u/netbiosX
▲ 2 r/purpleteamsec
u/netbiosX — 2 hours ago
Windows Service - Playbook & Detection Strategies
u/netbiosX — 8 hours ago
▲ 2 r/purpleteamsec
Hunting Sleeping Giants: Detecting Encrypted Beacon Sleep Obfuscation
reddit.comu/netbiosX — 19 hours ago
▲ 1 r/purpleteamsec
A Cobalt Strike BOF that attempts to retrieve Windows geolocation coordinates without fork & run. It uses the WinRT Geolocator API first and falls back to the legacy ILocation API
u/netbiosX — 2 days ago
▲ 1 r/purpleteamsec
OpenUDC2 - an open source implementation of the UDC2 spec used in Cobalt Strike. The goal of this project is to enable open source C2 frameworks to support existing (and hopefully future) open source UDC2 modules developed by the Cobalt Strike community.
u/netbiosX — 2 days ago
▲ 1 r/purpleteamsec
The Blind Spot in the Watchtower: Detections for When Someone Attacks Your Sentinel
u/netbiosX — 2 days ago
▲ 2 r/purpleteamsec
Automatically deploying Mythic C2 in Azure using Terraform
u/netbiosX — 2 days ago
▲ 7 r/purpleteamsec
Dumping LSASS Without Touching Disk: Improvements to ShadowDumper
u/netbiosX — 7 days ago
▲ 1 r/purpleteamsec
Abusing GitLab CI Runners as a Command and Control Framework
u/netbiosX — 9 days ago
▲ 1 r/purpleteamsec
NebulaPulsar: A Proof-of-Concept In-Memory Implant Framework for JSP and ASP.NET
reddit.comu/netbiosX — 9 days ago
▲ 3 r/purpleteamsec
From Code to Coverage (Part 6): What netlogon.log Sees That Event 1644 Never Will
u/netbiosX — 10 days ago
▲ 7 r/purpleteamsec
Advanced OPSEC fork of Donut. Features a Custom in-memory CLR Host, Tail-Jump ETW bypasses, and zero-patch AMSI evasion for stealthy shellcode generation
u/netbiosX — 10 days ago
▲ 2 r/purpleteamsec
Read-only NGAV/EDR exclusion risk and hygiene auditor (CrowdStrike-first, vendor-agnostic)
u/netbiosX — 11 days ago