FFE4
@KernelDBG
I'm a virus analyst focus on Windows Security Research,Exploit Development
You might like
Wrote a blog about creating an early exception handler for hooking and threadless process injection without relying on VEH or SEH. You can definitely use it for more than what is described in the post, enjoy :) kr0tt.github.io/posts/early-ex…
It looks like an executable file with a .jpg extension from the early 2000s. But no! This is a method to create persistence with a non-existent executable file to bypass #antimalware #PenTesting #BlueTeam
Another hoontr find: tprtdll.dll (like so many others) exposes some Nt/Rtl/Zw functions. It doesn't redirect to ntdll, instead it makes the syscall itself - so you can call something like NtAllocateVirtualMemoryEx without ever touching ntdll! PoC: github.com/whokilleddb/fu…
#redteam Hey, look! Windows with two "System32" folders.😲 Hey, keep looking at this! A process loads the same DLL twice and keeps both instances in memory.😲 #malware #blueteam
Black Hat Bonus: Learn more about @kyleavery_ 's research on training self-hosted LLMs to generate evasive malware and creation of a 7B parameter model that generates evasive Cobalt Strike shellcode loaders able to bypass Microsoft Defender for Endpoint. ow.ly/1EUf50WBI5e
#redteam If you name the file long enough, your file will vanish from the Process Explorer Lower Pane. 😂 #blueteam #pentest
Out Of Control: How KCFG and KCET Redefine Control Flow Integrity in the Windows Kernel by @33y0re i.blackhat.com/BH-USA-25/Pres…
Nice trick showing that the very same zip can be seen differently by two different programs. I've examined how this quirk could help us in zip path traversal attacks: blog.isec.pl/disguises-zip-…
Want to learn about Chrome exploitation and the role of WebAssembly in it? In our new article, we'll break down the world of WASM, how it interacts with V8, and use CVE-2024-2887 as a case study to show how flaws in WASM can lead to RCE. Read it here: ssd-disclosure.com/an-introductio…
Dropped a PoC demonstrating how to leverage “IOCTL_VOLSNAP_DELETE_SNAPSHOT” (0x53C038) to delete Windows shadow copies github.com/NUL0x4C/IOCTL_…
Announcing our whitepaper on the future of endpoint security. preludesecurity.com/runtime-memory…
''Windows Inter Process Communication A Deep Dive Beyond the Surface - Part 2'' #infosec #pentest #redteam #blueteam sud0ru.ghost.io/windows-inter-…
This was kinda interesting to run into in the wild - the developer of this malware wanted to to terminate all TCP connections of a process via the TCP table. Instead of using SetTcpEntry, they reimplemented the entire function by copying the underlying implementation from…
Here are the links to the recordings of my prior two webinars: Debug of Hyper-V, Secure Kernel, VBS Enclaves, Defender, and other secrets: attendee.gotowebinar.com/recording/3590… and Advanced Threat Analysis and Reverse Engineering using AI: attendee.gotowebinar.com/recording/4436…
New Chrome App-Bound Encryption Decryption, centered on a new evasion paradigm: Direct Syscall-Based Reflective Hollowing. 👻 Hollowing > Attaching: The entire injection workflow now targets CREATE_SUSPENDED processes. This gives uncontested control of the address space,…
I don't know which update specifically, but in a recent update of 24H2 it looks like the Win32k system call table is protected by Kernel Data Protection (read-only SLAT entry)! I believe CI!g_CiOptions and msseccore's SecKdpSe PE section were the only things using it before.
Bypassing AMSI with your own custom COM interfaces inside CLR process - an excellent piece by Joshua Magri (@passthehashbrwn). The custom implementation allows to allocate and load assemblies from memory and invoke Load_2() method instead of typical call to Load_3(). This…
United States Trends
- 1. Good Sunday 52.3K posts
- 2. #sundayvibes 4,488 posts
- 3. #FrancisLibiran 93.9K posts
- 4. #SB19FastZoneConcert 74.4K posts
- 5. #pw_mg 13.2K posts
- 6. #sundaymotivation 2,058 posts
- 7. Barcelona 129K posts
- 8. Talus Labs 13.7K posts
- 9. HAN SOLO OST OUT NOW 11.7K posts
- 10. Cambodia 30.4K posts
- 11. Malaysia 144K posts
- 12. Madrid 253K posts
- 13. Brian Kelly 18.4K posts
- 14. Mayu 18.7K posts
- 15. Thailand 133K posts
- 16. Gronk 1,929 posts
- 17. Deion 2,646 posts
- 18. Emiru 25.3K posts
- 19. Oprah 4,588 posts
- 20. Mizkif 28.3K posts
Something went wrong.
Something went wrong.