTeaming #learningplatform #BlackFriday

#podcast #edr #redteaming | Charles F. Hamilton Cette semaine, on parle EDR sur le podcast de PolySécure. Mieux comprendre leur mode de fonctionnement, mieux comprendre leur valeur autant du côté défensif qu'offensif, les enjeux pour l'industrie. B...

I was invited to a cybersecurity podcast to talk about EDRs and red teaming. The podcast is in French.

www.linkedin.com/posts/charle...

#RedTeaming #EDR

Indeed truecyber.world is the correct URL

We are going live tonight at 7 PM EST.

Tonight, we continue building a reconnaissance tool for Azure to identify Azure attack vectors. This is Part III and the final part of our Azure journey.

truecyber.world

#Azure #redteaming

#podcast #cybersecurité | Charles F. Hamilton J'ai une fois de plus eu la chance de participer au podcast de PolySécure pour discuter de cybersécurité. On a discuté d'Azure et des tendances que j'observe durant les exercices offensifs. Bonne éco...

If you are interested, I talked about cybersecurity during a podcast (it's in French). We talked about Azure and the trends I observed during red team exercises.

www.linkedin.com/posts/charle...

#podcast #CyberSecurity

Join TrueCyber Learning Platform | Charles F. Hamilton Tonight I will continue to show how Azure and Entra ID can be misused as part of a red team exercise. We are going to code the tool live and explore Azure functionality that could be leveraged to gain...

We are going live tonight at 7 Pam EDT. How Azure and Entra ID can be misused as part of a red team exercise. More information below.

#Azure
#RedTeam

www.linkedin.com/posts/charle...

#azure #redteam #pentest | Charles F. Hamilton Français plus bas Another week, another Azure advice. We've previously talked about application permissions, phishing vectors, and more. Today, let's talk about Azure configuration itself. When was ...

For some reason, Azure is assumed to be secure by design, which is not the case. Validating the default user permissions is important to ensure that everything that can be hardened is hardened.

#Azure #RedTeam

www.linkedin.com/posts/charle...

Senior Penetration Testing Consultant | Charles F. Hamilton We are hiring for our Offensive team. If you are interested in red teaming and traditional pentesting in a highly motivated team, this is your opportunity. If doing R&D, writing your own tools, and l...

We are hiring for a senior red teaming / pentest role at CYPFER.

Interested in applying, feel free to reach out to me.

100% remote role; more information here:

www.linkedin.com/posts/charle...

#redteam #hiring #pentest

We are going live tonight at 7 PM EDT.

Tonight's session is about Microsoft Azure. We will do a deep dive into how it can be abused as part of a red team. We will automate the process by writing a complete tool to perform attacks and reconnaissance.

truecyber.world

#azure #redteam #graphapis | Charles F. Hamilton Français plus bas I showcased a few interesting Azure applications that can be used to gather more information than allowed by default, including ways to bypass UsersPermissionToReadOtherUsersEnabled...

The Azure Graph API /beta/users endpoint is definitely an interesting one, as it now includes on-premise Active Directory information, which was not included in the previous /v1.0/users.

www.linkedin.com/posts/charle...

#Azure #RedTeam #Graph

#redteam #azure | Charles F. Hamilton Français plus bas Interested in learning more about Azure built-in applications that can be misused? Here is another one that allows you to list all the applications deployed within your tenant. A st...

Interested in attack vectors in Azure.

I have documented another example to have read permission on all the applications exposed in the tenant and more. Blocking default applications is crucial to prevent such vectors.

www.linkedin.com/posts/charle...

#Azure #RedTeam

I'm working on a useful tool that allowed me to discover quite a few interesting attack vectors in Azure.

UsersPermissionToReadOtherUsersEnabled bypass
MFA bypass
Privileges escalation
And more

www.linkedin.com/posts/charle...

#Azure #RedTeam

We are going live tonight at 7 PM EDT.

Tonight's session is about running your own LLM locally and building a simple cross-platform .NET client interface to interact with it. The private LLM is quite useful during red team exercises.

truecyber.world

GitHub - Mr-Un1k0d3r/DotnetNoVirtualProtectShellcodeLoader: load shellcode without P/D Invoke and VirtualProtect call. load shellcode without P/D Invoke and VirtualProtect call. - Mr-Un1k0d3r/DotnetNoVirtualProtectShellcodeLoader

You want to load your shellcode in .NET without calling VirtualProtect? Use RuntimeHelpers.PrepareMethod to create a predictable RWX memory region for you. This method also doesn't require a delegate function pointer, since you override a .NET method.

github.com/Mr-Un1k0d3r/...

It's time for the long weekend sale!
Get 50% OFF when you purchase both the Coding Class and the Red Team Training for just $400 (regularly $800). This includes over 200 hours of videos and source code.

More details here mr.un1k0d3r.world/training/a6e...

#redteam #discount

We are going live tonight at 7 PM EDT.

Tonight's session is about understanding the underlying concepts of Active Directory Certificate Service (ADCS) and how certificate templates can be audited using C#.

truecyber.world

Next week, I will present a live webinar covering an interesting technique for executing shellcode using built-in .NET capabilities. | Charles F. Hamilton Next week, I will present a live webinar covering an interesting technique for executing shellcode using built-in .NET capabilities. Join us on August 6 to explore some of the tradecraft we developed...

Next week, I will present a live webinar covering an interesting technique for executing shellcode using built-in .NET capabilities.

www.linkedin.com/posts/charle...

#redteam #webinar

We are going live tonight at 7 PM EST.

Tonight's session is about auditing and searching for misconfigured GPOs using C# during a red team exercise.

truecyber.world

We are going live tonight at 7 PM EDT.

Tonight's episode is about writing your own SOCKS5 proxy that can serve as your complete C2, allowing you to perform all operations remotely.

truecyber.world

We are going live tonight at 7 PM!

Tonight's session is about incorporating sandbox evasion techniques into your malware using C and C#.

truecyber.world

Shellcode architecture matter too make sure you use x86 shellcode if you are using anycpu in VS.

Wonderful I know that sometime I go fast. But happy to hear to you got most of it live.

The upcoming live session will be presented live from @northsec.io this Friday, May 16, 2025, at 1 PM EST.

We will be chaining a novel technique in .NET that does not require any RWX memory allocation or external APIs.

truecyber.world