Crypt0s

@Crypt0s

Web Applications for breakfast, Protocols for Lunch, and Python for dinner. I love hacking and radios and hacking radios.

Maryland, USA
Vrijeme pridruživanja: srpanj 2009.

Tweetovi

Blokirali ste korisnika/cu @Crypt0s

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @Crypt0s

  1. Prikvačeni tweet
    29. pro 2018.

    Confused about DMR? Fustrated you can't get your hotspot configured? Need some help? Here is a quick tutorial:

    Poništi
  2. 4. velj

    Excited to announce that starting Feb. 14th I will become a part of ’s excellent team!

    Poništi
  3. proslijedio/la je Tweet
    3. velj
    Poništi
  4. 2. velj

    Shmoocon was amazing, totally loved seeing my peeps out there, y’all make the con fun

    Poništi
  5. 31. sij

    I am at Shmoocon

    Poništi
  6. 29. sij

    At some point I will update the reader with how to compile the project please bear with me I basically posted it as soon as I had permission

    Prikaži ovu nit
    Poništi
  7. 29. sij

    It’s not enough to detect every OpenThread call without additional filtering or heuristics and/or whitelisting/blacklisting but it is a good start.

    Prikaži ovu nit
    Poništi
  8. 29. sij

    Sysmon for some reason doesn’t monitor OpenThread() between two different PIDs! And it’s not open source. Carbon black does but it does happen fairly frequently and it is also not open. So I cribbed a Microsoft example and wrote a driver:

    Prikaži ovu nit
    Poništi
  9. 29. sij

    Cross process calls are things like OpenThread, OpenProcess, that kind of thing. They all open handles to processes, which calls the callbacks registered to ObRegisterCallback in the kernel. This is what Sysmon and Carbon Black use to monitor cross process events. But...

    Prikaži ovu nit
    Poništi
  10. 29. sij

    So in order to detect stack bombing, you need to register a callback with the Windows kernel which is called every time a handle is created. This is called ObRegisterCallback() This will receive information about the originating PID and the targeted PID for Cross-Process calls

    Prikaži ovu nit
    Poništi
  11. 28. sij

    Broke: Checkbox security Woke: Nessus and Chill

    Poništi
  12. 28. sij

    PInjectra’s Stack Bombing Process Injection example was only the beginning. I wrote a practical implementation of it that performs process migration using shared Memory, self-loading/linking DLLs, and an RWX ROP chain. Also included: a detection for it

    Poništi
  13. 28. sij

    It is released along with a driver which registers a cross-process event monitoring driver that generates windows logs on process events like Sysmon (but better because it does it for all cross process events)

    Prikaži ovu nit
    Poništi
  14. 28. sij

    It’s not detectable by CarbonBlack unless you’re gonna alert on every OpenThread() call. But in researching this I found out how CarbonBlack and Sysmon do Cross Process event monitoring and I may release a driver which does it as a small example utility.

    Prikaži ovu nit
    Poništi
  15. 28. sij

    My practical implementation of Stack Bombing (the new process injection technique from Blackhat 2019) has been approved for release by Booz Allen. It’s neat - I use shared memory to write a self-linking/loading binary image from one process to another after a ROP chain does RWX

    Prikaži ovu nit
    Poništi
  16. 20. sij

    A lot of Baofeng and even a DMR radio at the Virginia gun “event” today. Wonder what they have to say over the air. Any Hams down there listening in?

    Poništi
  17. proslijedio/la je Tweet
    20. sij

    LGBT+ freindly replacements for most tech terms. :3 * Master / Slave -> Dom / Sub * Black List / White List -> Poly / Mono * Male / Female -> Top / Bottom * RP-Male / RP-Female -> Service Top / Power Bottom

    Prikaži ovu nit
    Poništi
  18. 17. sij

    Pumped for Shmoocon. Actually have my crap sort of together for this one.

    Poništi
  19. 10. sij

    Whoa - so in the Early 90’s we thought oh snap it might be a bad thing to allow cell sniffers to work to collect customer data

    Poništi
  20. proslijedio/la je Tweet
    8. sij

    All of the Iranian provocations Trump just listed happened as a result of his withdrawal from the JCPOA and shift to "maximum pressure." They weren't happening while US was still in the agreement.

    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    2. sij

    a nice talk from , about using PE relocations for the purpose of obfuscation: Nick Cano - "Relocation Bonus - Attacking the Windows Loader Makes Analysts Switch Careers" :

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·