Weaponize signed .NET ClickOnce applications for initial access by hijacking a dependency DLL via AppDomainManager injection and loading a C# port of ProxyBlob Agent.

https://github.com/dazzyddos/ClickOnceBlobber

#infosec #cybersecurity #redteam #pentest

A .NET 8 toolkit for creating and analysing Windows Shell Link (.lnk) files. Includes a command-line builder (LnkMeMaybe) and a graphical editor (LnkUi).

https://github.com/trustedsec/LnkMeMaybe

#infosec #cybersecurity #redteam #pentest #phishing

Orchestrate detonating your MalDev in VMs with different EDRs to see their detection surface.

https://github.com/dobin/detonator

#infosec #cybersecurity #redteam #pentest

Generalized Wi-Fi Client Isolation Bypasses

https://github.com/vanhoefm/airsnitch

#infosec #cybersecurity #redteam #pentest #wifi

DCSync Beacon Object File (BOF)

https://github.com/kozmer/dcsync-bof

#infosec #cybersecurity #redteam #pentest #opensource

Tried my new VPN gateway on a Raspberry Pi and booted BlackArch live to explore some tools. Sadly, the distro feels abandoned: outdated packages, broken apps, no copy/paste in terminals, and a prehistoric Firefox. A shame, because it still boots under 500MB RAM 😕

#linux #infosec #pentest #raspberrypi #vpn #blackarch

This ASPX web shell enables execution of Beacon Object Files (BOFs) on a target server using a semi-interactive Python client.

https://github.com/epotseluevskaya/ASPX_WebShell_COFFLoader

#infosec #cybersecurity #redteam #pentest #web

📣 New @7ASecurity public #Pentest report
🔐 @dComms improves resilience with verified fixes, thanks to @OpenTechFund
4 issues identified (2 high) and remediated
Feedback is welcome enjoy 🙂
🔗 https://7asecurity.com/blog/2026/03/dcomms-audit-by-7asecurity/

#7ASecurity #CyberSecurity #OpenSource #dComms #infosec

Another session announcement for BSides Luxembourg!

💻 𝗧𝗛𝗢𝗦𝗘 𝗪𝗛𝗢 𝗗𝗢𝗡’𝗧 𝗟𝗘𝗔𝗥𝗡 𝗙𝗥𝗢𝗠 𝗖𝗩𝗘𝗦 𝗔𝗥𝗘 𝗗𝗢𝗢𝗠𝗘𝗗 𝗧𝗢 𝗥𝗘𝗗𝗜𝗦𝗖𝗢𝗩𝗘𝗥 𝗧𝗛𝗘𝗠 - Louis Nyffenegger (@snyff ) 💥

Real vulnerabilities don’t appear in isolation, they’re rooted in code, context, and human error. This session walks through actual CVEs, analyzing the code where they were introduced. You will see the patterns, assumptions, and language quirks that led to the flaw - not just the exploit, but the moment it could’ve been caught.

Louis Nyffenegger https://bsky.app/profile/snyff.pentesterlab.com is the founder of PentesterLab and AppSecSchool, application security expert, and hands-on trainer with experience at the National Bank of Australia, Australia Post, and Fitbit.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

#BSidesLuxembourg #CVE #CodeReview #SecureCoding #PenTest #SecurityEducation #DevSecOps

Opening a file in GNU Emacs can trigger arbitrary code execution through version control (git), most requiring zero user interaction beyond the file open itself.

https://github.com/califio/publications/blob/main/MADBugs/vim-vs-emacs-vs-claude/Emacs.md

#infosec #cybersecurity #redteam #pentest #ai #emacs #claude