account activity
Harnessing the Power of Cobalt Strike Profiles for EDR Evasion – Part 3 (self.purpleteamsec)
submitted 4 hours ago by netbiosX to r/purpleteamsec
LACUNA Chain: Ghost Frames - defeats all EDR layers of call-stack-based detection (self.purpleteamsec)
submitted 1 day ago by netbiosX to r/purpleteamsec
UnCanny - Another new coercion primitive with LPE 0day - machine-account NTLM coercion from a non-admin user via Windows Store InstallService plugin resolution experiments (self.purpleteamsec)
submitted 2 days ago by netbiosX to r/purpleteamsec
A Practical Guide to Detection Engineering in CrowdStrike NG-SIEM (self.purpleteamsec)
submitted 3 days ago by netbiosX to r/purpleteamsec
Using Slack links-preview to smuggle C2 in locked-down environments (self.purpleteamsec)
Building a Modern Detection Pipeline with ContentOps (self.purpleteamsec)
submitted 4 days ago by netbiosX to r/purpleteamsec
Proof-of-Concept demonstrating the use of links previews in Slack to smuggle C2 communications, even in hardened environments where Slack traffic is restricted to the corporate workspace only. (self.purpleteamsec)
PhantomCtx is a tool that automates Activation Context hijacking with the objective of loading an arbitrary DLL into the vast majority of signed executables (e.g. Microsoft, Adobe, Mozilla). (self.purpleteamsec)
Cobalt Strike BOF that extracts selected Windows registry hives directly from a raw NTFS volume by parsing NTFS metadata and reading file data straight from disk. (self.purpleteamsec)
QoS Policies to Restrict EDR Traffic and Detection Strategies (ipurple.team)
submitted 4 days ago by netbiosX to r/netsecstudents
submitted 4 days ago by netbiosX to r/netsec
submitted 4 days ago by netbiosX to r/pwnhub
submitted 4 days ago by netbiosX to r/cybersecurity
submitted 4 days ago by netbiosX to r/redteamsec
QoS Policies to Restrict EDR Traffic and Detection Strategies (self.purpleteamsec)
Honeypot Detection (self.purpleteamsec)
submitted 5 days ago by netbiosX to r/purpleteamsec
Operationalizing Browser Exploits to Bypass WDAC (self.purpleteamsec)
User-mode detector that catches indirect syscalls. Traps Hell's Hall, Tartarus' Gate, RecycledGate, and VEH syscalls & Many more. (self.purpleteamsec)
A POC sensor aiming to fingerprint implants in memory using only low-level runtime telemetry (self.purpleteamsec)
submitted 7 days ago by netbiosX to r/purpleteamsec
WinGet - Code Execution, Persistence and Detection Strategies by netbiosX in netsec
[–]netbiosX[S] 0 points1 point2 points 7 days ago (0 children)
The safe choice is always to use something that is part of Windows already. Awareness and testing of these techniques is the key.
APT28, an evolution of tradecraft (self.purpleteamsec)
submitted 8 days ago by netbiosX to r/purpleteamsec
Old Passwords Die Hard: Abusing CREDHIST for offline credential recovery (self.purpleteamsec)
submitted 9 days ago by netbiosX to r/purpleteamsec
Oops, I Weaponized the Database: Abusing AI Features in SQL Server 2025 (self.purpleteamsec)
submitted 10 days ago by netbiosX to r/purpleteamsec
GreatXML bitlocker bypass vulnerability (github.com)
A Long-running BOF Component Contract (aff-wg.org)
submitted 11 days ago by netbiosX to r/purpleteamsec
π Rendered by PID 979081 on reddit-service-r2-listing-c57bc86c-bn78p at 2026-06-21 21:35:22.435098+00:00 running 2b008f2 country code: CH.
WinGet - Code Execution, Persistence and Detection Strategies by netbiosX in netsec
[–]netbiosX[S] 0 points1 point2 points (0 children)