An imperceptible presence within a network remains the paramount trump card of digital malefactors, and a nascent discovery by the savants at Blackpoint illuminates the profound sophistication these instruments are attaining. A venomous module...
The compromise of a perimeter network appliance can swiftly shepherd a malefactor toward domain controllers and the enterprise’s most critical data repositories. In the nascent months of 2026, cybersecurity sentinels chronicled a sequence of...
SpeechRuntimeMove Lateral Movement via SpeechRuntime DCOM trigger & COM Hijacking. This Proof of Concept (PoC) for Lateral Movement abuses the fact, that some COM Classes configured as INTERACTIVE USER will spawn a process in the context...
FusterCluck is a POC script for attacking failover clusters via the cluster API over RPC. The tool allows enumeration of cluster nodes and the state of cluster roles. If an attacker has control of...
DCOMRunAs instantiates COM objects in the session of a logged-on user on a remote machine. By targeting a COM object subject to DLL hijacking and dropping a custom DLL at that path, the payload...
LdrShuffle Stealthy code execution via modification of the EntryPoint of loaded modules at runtime. Summary Windows processses have various modules loaded at runtime. Each of theses modules has a DllMain() function defined, which will be invoked on process...
BitlockMove Lateral Movement via Bitlocker DCOM & COM Hijacking. This Proof of Concept (PoC) for Lateral Movement abuses the fact, that some COM Classes configured as INTERACTIVE USER will spawn a process in the context of...
Ransomware operators and infostealers are adapting their tactics more swiftly than enterprises can recalibrate their defenses. Even substantial investments in ransomware resilience—primarily in backups and recovery—are increasingly failing to prevent tangible damage. According to...
SharpSCCM SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr, formerly SCCM) for lateral movement without requiring access to the SCCM administration console GUI. SharpSCCM was initially created to...
The China-linked cyber-espionage group APT41 has launched a new surveillance campaign targeting government IT services in Africa—an unexpected turn for a region previously considered an unlikely target. Researchers at Kaspersky Lab uncovered the operation...
RemoteMonologue is a Windows credential harvesting technique that enables remote user compromise by leveraging the Interactive User RunAs key and coercing NTLM authentications via DCOM. Features ? Authentication Coercion via DCOM (-dcom) Targets three DCOM...
Amnesiac Amnesiac is a post-exploitation framework designed to assist with lateral movement within active directory environments. Amnesiac is being developed to bridge a gap on Windows OS, where post-exploitation frameworks are not readily available...
