PinnedLsecinSystem WeaknessExploiting CVE-2022–26923 by Abusing Active Directory Certificate Services (ADCS)CVE-2022–26923 is dangerous. There is large privilege escalation vector aiming directly at the domain’s administrative account(or machine)…8 min read·Jun 4, 2022----
LsecWeaponizing DLL Hijacking via DLL ProxyingSorry for not writing blogs for a while, but here am I now.7 min read·May 4, 2023----
LsecAttacking Active Directory: Unconstrained DelegationThe main focus of today’s topic will not be some C2 framework or AV bypass, but one specific AD attack.5 min read·Jan 15, 2023----
LsecWeaponizing Discord Shell via SMBIn the previous blog / video (https://medium.com/@lsecqt/using-discord-as-command-and-control-c2-with-python-and-nuitka-8fdced161fdd /…4 min read·Dec 4, 2022----
LsecUsing Discord as Command and Control (C2) with Python and NuitkaHello fellow red teamers, I was thinking of a way to obfuscate C2 traffic and got myself an idea. Why not chain the traffic over some…6 min read·Dec 2, 2022----
LsecDeveloping SMB stager in NimHello fellow Red Teamers. I recently started getting in touch with Nim for offensive coding. To be honest I find it difficult and strange…3 min read·Nov 24, 2022----
LsecEncrypting Shellcode with XOR | Offensive coding in CHello fellow red teamers. One of the techniques for AV evasion is encryption. While there are many, many encrypting algorightms, XOR is…5 min read·Nov 1, 2022--1--1
LsecCreating Fully Undetectable Payload (FUD) with CWelcome back my red teamers! Today’s blog is exciting because I personally did not expect such high result at evading AV vendors!5 min read·Oct 26, 2022--1--1