PinnedLsecinSystem WeaknessExploiting CVE-2022–26923 by Abusing Active Directory Certificate Services (ADCS)CVE-2022–26923 is dangerous. There is large privilege escalation vector aiming directly at the domain’s administrative account(or machine)…Jun 4, 2022Jun 4, 2022
LsecWeaponizing DLL Hijacking via DLL ProxyingSorry for not writing blogs for a while, but here am I now.May 4, 2023May 4, 2023
LsecAttacking Active Directory: Unconstrained DelegationThe main focus of today’s topic will not be some C2 framework or AV bypass, but one specific AD attack.Jan 15, 2023Jan 15, 2023
LsecWeaponizing Discord Shell via SMBIn the previous blog / video (https://medium.com/@lsecqt/using-discord-as-command-and-control-c2-with-python-and-nuitka-8fdced161fdd /…Dec 4, 2022Dec 4, 2022
LsecUsing Discord as Command and Control (C2) with Python and NuitkaHello fellow red teamers, I was thinking of a way to obfuscate C2 traffic and got myself an idea. Why not chain the traffic over some…Dec 2, 2022Dec 2, 2022
LsecDeveloping SMB stager in NimHello fellow Red Teamers. I recently started getting in touch with Nim for offensive coding. To be honest I find it difficult and strange…Nov 24, 2022Nov 24, 2022
LsecEncrypting Shellcode with XOR | Offensive coding in CHello fellow red teamers. One of the techniques for AV evasion is encryption. While there are many, many encrypting algorightms, XOR is…Nov 1, 20221Nov 1, 20221
LsecCreating Fully Undetectable Payload (FUD) with CWelcome back my red teamers! Today’s blog is exciting because I personally did not expect such high result at evading AV vendors!Oct 26, 20221Oct 26, 20221