This repo contains the design plan and runbook for using Claude Code to search for Java Deserialization Gadget chains.
https://github.com/atredispartners/llmchainhunter
#infosec #cybersecurity #redteam #pentest #ai #llm #opensource
GitHub - atredispartners/llmchainhunter: Leveraging LLM to generate Java deserialization chains
Leveraging LLM to generate Java deserialization chains - atredispartners/llmchainhunter
A project that loads .NET assemblies into memory within an IIS environment running in full‑trust mode. It uses reflective loading techniques to inject inside the memory space of the w3wp.exe worker pool process
https://github.com/zux0x3a/Phantom
#infosec #cybersecurity #redteam #pentest #windows
MacOS Redteam 3: Initial Access with DarwinOps PKG
State of the art:
GitHub - memN0ps/armory-rs: Rusty Armory - Beacon Object Files (BOFs) in Rust (Codename: Armory)
Rusty Armory - Beacon Object Files (BOFs) in Rust (Codename: Armory) - memN0ps/armory-rs
It is possible as a low privileged user to parse the Windows event logs for any ASR exclusion
https://primusinterp.com/posts/WindowsASR/
#infosec #cybersecurity #redteam #pentest
Cheesing Microsoft Attack Surface Reduction rules
While working on varying engagements i have been messing with Microsoft Attack Surface Reduction (ASR) quite a bit, since clients often use it to make the life of adversaries(and red teamers) just a tad harder. While working on these engagements i have compiled some tips and tricks in order to bypass/evade some of the rules that ASR offers. In this post i will dive into what ASR is and some of tips and tricks that i often use to bypass/cheese my way around said rules… So strap in and lets get going with some basic ASR understanding.
This cheatsheet maps common impacket workflows to their modern alternatives
https://github.com/n00py/Outpacket
#infosec #cybersecurity #redteam #pentest
GitHub - n00py/Outpacket: This cheatsheet maps common impacket workflows to their modern alternatives
This cheatsheet maps common impacket workflows to their modern alternatives - n00py/Outpacket
LLM security testing framework for detecting prompt injection, jailbreaks, and adversarial attacks — 190+ probes, 28 providers, single Go binary
https://github.com/praetorian-inc/augustus
#infosec #cybersecurity #redteam #pentest #ai
GitHub - chryzsh/awesome-bof: 🧠 The ultimate resource for finding Beacon Object Files (BOFs).
🧠 The ultimate resource for finding Beacon Object Files (BOFs). - chryzsh/awesome-bof
By altering the calling threads process ID and extending the exploitation window with file locks, an attacker can trick Seclogon into creating privileged LSASS handles for memory dumping
https://otter.gitbook.io/red-teaming/articles/windows-of-opportunity-exploiting-race-conditions-in-seclogon-to-dump-lsass
#infosec #cybersecurity #redteam #pentest #windows
Windows of Opportunity: exploiting race conditions in Seclogon to dump LSASS | Otter's Notes
In late 2025, Reversec built a system that streamlined voice phishing (vishing) attempts using autonomous conversational AI agents that followed a pretext for gaining initial access.
https://labs.reversec.com/posts/2026/02/building-an-ai-vishing-solution-in-7-days
#infosec #cybersecurity #redteam #phishing
Building an AI Vishing Solution in 7 Days
A quick and dirty guide on how to rapidly deploy a fully autonomous coversational AI agent for voice-based social engineering
