Bryan McNulty's Avatar

Bryan McNulty

@bryanmcnulty.bsky.social

Hackerman @ https://falconops.com

12 Followers  |  44 Following  |  2 Posts  |  Joined: 03.02.2025  |  1.2345

Latest posts by bryanmcnulty.bsky.social on Bluesky


Preview
Release v0.2.0 Β· FalconOpsLLC/goexec Major Changes f284a0a dcom: new method: shellbrowserwindow 1c931fb dcom: new method: shellwindows Changes 420fbd9 Default string bindings for TSCH,SCMR 10eee0e Fix SMB dialect negotiation (#13) ...

GoExec v0.2.0 is live!

This includes two new DCOM-based execution methods: ShellWindows and ShellBrowserWindow.

Much more on the way (especially involving DCOM lateral movement) so stay tuned!

github.com/FalconOpsLLC...

09.09.2025 07:37 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
View and Search All Cloud Security Atlas Articles | Datadog Security Labs Datadog Cloud Security Atlas is a risk register for Threats and Vulnerabilities. This database gives you the ability to search and filter on your cloud provider platform, risk type, and sort by impact...

securitylabs.datadoghq.com/cloud-securi...
😱

08.08.2025 03:06 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
NFS escape to the root directory with NetExec

NFS escape to the root directory with NetExec

NFS downloading the /etc/shadow file from a system with default NFS configs

NFS downloading the /etc/shadow file from a system with default NFS configs

This looks off to you? Yeah...

In the default configuration, NFS exposes THE ENTIRE FILE SYSTEM and not only the exported directory!
This means that you can read every file on the system that is not root:root owned, e.g. /etc/shadow.

But it can get even worse 1/4🧡

03.03.2025 18:01 β€” πŸ‘ 8    πŸ” 4    πŸ’¬ 1    πŸ“Œ 0
Preview
LSA Secrets: revisiting secretsdump

In our latest article, our ninja laxa revisits the secretsdump implementation, offering an alternative avoiding reg save and eliminates writing files to disk, significantly reducing the likelihood of triggering security alerts. Read the details at www.synacktiv.com/publications....

20.02.2025 10:55 β€” πŸ‘ 4    πŸ” 6    πŸ’¬ 0    πŸ“Œ 0
Screenshot showing the execution of the proof-of-concept named PowerChell in comparison to a typical PowerShell prompt. In particular, it shows that PowerChell is able to bypass the Constrained Language Mode (CLM).

Screenshot showing the execution of the proof-of-concept named PowerChell in comparison to a typical PowerShell prompt. In particular, it shows that PowerChell is able to bypass the Constrained Language Mode (CLM).

In this blog post, I explain how I was able to create a PowerShell console in C/C++, and disable all its security features (AMSI, logging, transcription, execution policy, CLM) in doing so. πŸ’ͺ

πŸ‘‰ blog.scrt.ch/2025/02/18/r...

19.02.2025 09:13 β€” πŸ‘ 43    πŸ” 19    πŸ’¬ 2    πŸ“Œ 2

@bryanmcnulty is following 20 prominent accounts