Source Byte

GOAD - part 14 - ADCS 5/7/9/10/11/13/14/15 P.S. In the previous blog post on ADCS (Goad Pwning Part 6), ESC1, ESC2, ESC3, ESC4, ESC6, and ESC8 were exploited.

Tempted to Classifying APT Actors: Practical Challenges of Attribution in the Case of Lazarus’s Subgroup

Astral-PE is a low-level mutator (headers obfuscator and patcher) for Windows PE files (.exe, .dll) that rewrites structural metadata after protection — without breaking execution. It does not pack, encrypt or inject. Instead, it mutates low-hanging but critical structures like timestamps, headers, section flags, debug info, import/export names, and more.

دیدم از افتا تشکر کردن بعد یک عمر یک گزارش داده ولی گویا افتا رول‌های کسپر دزدیده ریپلیس کرده اسم خودش گذاشته! خدایی اونجا یکتون بلد نیستید یارا رول بنویسه🤔

I regularly have people ask me about tools I use in my investigations so here’s a comprehensive list: Cielo - Wallet Tracking (EVM, Bitcoin, Solana, Tron, etc) TRM - Create graphs for addresses/transactions MetaSuites - Chrome extension that adds additional data on block explorers OSINT Industries - email/username/phone lookups LeakPeek - db lookups Snusbase - db lookups Intelx - db lookups Spur - IP lookups Cavalier (Hudson Rock) - Infostealer lookups Impersonator - Chrome extension to spoof login to dApps MetaSleuth - Similiar to TRM but intended for retail users Arkham - Multichain block explorer, entity labels, create graphs, alerts Obsidian - Create flow charts / diagrams Wayback Machine - archive web pages Archive Today - archive web pages Etherscan/Solscan - block explorer for EVM / Solana Blockchair - bitcoin block explorer Range - CCTP bridge explorer Pulsy - bridge explorer aggregator Socketscan - EVM bridge explorer Dune - Analytics platform to query blockchain data Mugetsu - X/Twitter username history & meme coin lookups TelegramDB Search Bot - Basic Telegram OSINT Discord[.]ID - Basic Discord account info CryptoTaxCalculator -Track PNL for an address Note: I am not paid by these platforms to mention them and do not have referral links to share

while reviewing sans CTI summit 2025 i see this interesting talk : "Advanced Threat Research Methodologies: Unraveling a Triple-APT Intrusion" . (by Tom Fakterman & Lior Rochberger ) which they discuss above attack 👀 and how did they cluster this attack don't miss it

Red-Blue Confrontation - Office ASR Bypass https://ring0rl.github.io/posts/%E7%BA%A2%E8%93%9D%E5%AF%B9%E6%8A%97-office-ASR-Bypass/

Bypass Windows Defender Attack Surface Reduction https://blog.sevagas.com/IMG/pdf/bypass_windows_defender_attack_surface_reduction.pdf

I wish I know Russian But Google translate is fine

Too lazy to write my own 👀

🌸✨ Happy Nowruz! ✨🌸 Wishing everyone a bright and joyful Nowruz filled with fresh beginnings, happiness, and success! 🌱🔥 May this new year bring you and your loved ones health, prosperity, and countless moments of peace and celebration. #Nowruz #Iranian_New_Year

!exploitable Episode Two - Enter the Matrix 🔗 Link #binary #exploitation #SSHNuke ——— 🆔 @Infosec_Fortress

AMSI Write Raid Bypass Vulnerability bypass AMSI without the VirtualProtect API and without changing memory protection

what is Windows software trace preprocessor (WPP)? MSDN Data Source Analysis and Dynamic Windows RE using WPP and TraceLogging