@atsika.bsky.social
Red Team enthusiast | Malware development enjoyer | Adversary Simulation at @quarkslab.bsky.social
I've heard that my fellow Red Teamers like to use SOCKS proxies for stealth operations, so here's one that (ab)uses Azure Blob Storage π
30.04.2025 16:10 β π 0 π 0 π¬ 0 π 0
Proxybloby, the read teamer's mascot that will byte your SOCKS if left alone in your internal network
Look at those cute little blobs in your internal network. They look harmless, but how about the one carrying SOCKS?
It's ProxyBlob, a reverse proxy over Azure.
Check out Alexandre Nesic's article on how it came to exist after an assumed breach mission ‡οΈ
π blog.quarkslab.com/proxyblobing...
For us, EDR bypass is not just a buzzword.
MacroPack, ShellcodePack, and DarwinOps all come with bypass presets for major EDRs and Antivirus
Those presets are regularly updated and tested!
If you want to see a demo or an equivalent screenshot for the major EDRs contact us !
#redteam
Think NTLM relay is a solved problem? Think again.
Relay attacks are more complicated than many people realize. Check out this deep dive from Elad Shamir on NTLM relay attacks & the new edges we recently added to BloodHound. ghst.ly/4lv3E31
A CTF challenge in PHP, what could possibly not be a RCE?
Next week at the Hack The Box 0x4d meetup in Lille, France @rayanle.cat will talk about PwnShop, the challenge he prepared for the PwnMe CTF 2025 and how he accidentally discovered a RCE 0day while doing so.
Join him next Monday at Campus Cyber Hauts-the-France:
www.meetup.com/hack-the-box...
Balliskit Evasion Tip π€
To help with static analysis detection by EDR,
ShellcodePack implements a method to load a shellcode from a separate file or from an URL
This tutorial explains how to use that option!
#redteam
blog.balliskit.com/loading-a-sh...
On PTO and bored, so playing around with MCP by exposing Mythic APIs to Claude and seeing what the result. Attempting to have it emulate threat actors while operating Apollo in a lab... would make a good sparring partner :D www.youtube.com/watch?v=ZooT...
20.03.2025 22:24 β π 20 π 6 π¬ 1 π 0
π¨ Evilginx Pro is finally here! π¨π£π
This is it! After over two years of development, countless delays, and hundreds of manual company verifications, Evilginx Pro is finally live!
Thank you all for your invaluable support π
breakdev.org/evilginx-pro...
KrbRelayEx-RPC tool is out! π
Intercepts ISystemActivator requests, extracts Kerberos AP-REQ & dynamic port bindings and relays the AP-REQ to access SMB shares or HTTP ADCS, all fully transparent to the victim ;)
github.com/decoder-it/K...
If you thought phishing was now ineffective, you may have missed something π
My latest post highlights the advanced tactics used to bypass security controls and deceive even the most savvy users. Check it out ‡οΈ
Phishing in the Cloud with Diamonds
From classic HTML pages to advanced MFA bypasses, dive in with @atsika.bsky.social in an exploration of phishing techniques π£.
Learn some infrastructure tricks and delivery methods to bypass common detection.
π blog.quarkslab.com/technical-di...
(promise this one is legit π)
#PEbear (github.com/hasherezade/...) is now available via WinGet (learn.microsoft.com/en-us/window...)! You can install it easier than ever - just type: `winget install pe-bear` from Powershell.
09.03.2025 16:07 β π 12 π 8 π¬ 0 π 0![[DEMO] Searching for AceLdr in memory, with PE-sieve/HollowsHunter thread scan](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:bt437wewqcvsurogzlpcxque/bafkreibbqpujeyz2exwkdqbmzkzkr4p5cxvrbw5vwj3nn6h7k5fzdtjvvq@jpeg)
[DEMO] Searching for #AceLdr in memory, with #PEsieve/#HollowsHunter threads scan: www.youtube.com/watch?v=RQf2... ; read more: github.com/hasherezade/...
09.03.2025 16:08 β π 4 π 4 π¬ 0 π 0
Recently came across a pretty neat technique to silently load (malicious) VS Code extensions using its bootstrapping and portability features. Thought it was interesting enough to warrant my first blog post in 4 years π
Check it out π
casvancooten.com/posts/2025/0...
A Plan to Pwn: Reviving a 17 year old bug or winning a race against Project Management? We've got both.
Mathieu Farrell shows you how in the "Pwn Everything, Bounce Everywhere, all at once" blog post series.
blog.quarkslab.com/pwn-everythi...
An AI generated picture depicting exploitation kungfu against SOplanning. We guess they did not plan for that.
ICYMI: 5 vulnerabilities in SOPlanning, an open source project management application used by major consulting services providers.
In part 2 of "Pwn Everything, Bounce Everywhere, all at once" Mathieu Farrell tells you how to chain them for unautheticated RCE
blog.quarkslab.com/pwn-everythi...
Screenshot showing the execution of the proof-of-concept named PowerChell in comparison to a typical PowerShell prompt. In particular, it shows that PowerChell is able to bypass the Constrained Language Mode (CLM).
In this blog post, I explain how I was able to create a PowerShell console in C/C++, and disable all its security features (AMSI, logging, transcription, execution policy, CLM) in doing so. πͺ
π blog.scrt.ch/2025/02/18/r...
