Administrator Protection in Windows 25H2 Changes Everything With update KB5067036, Windows quietly introduced Administrator Protection, and it changes how Windows handles admin rights. Until now, being a local admin meant living like Clark Kent: doing normal tasks in plain…
Google Dork - Code Leaks 🔑 site:pastebin. com "example. com" site:jsfiddle. net "example. com" site:codebeautify. org "example. com" site:codepen. io "example. com" Check for code snippets, secrets, configs 👀
You got access to vsphere and want to compromise the Windows hosts running on that ESX? 💡 1) Create a clone into a new template of the target VM 2) Download the VMDK file of the template from the storage 3) Parse it with Volumiser, extract SAM/SYSTEM/SECURITY (1/3)
Dumping LSASS is old school. If an admin is connected on a server you are local admin on, just create a scheduled task asking for a certificate on his behalf, get the cert, get its privs. All automatized in the schtask_as module for NetExec 🥳🥳🥳
Google Dork - XSS Prone Parameters 🔥 site:example[.]com inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& Test for XSS in param value: '"><img src=x onerror=alert()> Credit: @TakSec #infosec #bugbounty #bugbountytips
![viehgroup's tweet image. Google Dork - XSS Prone Parameters 🔥
site:example[.]com inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:&amp;
Test for XSS in param value:
'"&gt;&lt;img src=x onerror=alert()&gt;
Credit: @TakSec
#infosec #bugbounty #bugbountytips](https://pbs.twimg.com/media/G1TO7a7WEAAiLBH.png)
Google Dork - APIs Endpoints ⚙️ site:example[.]com inurl:api | site:*/rest | site:*/v1 | site:*/v2 | site:*/v3 Find hidden APIs, try techniques 👨💻
![TakSec's tweet image. Google Dork - APIs Endpoints ⚙️
site:example[.]com inurl:api | site:*/rest | site:*/v1 | site:*/v2 | site:*/v3
Find hidden APIs, try techniques 👨💻](https://pbs.twimg.com/media/G1Drt7hbUAAZkAv.png)
real-time cloning of any voice from a few seconds of audio
WOW!!! temp43487580.github.io/intune/bypass-… @TEMP43487580 such a good post!!! it is so well written, interesting research and great results! Thank you! 🤩
#malware "clipup.exe" in System32 is very powerful. It can destroy the executable file of the EDR service 😉. Experimenting with overwriting the MsMpEng.exe file github: /2x7EQ13/CreateProcessAsPPL #redteam #BlueTeam
"Localhost tracking" - How Meta bypassed Android sandboxing to track users browsing other websites with Meta's embedded pixel. Fun fact: 22% of the most visited websites across the world embed Meta's pixel. zeropartydata.es/p/localhost-tr…
#malware If you use a directory symlink path to create a process, Process Explorer will interpret the Path and Command Line of this process as the path containing the symlink, rather than the location of the executable file 🤔 #redteam #code
Attackers exploit Google Translate to hide their assets from security vendors. securelist.com/new-phishing-a…
#redteam Hey, look! Windows with two "System32" folders.😲 Hey, keep looking at this! A process loads the same DLL twice and keeps both instances in memory.😲 #malware #blueteam
Ohhhh, sneaky masquerading trick found in the wild and noted by @JAMESWT_WT The Threat Actor replaces / with "ん", a Japanese character +2 cat pictures
Windows Fonts Exploitation in 2025 - Bypassing UAC with Eudcedit Check out my recent research about eudcedit and see how it can by used to bypass UAC. medium.com/@matanb707/win… #UserAccountControl #UAC #Bypass #Windows
medium.com
Windows Fonts Exploitation in 2025 — Bypassing UAC with Eudcedit
UAC stands for User Account Control, and it was introduced in Windows Vista.
United States Trends
- 1. Trench 6,940 posts
- 2. Godzilla 22.9K posts
- 3. Richardson 3,193 posts
- 4. Foden 12.9K posts
- 5. Hato 24.6K posts
- 6. Brugge 31.2K posts
- 7. Frey 23.4K posts
- 8. Shabbat 1,753 posts
- 9. Flick 28.6K posts
- 10. Hefner 1,140 posts
- 11. $DUOL 1,786 posts
- 12. Lina Khan 5,881 posts
- 13. Tosin 13.9K posts
- 14. Ferran 11.8K posts
- 15. Jared Golden 1,345 posts
- 16. Minneapolis 54.8K posts
- 17. NYPD 37.4K posts
- 18. Stearns N/A
- 19. Qarabag 48.3K posts
- 20. SCOTUS 31.6K posts
Something went wrong.
Something went wrong.