I used Claude to build ProxyGen, a multi-cloud WireGuard VPN tool. It needed tweaks but showed how far AI vibecoding can go, flaws and all.| ZephrSec - Adventures In Information Security
GoClipC2: A covert Windows clipboard-based C2 channel for VDI/RDP environments. Bypasses network monitoring with encrypted Base64 messaging.| ZephrSec - Adventures In Information Security
They say AI is the future, but what they meant was Andy Intelligence.| ZephrSec - Adventures In Information Security
Exploring Azure Arc’s overlooked C2aaS potential. Attacking and Defending against its usage and exploring usecases.| ZephrSec - Adventures In Information Security
Manipulating Git Histories to Obscure the Truth| ZephrSec - Adventures In Information Security
So you are performing your favourite kerberos attacks, such as pass the ticket, Public Key Cryptography for Initial Authentication (PKINIT), Shadow Credentials or Active Directory Certificate Services (AD CS) vulnerabilities but you run into a kerberos error and despite troubleshooting you're still none-the-wiser on what todo? Well here's a quick| ZephrSec - Adventures In Information Security
Using AI can be a great tool for adversarial engineering. This was just a bit of fun to see if it was possible todo and to learn more about automation but also proving you cannot trust git commit history nor can you trust dates of commits!| ZephrSec - Adventures In Information Security
Set up a Docker-based homelab with automation, monitoring & media tools like Plex, Sonarr & Portainer for easy management & scalability.| ZephrSec - Adventures In Information Security
2024 marks 13 years in security, 10 in offensive security, and 11 of blogging. This year has been about growth, learning, and sharing knowledge. From leadership insights to career reflections, this "year in review" celebrates technical contributions, personal achievements, and key milestones.| ZephrSec - Adventures In Information Security
Welcome to part 2 of my NUC cluster; in the first part, I explained how to deploy a cluster using proxmox and walked through the hardware setup and the rest of the connectors. In this part, we'll dive into building your own Active Directory Lab environment and show| ZephrSec - Adventures In Information Security
Introducing Living off the Land Searches (LOLSearches), using advanced search operators with SharePoint and Explorer to help in Red Teams.| ZephrSec - Adventures In Information Security
Explore my blog series on building a NUC cluster with Proxmox! Learn about connecting hosts, setting up tools, and avoiding pitfalls from my own build mistakes. Perfect for anyone keen on creating a home lab for testing attack paths and security tools. Dive in for practical insights!| ZephrSec - Adventures In Information Security
This post explores Windows Side-by-Side (WinSxS) and DLL hijacking, deep-diving some tooling I've written and some of the fun along the way.| ZephrSec - Adventures In Information Security
Blackvue cloud connected dashcams leak your location and allow anyone to view your video feed with a free account. Sort it out folks!| ZephrSec - Adventures In Information Security
Reflecting on my experiences with various leaders, managers, and bosses, I've gained insights into effective and ineffective leadership styles.| ZephrSec - Adventures In Information Security
If you find yourself on the path of leading a team, make sure you set critical baselines with your team. Always do what is best for your team and set them up for success.| ZephrSec - Adventures In Information Security
This post will go through some of the steps you can take as an individual to secure the accounts that mean the most to you.| ZephrSec - Adventures In Information Security
To this date, phishing is one of the most prevalent first stages of entry to an organisation, a lot of threat actors| ZephrSec - Adventures In Information Security
If you're reading this, it's a blog post that's not my regular write-up but more of an investigation and a hypothesis on the anatomy of a scam. I also put it together to raise awareness for those who read my blog and who might not be overtly technical-focused.| ZephrSec - Adventures In Information Security
BYODC or bring your own domain controller is a post-exploitation technique and another option for performing a DCSync in a more opsec safe manner.| ZephrSec - Adventures In Information Security