Data breach revealed,
Malware lurks, silent, stealthy -
OSINT tracks the thread.
URLs I post may contain malware – be careful and check yourself before running anything.
| Website | https://r1cksec.de |
| Github | https://github.com/r1cksec |
| https://twitter.com/r1cksec | |
| BlueSky | https://bsky.app/profile/r1cksec.bsky.social |
A post about identifying key areas of Configuration Manager (SCCM) infrastructure that defenders can implement for deception solutions
Deception and canary development implemented in SCCM can be used to alert upon cyber attacks and intrusions. This blog provides step by step guidance to implement deception solutions and use BloodHound OpenGraph for planning.
Opening a file in GNU Emacs can trigger arbitrary code execution through version control (git), most requiring zero user interaction beyond the file open itself.
https://github.com/califio/publications/blob/main/MADBugs/vim-vs-emacs-vs-claude/Emacs.md
#infosec #cybersecurity #redteam #pentest #ai #emacs #claude
A bug chain in Vim allows arbitrary OS command execution when a user opens a crafted file
https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh
https://github.com/califio/publications/blob/main/MADBugs/vim-vs-emacs-vs-claude/vim.md
Extract Windows credentials directly from VM memory snapshots and virtual disks
https://github.com/nikaiw/VMkatz
#infosec #cybersecurity #redteam #pentest #windows #opensource
Default TLS Exclusions for Palo Alto Networks Firewalls
https://gist.github.com/UNC1739/cc175d87b8623569844efadf224bd6ad
This repo contains the design plan and runbook for using Claude Code to search for Java Deserialization Gadget chains.
https://github.com/atredispartners/llmchainhunter
#infosec #cybersecurity #redteam #pentest #ai #llm #opensource
A project that loads .NET assemblies into memory within an IIS environment running in full‑trust mode. It uses reflective loading techniques to inject inside the memory space of the w3wp.exe worker pool process
A post that describe how PKG files can be used to gain initial access on macOS
https://blog.balliskit.com/macos-redteam-3-initial-access-with-darwinops-pkg-0a1d0160e662
Rusty Armory - Beacon Object Files (BOFs) in Rust (Codename: Armory)
It is possible as a low privileged user to parse the Windows event logs for any ASR exclusion
While working on varying engagements i have been messing with Microsoft Attack Surface Reduction (ASR) quite a bit, since clients often use it to make the life of adversaries(and red teamers) just a tad harder. While working on these engagements i have compiled some tips and tricks in order to bypass/evade some of the rules that ASR offers. In this post i will dive into what ASR is and some of tips and tricks that i often use to bypass/cheese my way around said rules… So strap in and lets get going with some basic ASR understanding.
