netbiosX's Avatar

netbiosX

@netbiosx.bsky.social

Purple Team

1,796 Followers  |  67 Following  |  290 Posts  |  Joined: 03.07.2023  |  1.5261

Latest posts by netbiosx.bsky.social on Bluesky

Preview
GitHub - EricEsquivel/CobaltStrike-Linux-Beacon: Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons - EricEsquivel/CobaltStrike-Linux-Beacon

Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons github.com/EricEsquivel... #redteam

12.02.2026 01:31 โ€” ๐Ÿ‘ 1    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - ricardojoserf/AutoPtT: Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack, implemented in C++ and Python. Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack, implemented in C++ and Python. - ricardojoserf/AutoPtT

Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack, implemented in C++ and Python github.com/ricardojoser... #redteam

11.02.2026 11:03 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - CaptMag/MalDev: Creation of multiple Malware tools consisting of evasion, enumeration and exploitation Creation of multiple Malware tools consisting of evasion, enumeration and exploitation - CaptMag/MalDev

Creation of multiple Malware tools consisting of evasion, enumeration and exploitation github.com/CaptMag/MalDev

11.02.2026 08:55 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GAC Hijacking The Global Assembly Cache is a system-wide repository in the .NET framework that stores strong named (name + version + culture + public key token identity) assemblies so multiple applications can uโ€ฆ

๐Ÿ“ข New article about GAC Hijacking to perform Code Execution and Persistence
๐Ÿ“– 1x Playbook - A structured breakdown of the full approach
๐Ÿ’ก 3x Detection Opportunities
๐Ÿน 2x Threat Hunting Queries - Defender & Splunk
ipurple.team/2026/02/10/g...

10.02.2026 12:01 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - EvilBytecode/CustomDpapi: Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData! Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData! - EvilBytecode/CustomDpapi

CustomDpapi: Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData! github.com/EvilBytecode...

04.02.2026 15:58 โ€” ๐Ÿ‘ 4    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - CodeXTF2/Cobaltstrike_BOFLoader: open source port/reimplementation of the Cobalt Strike BOF Loader as is open source port/reimplementation of the Cobalt Strike BOF Loader as is - CodeXTF2/Cobaltstrike_BOFLoader

An open-source port/reimplementation of the Cobalt Strike BOF Loader

03.02.2026 10:08 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
AppLocker Rules Abuse AppLocker was introduced by Microsoft in Windows 7 to enable organizations to define which executables, scripts or installers are allowed to run in their environments. AppLocker can reduce the attaโ€ฆ
02.02.2026 07:52 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Wait, Why is my WebClient Started?: SCCM Hierarchy Takeover via NTLM Relay to LDAP - SpecterOps During automatic client push installation, an SCCM site server automatically attempts to map WebDav shares on clients, starting WebClient when installed.
14.01.2026 17:21 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
EDR Silencing Modern Endpoint Detection and Response systems depend on persistent, bidirectional communication with their cloud management console, enabling them to continuously report suspicious activity and reโ€ฆ
12.01.2026 15:13 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - Maldev-Academy/DumpBrowserSecrets: Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern... Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers ...

Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers (Chrome, Microsoft Edge, Firefox, Opera, Opera GX, and Vivaldi)

08.01.2026 18:11 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - dis0rder0x00/DbgNexum: Shellcode injection using the Windows Debugging API Shellcode injection using the Windows Debugging API - dis0rder0x00/DbgNexum

DbgNexum - a Proof-of-Concept for injecting shellcode using the Windows Debugging API and Shared Memory (File Mapping).

04.01.2026 18:41 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - 256AndreiAES/Aether-C2-Framework: Advanced Red Team C2 Framework written in Rust & Python. Advanced Red Team C2 Framework written in Rust & Python. - 256AndreiAES/Aether-C2-Framework

Aether C2 - Aether project operates on a Full Duplex, End-to-End Encrypted channel, utilizing direct WinAPI syscalls for evasion and a modular architecture for scalability github.com/256AndreiAES...

