Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @Intel80x86
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @Intel80x86
-
Prikvačeni tweet
I decided to create a tutorial called "Reversing Windows Internals" and explain about Windows Internals. The first part describes about Handles, Callbacks and Hidden Callbacks and ObjectTypes in Windows Thanks to
@Dark_Puzzle for answering my questions.https://rayanfam.com/topics/reversing-windows-internals-part1/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Can't wait playing my friend's new game


https://twitter.com/MadnessStudio/status/1223887143472451586 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The 7th part of the tutorial Hypervisor From Scratch is published! In this part, I described EPT. Thanks to Petr
@PetrBenes as Hypervisor From Scratch could never have existed without his help and to Alex@aionescu for patiently answering my questions.https://rayanfam.com/topics/hypervisor-from-scratch-part-7/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Sinaei proslijedio/la je Tweet
Just finished writing my second windows kernel Practical Reverse Engineering solution: "Dumping DPC Queues: Adventures in HIGH_LEVEL IRQL"
Writing signatures for undocumented windows kernel stuff in HIGH_LEVEL IRQL sure is fun (BSODs are also fun)
https://repnz.github.io/posts/practical-reverse-engineering/dumping-dpc-queues/ …pic.twitter.com/3lguXVoMAF
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Sinaei proslijedio/la je Tweet
After a lot of work and some crypto-related delays, I couldn't be more proud to publish
@aionescu's and mine latest research - The complete overview of CET internals on Windows (so far!): http://windows-internals.com/cet-on-windows/Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Is it too early to expect a new Windows Research Kernel (WRK)?
#Windows7Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
If you wanna know how effective it is to have a cache in your processor, then set up a Windbg local debugging and then clear the 11th bit of the IA32_MTRR_DEF_TYPE MSR (0x2ff) and just you can't bear your computer anymore.
pic.twitter.com/bCahZA6P8R
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Sinaei proslijedio/la je Tweet
Things got kinda busy around Christmas time, but if anyone is interested, here is a quick blog post I did on a silently patched info leak in NtGdiEnsureDpiDepDefaultGuiFontForPlateau() which was patched in the November 2019 patches.https://versprite.com/blog/security-research/silently-patched-information-leak/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Sinaei proslijedio/la je Tweet
New blog post outlining how to use my .NET RPC Client tooling from PowerShell and C# to test and exploit local RPC security vulnerabilities. Also an early xmas present for those who enjoy long standing design flaws in UAC :-) https://googleprojectzero.blogspot.com/2019/12/calling-local-windows-rpc-servers-from.html …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Sinaei proslijedio/la je Tweet
So I translated to myself
@AmarSaar's article on Exploitation and the internals of Windows 10 RS5#LFH (Userspace), and Saar suggested I'll upload it for everyone, so why not :) I hope this helps as it helped me, thank you Saar!https://github.com/peleghd/Windows-10-Exploitation/blob/master/Low_Fragmentation_Heap_(LFH)_Exploitation_-_Windows_10_Userspace_by_Saar_Amar.pdf …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
(3/3) And then it would be possible to point to other _OBJECT_TYPEs like ALPC_OBJECT and trigger this vulnerability as it was possible to control the behavior of callbacks in these objects.pic.twitter.com/Z20PFJpPj0
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
(2/3) Take a look at the following slides from
@NTarakanov : http://www.powerofcommunity.net/poc2018/nikita.pdf … Seems that if they didn't XORed TypeIndex with nt!ObHeaderCookie , then it was possible to modify the nt!_OBJECT_HEADER.TypeIndex of each object (for example in the case of a pool overflow),pic.twitter.com/1fviLAvkCo
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
(1/3) If you read the first part of "Reversing Windows Internals" then you probably read this paragraph: in or example we see that (TypeIndex : 0x7a) and its index is not 0x7a! It turns out that in Windows 10 they decided to not directly point to the index Let me tell you why !pic.twitter.com/2gn4MDm1XW
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thanks to
@aionescu and@yarden_shafir, I added 3 updates to my recently published post. If you've read it before, you can search for "update 1" and see the updates.
https://twitter.com/Intel80x86/status/1203957055993864192 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
cc
@hasherezade , you might be interested in thisPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Wow, this classification about process injection APIs is amazing
https://twitter.com/NirYeho/status/1198938529725865984 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[7/7] The PoC for IOCTL and sample config that bypasses Sysmon is here :https://github.com/SinaKarvandi/Process-Magics/tree/master/Bypass%20Sysmon%20With%20Updating%20Rules …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[6/7] So if you’re a security product developer you have to consider any changes to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SysmonDrv\Parameters as a critical indicator of an attack. \
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[5/7] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SysmonDrv\Parameters in the registry which is responsible for Sysmon configuration and at last, I execute the following PoC and it completely bypasses Sysmon \pic.twitter.com/rPiBnAkHmn
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
