's Avatar

@domchell.bsky.social

211 Followers  |  115 Following  |  5 Posts  |  Joined: 08.12.2024  |  1.7067

Latest posts by domchell.bsky.social on Bluesky

Preview
macOS DYLIB Injection at Scale: Designing a Self-Sufficient Loader Letโ€™s explore Dylib injection and Dylib proxying on macOS (the equivalent of Windows DLL injection)

Binary injection vulnerabilities can be found in many MacOS apps. Those may be abused to bypass EDR, hide backdoor, access memory, or bypass TCC!

DarwinOps provides
- An advanced injection vulnerability scanner
- A redteam scenario to exploit them

#redteam

blog.balliskit.com/macos-dylib-...

17.09.2025 16:25 โ€” ๐Ÿ‘ 3    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - SpecterOps/Nemesis: An offensive data enrichment pipeline An offensive data enrichment pipeline. Contribute to SpecterOps/Nemesis development by creating an account on GitHub.

Lots of cool new Nemesis features merging in soon from @tifkin_ and I! Development definitely didn't stop with the 2.0 release :) github.com/SpecterOps/N...

16.09.2025 19:07 โ€” ๐Ÿ‘ 4    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
The Phrack leak: Examining an APTโ€™s workstation In August 2025, two anonymous researchers released 9 GB of data from a workstation of a likely advanced persistent threat (APT) group. Hereโ€™s an analysis of the data by Intel 471โ€™s Cyber Geopolitical ...

Thanks for the excellent writeup @intel471.bsky.social

www.intel471.com/blog/the-phr...

12.09.2025 18:20 โ€” ๐Ÿ‘ 18    ๐Ÿ” 5    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Screenshot showing the output of the proof-of-concept tool "SMAStorageDump", where ACCs are dully decrypted.

Screenshot showing the output of the proof-of-concept tool "SMAStorageDump", where ACCs are dully decrypted.

๐Ÿ†• New blog post!

"Offline Extraction of Symantec Account Connectivity Credentials (ACCs)"

Following my previous post on the subject, here is how to extract ACCs purely offline.

๐Ÿ‘‰ itm4n.github.io/offline-extr...

#redteam #pentesting

15.06.2025 16:33 โ€” ๐Ÿ‘ 10    ๐Ÿ” 4    ๐Ÿ’ฌ 3    ๐Ÿ“Œ 0
Post image

We are proud to introduce #dAWShund to the world: a framework for putting a leash on naughty AWS permissions. dAWShund helps blue and red teams find resources in #AWS, evaluate their access levels and visualize the relationships between them.

falconforce.nl/dawshund-fra...

#blueteaming #redteaming

11.04.2025 11:54 โ€” ๐Ÿ‘ 11    ๐Ÿ” 3    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

With putty, thereโ€™s a nice little trick you can do to enable connection sharing and piggy back off their sessionโ€ฆ helps get around things like mfa ๐Ÿ™ƒ

10.04.2025 21:49 โ€” ๐Ÿ‘ 4    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image

Our red team is growing and we have a rare open position for a Principal RT Operator - if this sounds like you, get in touch ๐Ÿ™

09.04.2025 18:55 โ€” ๐Ÿ‘ 4    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Fileless lateral movement with trapped COM objects | IBM New research from IBM X-Force Red has led to the development of a proof-of-concept fileless lateral movement technique by abusing trapped Component Object Model (COM) objects. Get the details.

[Blog] This ended up being a great applied research project with my co-worker Dylan Tran on weaponizing a technique for fileless DCOM lateral movement based on the original work of James Forshaw. Defensive recommendations provided.

- Blog: ibm.com/think/news/f...
- PoC: github.com/xforcered/Fo...

25.03.2025 21:21 โ€” ๐Ÿ‘ 15    ๐Ÿ” 11    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 1

Prodaft has published a technical analysis of Anubis, a new Python-based backdoor linked to Savage Ladybug (FIN7) operations

catalyst.prodaft.com/public/repor...

16.03.2025 10:39 โ€” ๐Ÿ‘ 8    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Blind Eagle: โ€ฆAnd Justice for All - Check Point Research Key Points Introduction APT-C-36, also known as Blind Eagle, is a threat group that engages in both espionage and cybercrime. It primarily targets organizations in Colombia and other Latin American co...

The Blind Eagle APT group has compromised over 1,600 victims inside Colombian institutions and government agencies.

The campaign took place in November & December of last year and used an exploit similar to a zero-day exploited by Russian hackers in Ukraine.

research.checkpoint.com/2025/blind-e...

11.03.2025 13:30 โ€” ๐Ÿ‘ 9    ๐Ÿ” 6    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - decoder-it/KrbRelayEx-RPC Contribute to decoder-it/KrbRelayEx-RPC development by creating an account on GitHub.

KrbRelayEx-RPC tool is out! ๐ŸŽ‰
Intercepts ISystemActivator requests, extracts Kerberos AP-REQ & dynamic port bindings and relays the AP-REQ to access SMB shares or HTTP ADCS, all fully transparent to the victim ;)
github.com/decoder-it/K...

14.03.2025 10:18 โ€” ๐Ÿ‘ 9    ๐Ÿ” 10    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
C2 Beaconing Detection with MDE Aggregated Report Telemetry Detecting C2 Beaconing using MDE Aggregated Report Telemetry.

๐Ÿšจ Detect C2 Beacons!

New Microsoft Defender for Endpoint telemetry provides new opportunities for threat detection!

๐Ÿ”—
academy.bluraven.io/blog/beaconi...


#ThreatHunting #DetectionEngineering #MDE

14.03.2025 14:13 โ€” ๐Ÿ‘ 8    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
a bald man says " make it so " in front of a blurred background ALT: a bald man says " make it so " in front of a blurred background
16.03.2025 07:54 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Haha youโ€™re clutching at straws there!

You should be honoured to get my first post ๐Ÿ˜‚

13.03.2025 06:02 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

So whenโ€™s your last day at Fortra? ๐Ÿ™ƒ

12.03.2025 22:11 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image

It appears Microsoft quietly mitigated most of the risk of the "Intune company portal" device compliance CA bypass by restricting the scope of Azure AD graph tokens issued to this app, making them almost useless for most abuse scenarios. Thx @domchell.bsky.social for the heads up.

20.02.2025 11:08 โ€” ๐Ÿ‘ 28    ๐Ÿ” 9    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

@domchell is following 20 prominent accounts