netbiosX's Avatar

netbiosX

@netbiosx.bsky.social

Purple Team

1,754 Followers  |  66 Following  |  270 Posts  |  Joined: 03.07.2023  |  1.5438

Latest posts by netbiosx.bsky.social on Bluesky

Preview
Lateral Movement โ€“ BitLocker BitLocker is a full disk encryption feature which was designed to protect data by providing encryption to entire volumes. In Windows endpoints (workstations, laptop devices etc.), BitLocker is typiโ€ฆ
04.08.2025 18:29 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Takedown

03.08.2025 16:51 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
BadSuccessor Microsoft has introduced a feature in Windows Server 2025 to prevent credential harvesting via Kerberoasting and other credential stuffing attacks. This new feature comes in the form of a new accouโ€ฆ
28.07.2025 14:13 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
The Ultimate Guide to Windows Coercion Techniques in 2025 Windows authentication coercion often feels like a magic bullet against the average Active Directory. With any old low-privileged account, it usually allows us to gain full administrative access to al...
05.06.2025 17:35 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Boflink: A Linker For Beacon Object Files Intro This is a blog post written for a project I recently released. The source code for it can be found here on Github. Background The design of Cobalt Strikeโ€™s Beacon Object Files is rather unique w...
31.05.2025 16:48 โ€” ๐Ÿ‘ 1    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Stealth Syscall Execution: Bypassing ETW, Sysmon, and EDR Detection "Stealth syscalls: Because life's too short to argue with an angry EDR!" Discover how Stealth Syscall Execution bypasses ETW, Sysmon, and EDR detection. Learn advanced stealth techniques for red teami...
31.05.2025 10:52 โ€” ๐Ÿ‘ 6    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Revisiting COM Hijacking - SpecterOps Learn how to use COM hijacking for persistence and post-exploitation by targeting commonly used applications in Windows environments.
28.05.2025 18:42 โ€” ๐Ÿ‘ 3    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - EvilBytecode/Ebyte-AMSI-ProxyInjector: A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It s... A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It suspends the targetโ€™s threads, patches the fun...
17.05.2025 09:55 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Living-off-the-COM: Type Coercion Abuse This technique leverages PowerShellโ€™sย .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typeโ€ฆ
16.05.2025 19:15 โ€” ๐Ÿ‘ 4    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - Thunter-HackTeam/EvilentCoerce Contribute to Thunter-HackTeam/EvilentCoerce development by creating an account on GitHub.
06.05.2025 21:43 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Beacon Object Files vsย Tiny EXE Files TL;DR A lot of bloat in an EXE file is just the statically linked C runtime. Link dynamically to msvcrt.dll (or ucrtbase.dll on Win 10+) plus a 40-line stub, and depending on the size of the prograโ€ฆ
05.05.2025 16:03 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
GitHub - quarkslab/proxyblob: SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication. SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication. - quarkslab/proxyblob
05.05.2025 13:02 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Writing your own RDI /sRDI loader using C and ASM In this post, I am going to show the readers how to write their own RDI/sRDI loader in C, and then show how to optimize the code to make it fully position independent.
28.04.2025 06:59 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Attacking and Defending Configuration Manager - An Attackers Easy Win Introduction System Center Configuration Manager (SCCM) or Microsoft Configuration Manager allows endpoint administrators to utilize a single platform for seamless device management inside of an Activ...
27.04.2025 18:22 โ€” ๐Ÿ‘ 3    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - backdoorskid/ClrAmsiScanPatcher: Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET - backdoorskid/ClrAmsiScanPatcher
24.04.2025 20:43 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - cogiceo/GPOHound: Offensive GPO dumping and analysis tool that leverages and enriches BloodHound data Offensive GPO dumping and analysis tool that leverages and enriches BloodHound data - cogiceo/GPOHound
23.04.2025 17:27 โ€” ๐Ÿ‘ 3    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Windows Defender antivirus bypass in 2025 - part 2 Discover how hackers bypass an antivirus such as Windows Defender, using advanced techniques such as direct syscalls and shellcode encryption
22.04.2025 20:54 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Bypassing AMSI with Dynamic API Resolution in PowerShell - ROOTFU.IN function LookupFunc { Param ($moduleName, $functionName) $assem = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\')[-1]. Equals('System.dl...
21.04.2025 11:07 โ€” ๐Ÿ‘ 1    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - almounah/go-buena-clr: Good CLR Host with Native patchless AMSI Bypass Good CLR Host with Native patchless AMSI Bypass. Contribute to almounah/go-buena-clr development by creating an account on GitHub.
19.04.2025 11:57 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - tdeerenberg/InlineWhispers3: Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion - tdeerenberg/InlineWhispers3
13.04.2025 23:37 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
RemoteMonologue: Weaponizing DCOM for NTLM authentication coercions | IBM The IBM X-Force Red team covers the fundamentals of COM and DCOM, dives into the RunAs setting and why authentication coercions are impactful and introduces a new credential harvesting tool - RemoteMo...
09.04.2025 01:18 โ€” ๐Ÿ‘ 7    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - MythicAgents/Xenon: A Mythic agent for Windows written in C A Mythic agent for Windows written in C. Contribute to MythicAgents/Xenon development by creating an account on GitHub.
22.03.2025 00:16 โ€” ๐Ÿ‘ 4    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Red Teaming with ServiceNow - MDSec Introduction Over the course of numerous Red Team engagements MDSec has often gained privileged access to a targetโ€™s ServiceNow instance. This has, in turn, facilitated a variety of compromise actions...
21.03.2025 13:30 โ€” ๐Ÿ‘ 1    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Bypassing Windows Defender Application Control with Loki C2 Microsoft offers a bug bounty for qualifying bypasses into Windows Defender Application Control. Learn how IBM's X-Force team found a bypass using Loki C2.
19.03.2025 00:40 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
AMSI Bypass: In-memory patching AMSI (Anti-Malware Scan Interface) was developed by Microsoft in 2015 to defend against fileless threats such as VBS, JavaScript, andโ€ฆ
16.03.2025 08:06 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Beyond the Hook: A Technical Deep Dive into Modern Phishing Methodologies A technical exploration of modern phishing tactics, from basic HTML pages to advanced MFA-bypassing techniques, with analysis of infrastructure setup and delivery methods used by phishers in 2025.
11.03.2025 20:00 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - dagowda/DSViper: This is for Ethical Use only! Update:- Currently the payloads can only bypass latest real time monitoring and not cloud based detections, due to a lot of virus total submissi... This is for Ethical Use only! Update:- Currently the payloads can only bypass latest real time monitoring and not cloud based detections, due to a lot of virus total submissions. Works like a charm...
10.03.2025 17:41 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - DarkSpaceSecurity/RunAs-Stealer: RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging - DarkSpaceSecurity/RunAs-Stealer
09.03.2025 20:19 โ€” ๐Ÿ‘ 3    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Using RDP without leaving traces: the MSTSC public mode Learn how MSTSCโ€™s /public mode works! It blocks credential caching, session details, and bitmap storage, enhancing security. Discover its impact and how to reset MSTSC for a clean slate.
09.03.2025 19:11 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
SoaPy: Stealthy enumeration of Active Directory environments through ADWS Due to modern defensive solutions, targeted and large-scale enumeration of Active Directory (AD) environments has become increasingly detected. Learn more on that and a new tool to help fight it.
23.02.2025 22:33 โ€” ๐Ÿ‘ 5    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

@netbiosx is following 19 prominent accounts