bohops's Avatar

bohops

@bohops.bsky.social

Mostly on X

116 Followers  |  31 Following  |  5 Posts  |  Joined: 13.01.2025  |  1.2706

Latest posts by bohops.bsky.social on Bluesky

mscoree.dll, RunDll32ShimW lolbin
www.hexacorn.com/blog/2025/05...

31.05.2025 23:29 β€” πŸ‘ 7    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0

Moving from pizza box servers and large tower PCs to mini and pico-style PCs has been absolutely amazing. A few NUCs and Pi s going along way.

28.04.2025 14:40 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

When I was doing sysadmin work back in the day, I inherited a few systems like this. Legacy but rock solid. Worse part was no one knew what it was used for until we decided to disconnect the network cable one day.... πŸ˜€

27.04.2025 12:05 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Thank you, Casey! It definitely means a lot coming from you.

25.03.2025 21:41 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Fileless lateral movement with trapped COM objects | IBM New research from IBM X-Force Red has led to the development of a proof-of-concept fileless lateral movement technique by abusing trapped Component Object Model (COM) objects. Get the details.

[Blog] This ended up being a great applied research project with my co-worker Dylan Tran on weaponizing a technique for fileless DCOM lateral movement based on the original work of James Forshaw. Defensive recommendations provided.

- Blog: ibm.com/think/news/f...
- PoC: github.com/xforcered/Fo...

25.03.2025 21:21 β€” πŸ‘ 15    πŸ” 11    πŸ’¬ 0    πŸ“Œ 1
Post image

I am excited to announce the first conference dedicated to the offensive use of AI in security! Request an invite at offensiveaicon.com.
Co-organized by RemoteThreat, Dreadnode, & DEVSEC.

19.03.2025 15:11 β€” πŸ‘ 7    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0
Screenshot showing the execution of the proof-of-concept named PowerChell in comparison to a typical PowerShell prompt. In particular, it shows that PowerChell is able to bypass the Constrained Language Mode (CLM).

Screenshot showing the execution of the proof-of-concept named PowerChell in comparison to a typical PowerShell prompt. In particular, it shows that PowerChell is able to bypass the Constrained Language Mode (CLM).

In this blog post, I explain how I was able to create a PowerShell console in C/C++, and disable all its security features (AMSI, logging, transcription, execution policy, CLM) in doing so. πŸ’ͺ

πŸ‘‰ blog.scrt.ch/2025/02/18/r...

19.02.2025 09:13 β€” πŸ‘ 43    πŸ” 19    πŸ’¬ 2    πŸ“Œ 2
Windows Bug Class: Accessing Trapped COM Objects with IDispatch Posted by James Forshaw, Google Project Zero Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy ...

New blog post on the abuse of the IDispatch COM interface to get unexpected objects loaded into a process. Demoed by using this to get arbitrary code execution in a PPL process. googleprojectzero.blogspot.com/2025/01/wind...

30.01.2025 18:37 β€” πŸ‘ 65    πŸ” 41    πŸ’¬ 2    πŸ“Œ 0

Apex Farms Red Team! I'm in.

15.01.2025 14:35 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

You can find our @shmoocon.bsky.social presentation slides at the below GitHub repo. Thanks again to all that attended. Also, thank you to the conference organizers for putting on a great con and having us! #shmoocon

github.com/h4wkst3r/Con...

12.01.2025 16:12 β€” πŸ‘ 16    πŸ” 12    πŸ’¬ 1    πŸ“Œ 0

@bohops is following 19 prominent accounts