내가 좋아할 만한 콘텐츠
Wrote a blog about creating an early exception handler for hooking and threadless process injection without relying on VEH or SEH. You can definitely use it for more than what is described in the post, enjoy :) kr0tt.github.io/posts/early-ex…
It looks like an executable file with a .jpg extension from the early 2000s. But no! This is a method to create persistence with a non-existent executable file to bypass #antimalware #PenTesting #BlueTeam
Another hoontr find: tprtdll.dll (like so many others) exposes some Nt/Rtl/Zw functions. It doesn't redirect to ntdll, instead it makes the syscall itself - so you can call something like NtAllocateVirtualMemoryEx without ever touching ntdll! PoC: github.com/whokilleddb/fu…
#redteam Hey, look! Windows with two "System32" folders.😲 Hey, keep looking at this! A process loads the same DLL twice and keeps both instances in memory.😲 #malware #blueteam
Black Hat Bonus: Learn more about @kyleavery_ 's research on training self-hosted LLMs to generate evasive malware and creation of a 7B parameter model that generates evasive Cobalt Strike shellcode loaders able to bypass Microsoft Defender for Endpoint. ow.ly/1EUf50WBI5e
#redteam If you name the file long enough, your file will vanish from the Process Explorer Lower Pane. 😂 #blueteam #pentest
Out Of Control: How KCFG and KCET Redefine Control Flow Integrity in the Windows Kernel by @33y0re i.blackhat.com/BH-USA-25/Pres…
Nice trick showing that the very same zip can be seen differently by two different programs. I've examined how this quirk could help us in zip path traversal attacks: blog.isec.pl/disguises-zip-…
Want to learn about Chrome exploitation and the role of WebAssembly in it? In our new article, we'll break down the world of WASM, how it interacts with V8, and use CVE-2024-2887 as a case study to show how flaws in WASM can lead to RCE. Read it here: ssd-disclosure.com/an-introductio…
Dropped a PoC demonstrating how to leverage “IOCTL_VOLSNAP_DELETE_SNAPSHOT” (0x53C038) to delete Windows shadow copies github.com/NUL0x4C/IOCTL_…
Announcing our whitepaper on the future of endpoint security. preludesecurity.com/runtime-memory…
''Windows Inter Process Communication A Deep Dive Beyond the Surface - Part 2'' #infosec #pentest #redteam #blueteam sud0ru.ghost.io/windows-inter-…
This was kinda interesting to run into in the wild - the developer of this malware wanted to to terminate all TCP connections of a process via the TCP table. Instead of using SetTcpEntry, they reimplemented the entire function by copying the underlying implementation from…
Here are the links to the recordings of my prior two webinars: Debug of Hyper-V, Secure Kernel, VBS Enclaves, Defender, and other secrets: attendee.gotowebinar.com/recording/3590… and Advanced Threat Analysis and Reverse Engineering using AI: attendee.gotowebinar.com/recording/4436…
New Chrome App-Bound Encryption Decryption, centered on a new evasion paradigm: Direct Syscall-Based Reflective Hollowing. 👻 Hollowing > Attaching: The entire injection workflow now targets CREATE_SUSPENDED processes. This gives uncontested control of the address space,…
I don't know which update specifically, but in a recent update of 24H2 it looks like the Win32k system call table is protected by Kernel Data Protection (read-only SLAT entry)! I believe CI!g_CiOptions and msseccore's SecKdpSe PE section were the only things using it before.
Bypassing AMSI with your own custom COM interfaces inside CLR process - an excellent piece by Joshua Magri (@passthehashbrwn). The custom implementation allows to allocate and load assemblies from memory and invoke Load_2() method instead of typical call to Load_3(). This…
United States 트렌드
- 1. Good Saturday 20.5K posts
- 2. Emiru 10.2K posts
- 3. Dodgers 274K posts
- 4. Ohtani 232K posts
- 5. #dominATE_celebrATE 46.9K posts
- 6. World Series 64.5K posts
- 7. Massie 35.1K posts
- 8. Babe Ruth 3,766 posts
- 9. Carson Beck 17K posts
- 10. #HeartofTaehyung 45.9K posts
- 11. Louisville 29.2K posts
- 12. TOP CALL 9,926 posts
- 13. Sam Harris 1,306 posts
- 14. FDV 5min 3,034 posts
- 15. Nebraska 17.6K posts
- 16. TwitchCon 26.4K posts
- 17. Talus 15.4K posts
- 18. AI Alert 8,609 posts
- 19. FDV Surge Alert N/A
- 20. George Santos 92.5K posts
Something went wrong.
Something went wrong.