Interesting write up on using vulnerable drivers to read the raw disk of a Windows system and extract files without ever touching those files directly. This subsequently allows the reading of sensitive files, such as the SAM.hive, SYSTEM.hive, and NTDS.dit, while also completely avoiding detection from EDR.

Walkthrough showcasing how the EvilSlackbot red team framework can be used to send simulated phishing messages, malicious files, and search for leaked secrets within Slack Workspaces.

I created this Slack attack framework for red teams and pentesters conducting Phishing simulations within Slack workspaces. EvilSlackbot utilizes xoxb bot tokens and allows you to send Spoofed bot messages, phishing links, files, and search Slack for leaked secrets via a keyword search.

This tool can also be used to automate slack phishing exercises, by feeding EvilSlackbot a list of emails you would like to test by sending them simulated phishing messages.