03.01.2026 15:20 โ€” ๐Ÿ‘ 1    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - pard0p/Remote-BOF-Runner: Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace. Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace. - pard0p/Remote-BOF-Runner
01.01.2026 23:19 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - Maldev-Academy/GhostlyHollowingViaTamperedSyscalls2 Contribute to Maldev-Academy/GhostlyHollowingViaTamperedSyscalls2 development by creating an account on GitHub.

Ghostly Hollowing Via Tampered Syscalls github.com/Maldev-Acade...

30.12.2025 16:14 โ€” ๐Ÿ‘ 5    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Bind Link โ€“ EDR Tampering The Bind Link API enables Administrators to create transparent mappings from a virtual path to a backing path (local or remote). The Bind Link feature was introduced in Windows 11 and according to โ€ฆ
01.12.2025 09:26 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
LSASS Dump โ€“ Windows Error Reporting The Windows Error Reporting is a feature that is responsible for the collection of information about system and application crashes and reporting this information to Microsoft. Windows are shipped โ€ฆ
18.11.2025 14:17 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - EvilBytecode/ExitPatcher: Prevent in-process process termination by patching exit APIs Prevent in-process process termination by patching exit APIs - EvilBytecode/ExitPatcher
09.11.2025 17:26 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
GitHub - MorDavid/DonPwner: Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database - MorDavid/DonPwner
08.11.2025 16:39 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Golden dMSA Delegated Managed Service Account (dMSA) was introduced by Microsoft in Windows Server 2025 to prevent Kerberos related attacks such as Kerberoasting by binding authentication of service accounts tโ€ฆ
02.09.2025 15:18 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Active Directory Enumeration โ€“ ADWS Microsoft introduced Active Directory Web Services (ADWS) in Windows Server 2008 R2 as a method to provide an interface to instances for querying and managing Active Directory over a network. The sโ€ฆ
12.08.2025 14:56 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Lateral Movement โ€“ BitLocker BitLocker is a full disk encryption feature which was designed to protect data by providing encryption to entire volumes. In Windows endpoints (workstations, laptop devices etc.), BitLocker is typiโ€ฆ
04.08.2025 18:29 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Takedown

03.08.2025 16:51 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
BadSuccessor Microsoft has introduced a feature in Windows Server 2025 to prevent credential harvesting via Kerberoasting and other credential stuffing attacks. This new feature comes in the form of a new accouโ€ฆ
28.07.2025 14:13 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
The Ultimate Guide to Windows Coercion Techniques in 2025 Windows authentication coercion often feels like a magic bullet against the average Active Directory. With any old low-privileged account, it usually allows us to gain full administrative access to al...
05.06.2025 17:35 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Boflink: A Linker For Beacon Object Files Intro This is a blog post written for a project I recently released. The source code for it can be found here on Github. Background The design of Cobalt Strikeโ€™s Beacon Object Files is rather unique w...
31.05.2025 16:48 โ€” ๐Ÿ‘ 1    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Stealth Syscall Execution: Bypassing ETW, Sysmon, and EDR Detection "Stealth syscalls: Because life's too short to argue with an angry EDR!" Discover how Stealth Syscall Execution bypasses ETW, Sysmon, and EDR detection. Learn advanced stealth techniques for red teami...
31.05.2025 10:52 โ€” ๐Ÿ‘ 6    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Revisiting COM Hijacking - SpecterOps Learn how to use COM hijacking for persistence and post-exploitation by targeting commonly used applications in Windows environments.
28.05.2025 18:42 โ€” ๐Ÿ‘ 3    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - EvilBytecode/Ebyte-AMSI-ProxyInjector: A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It s... A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It suspends the targetโ€™s threads, patches the fun...
17.05.2025 09:55 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Living-off-the-COM: Type Coercion Abuse This technique leverages PowerShellโ€™sย .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typeโ€ฆ
16.05.2025 19:15 โ€” ๐Ÿ‘ 4    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - Thunter-HackTeam/EvilentCoerce Contribute to Thunter-HackTeam/EvilentCoerce development by creating an account on GitHub.
06.05.2025 21:43 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

@netbiosx is following 19 prominent accounts