Demonstration of couple of UAC bypass methods using Havoc C2.

https://100daysofredteam.medium.com/using-havoc-c2-to-bypass-uac-b3a93c33442a

We tested 15 HTML sanitizers and managed to break 3 of them! How We Found XSS in Odoo & Gitea

Last December two of our security researchers - Alex & Catalin - put 15 HTML sanitizers to the test across Python, Go, JavaScript, and Ruby. The result? Three critical vulnerabilities that impact major platforms used by millions!

Key findings:
Python (lxml.html.clean) – Vulnerability found in Odoo (5M+ users)
Go (BlueMonday) – XSS in Gitea (used by Google, MasterCard, OpenStack)

The research exposed how sanitizers fail to handle edge cases, leading to security risks in chat systems, forums, and self-hosted git platforms.

Watch the full keynote for more insights: https://youtu.be/0M4e347tMds

Okay, so AI in Pentesting, huh? It's definitely a hot topic! A lot of folks instantly worry about losing their jobs, but let's be real: aren't we pentester basically problem-solvers?

Thing is, AI *can* actually help us speed up the simpler stuff. Think OSINT, CVE checks, and even report writing – AI could give us a boost there. And that would give us *more* time to focus on the really tricky hacks.

But hey, a word of caution: AI is just a tool, folks. It's not a magic bullet. Creativity and solid experience *still* matter big time! And let's not forget, security *solely* reliant on AI is just plain wrong. Seriously, certificates or no certificates, a company is NOT secure without good old-fashioned manual pentesting.

What are your thoughts? #Pentesting #AISecurity #OffensiveSecurity

A very different Monday from my usual, let the learning begin! #InsomniHack #INS2025 #OffensiveSecurity #Entra #AD

AI in security? Yeah, it *can* be helpful, BUT... Automated tools just aren't a substitute for a real-deal penetration tester with brains and experience, ya know? And honestly, blindly relying on AI? Yikes, that's risky! Those things can straight-up hallucinate information sometimes. We're much better off sticking with good ol' brainpower and a solid team, wouldn't you agree? So, what do *you* think are the biggest risks when it comes to AI in the security landscape? Let me know what you think!

Just stumbled across a report about Microsoft taking down some seriously bad actors who were hijacking Azure accounts for AI abuse. LLMjacking – sounds like something straight out of a cyberpunk novel, but it's actually happening!

Honestly, it reminds me of so many conversations I've had with clients. They're like, "Yeah, we've got a firewall, we're all good." Uh, no? Security's way more than just a product you buy. It's a process that needs to be baked in right from the start of development. And let's be real, automated scans *definitely* don't cut it as a pentest!

So, what's your take on AI security? Is it just overhyped, or is it a legitimate concern? Keen to hear your thoughts!

Whoa, malware trends in Q1/25 are getting seriously wild! AsyncRAT via TryCloudflare, Lynx Ransomware, Lumma Stealer popping up on GitHub... it's just escalating.

Here's the deal: tons of companies *think* their security is rock solid, but attackers are constantly leveling up their social engineering game – just look at InvisibleFerret. And then, bam! "Oh no, we've been hacked!" rings alarmingly too often.

Frankly, we need more pentests and proactive threat hunting. Automated scans? Sure, they're useful, but they're no substitute for experienced pros. What's your take on these new malware campaigns? What actually works for you?

"Winnti? Ach, das betrifft mich nicht!" – Denkste! Die sind wieder da und ihre Supply Chain Attacken? Mega gefährlich! Ja, Japan steht im Fokus, aber die Methoden können *jeden* treffen.

SQL Injection in ERP-Systemen ist leider immer noch ein Thema und MSP-Kompromittierungen sind der absolute Horror. Und Winnti nutzt das knallhart aus. Stell dir das mal vor: Die Hacker kommen über deinen Dienstleister rein und räumen alles leer!

Also, was tun? Wir müssen unsere ERP-Systeme absichern, unsere MSPs genau unter die Lupe nehmen, das Netzwerk segmentieren, das Monitoring scharf stellen und Winnti auf dem Schirm behalten. Open Source Tools können uns dabei echt helfen.

Habt ihr schon mal so eine Situation erlebt? Welche Security-Maßnahmen haben bei euch wirklich was gebracht? Erzählt mal, bin gespannt!

Build Your Own Offensive Security Lab A Step-by-Step Guide with Ludus: https://xphantom.nl/posts/Offensive-Security-Lab/

Simple Go lang bot maze trap

https://codeberg.org/matthewjharmon/go-bot-trap.git

#100DaysOfRedTeam
#Day 10 - Know the pros and cons of unannounced and announced red team assessments.

https://100daysofredteam.com/p/unannounced-vs-announced-red-team-assessments

#100DaysOfRedTeam
#Day 9 -Learn differences between a red team assessment and a penetration test with a simple analogy.

https://100daysofredteam.com/p/red-teaming-vs-penetration-testing

#100DaysOfRedTeam
#Day 8 -Learn what is Process Doppelgänging and how to abuse it for red team trade-craft.

https://100daysofredteam.com/p/what-is-process-doppelganging

#100DaysOfRedTeam
#Day7 -Learn what is Process Hollowing and how to abuse it for red team trade-craft.

https://100daysofredteam.com/p/what-is-process-hollowing

#100DaysOfRedTeam
Day6 -Is there a method to the madness of conducting a red team engagement?

https://100daysofredteam.com/p/what-is-a-red-team-methodology

#100DaysOfRedTeam
#Day3 - Learn what is COM and how red teams can use it as part of their trade-craft.

https://www.100daysofredteam.com/p/what-is-com-hijacking

#100DaysOfRedTeam
#Day2 - Learn how session sharing feature became a norm in command and control infrastructure.

https://www.100daysofredteam.com/p/the-origin-of-session-sharing-in