r1cksec

@[email protected]
681 Followers
156 Following
64 Posts

Data breach revealed,
Malware lurks, silent, stealthy -
OSINT tracks the thread.

URLs I post may contain malware – be careful and check yourself before running anything.

Githubhttps://github.com/r1cksec
Twitterhttps://twitter.com/r1cksec
BlueSkyhttps://bsky.app/profile/r1cksec.bsky.social
r1cksec2h ago

EDRChoker uses Policy-based Quality of Service (QoS) to set hard bandwidth caps (throttling) on Endpoint Detection and Response (EDR) agents, causing them to always time out - effectively blocking them.

https://github.com/TwoSevenOneT/EDRChoker

#infosec #cybersecurity #redteam #pentest #edr #opensource

GitHub - TwoSevenOneT/EDRChoker: A tool uses the QoS Policy (Pacer.sys) to throttle Endpoint Detection and Response (EDR) agents from connecting to the server.

A tool uses the QoS Policy (Pacer.sys) to throttle Endpoint Detection and Response (EDR) agents from connecting to the server. - TwoSevenOneT/EDRChoker

GitHub
r1cksec1d ago

Using Exchange Online (or on-premises exchange in hybrid mode) in combination with an external MX record, such as a third-party email server or spam protection solution, can allow the spoofing of emails from any sender to any recipient in the target tenant.

https://labs.infoguard.ch/posts/ghost-sender/

#infosec #cybersecurity #redteam #phishing

Ghost-Sender - Universal Email Spoofing against Exchange Online - InfoGuard Labs

An analysis of a widely available Exchange Online misconfiguration allowing attackers to spoof internal and external senders.

InfoGuard Labs
r1cksec2d ago

This post demonstrates how command-line obfuscation can bypass EDR detections

https://www.wietzebeukema.nl/blog/bypassing-detections-with-command-line-obfuscation

#infosec #cybersecurity #redteam #pentest

Bypassing Detections with Command-Line Obfuscation

Defensive tools like AVs and EDRs rely on command-line arguments for detecting malicious activity. This post demonstrates how command-line obfuscation, a shell-independent technique that exploits executables’ parsing “flaws”, can bypass such detections. It also introduces ArgFuscator, a new tool that documents obfuscation opportunities and generates obfuscated command lines.

r1cksec3d ago

A Beacon Object File (BOF) that loads a .NET assembly into a Cobalt Strike or compatible beacon via CLR module stomping. The payload PE is written into a victim GAC assembly's file-backed mapping so that ETW reports a legitimate on-disk path.

https://github.com/nettitude/CLR-Stomp

#infosec #cybersecurity #redteam #pentest

GitHub - nettitude/CLR-Stomp: .NET CLR-Stomping

.NET CLR-Stomping. Contribute to nettitude/CLR-Stomp development by creating an account on GitHub.

GitHub
r1cksecJun 5

Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

https://github.com/trailofbits/skills

#infosec #cybersecurity #redteam #pentest #ai

GitHub - trailofbits/skills: Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows - trailofbits/skills

GitHub
r1cksecJun 2

mkPIVM is a polymorphic position-independent shellcode virtualizer for Windows x86 and x64 (Linux soon).

https://github.com/D7EAD/mkPIVM

#infosec #cybersecurity #redteam #pentest

GitHub - D7EAD/mkPIVM: Generate polymorphic, position-independent virtual machines (PIVMs) from arbitrary x86/x64 shellcode.

Generate polymorphic, position-independent virtual machines (PIVMs) from arbitrary x86/x64 shellcode. - D7EAD/mkPIVM

GitHub
r1cksecJun 1

Stack spoofing Detection for CET processes by comparing shadow and user stacks.

https://github.com/0xjbb/cet-spoofing-detection

#infosec #cybersecurity #redteam #pentest

GitHub - 0xjbb/cet-spoofing-detection: Stack spoofing Detection for CET processes by comparing shadow and user stacks.

Stack spoofing Detection for CET processes by comparing shadow and user stacks. - 0xjbb/cet-spoofing-detection

GitHub
r1cksecMay 29

Windows SSH Misconfiguration Discovery Tool — Map lateral movement paths through misconfigured SSH services in Active Directory environments.

https://github.com/1r0BIT/WinSSHound

#infosec #cybersecurity #redteam #pentest

GitHub - 1r0BIT/WinSSHound: Windows SSH Misconfiguration Discovery Tool - Map lateral movement paths through misconfigured SSH services in Active Directory environments

Windows SSH Misconfiguration Discovery Tool - Map lateral movement paths through misconfigured SSH services in Active Directory environments - 1r0BIT/WinSSHound

GitHub
r1cksecMay 28

A single, searchable directory of the community's Living-Off-the-Land security research — every LOLBin, LOLDriver, and adjacent project, indexed and cross-referenced by platform and focus area.

https://lolol.farm/

#infosec #cybersecurity #redteam #pentest #threatintel

lolol.farm — Living Off the Living Off the Land

A curated index of Living Off the Land security research projects.

r1cksecMay 26

Technical Reference to multiple relay techniques.

https://github.com/rootsecdev/relay_bible

#infosec #cybersecurity #redteam #pentest

GitHub - rootsecdev/relay_bible: Technical Reference to multiple relay techniques

Technical Reference to multiple relay techniques. Contribute to rootsecdev/relay_bible development by creating an account on GitHub.

GitHub