\\??\\a.exe

@LeetSteewie

0x80000003: STATUS_BREAKPOINT

Behind you
Vrijeme pridruživanja: veljača 2017.

Tweetovi

Blokirali ste korisnika/cu @LeetSteewie

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @LeetSteewie

  1. proslijedio/la je Tweet
    prije 18 sati

    FakeLogonScreen - A utility to fake the Windows logon screen in order to obtain the user's password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then saved to disk.

    Poništi
  2. proslijedio/la je Tweet
    2. velj

    Can your EDR detect symbolic link callback rootkits? Because ours sure as heck can't. and I wrote about these!

    Poništi
  3. proslijedio/la je Tweet
    29. sij

    1\ I've written a little compiler to ship ML models as standalone Yara rules, and done proof of concept detectors for Macho-O, RTF files, and powershell scripts. So far I have decision trees, random forests, and logistic regression (LR) working.

    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    29. sij
    Poništi
  5. proslijedio/la je Tweet
    2. velj

    KDU, Kernel Driver Utility - driver loader (and not only) bypassing Windows x64 Driver Signature Enforcement with support of various "functionality" providers - including Unwinder's RTCore,

    Poništi
  6. proslijedio/la je Tweet
    1. velj

    RE just retired from . As the creator of the box, I tried to bring phishing/macro obfuscation concepts to the initial access. The intended privescs were the WinRar ACE file exploit, and XXE in Ghidra. I'll show two unintended privescs too.

    Poništi
  7. proslijedio/la je Tweet
    1. velj

    is a C# utility to steal a user's password using a fake Windows logon screen. This password will then be validated and saved to disk. Useful in combination with 's execute-assembly command.

    Poništi
  8. proslijedio/la je Tweet
    1. velj

    Load encrypted PE from XML Attribute. MSBuild is still the best.😅 MSBuild sets Property then calls Execute. Use this example to decouple payloads & prove that all security products have a "Single File Bias". Decouple payloads to subvert detection.

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    30. sij

    in-memory traces of ppldump, exploiting zam64.sys vulndriver to dump lsass memory, cool stuff. sysmon will show a generic\noisy calltrace so detection chances here are low, if combined with lsass loading dbgcore.dll it may work.

    Poništi
  10. proslijedio/la je Tweet
    30. sij

    Unwinding RTCore - response to recent Unwinder claims and behavior related to vulnerabilities found in his RTCore driver which is a part of MSI Afterburner,

    Poništi
  11. proslijedio/la je Tweet
    29. sij
    Poništi
  12. proslijedio/la je Tweet
    29. sij
    Poništi
  13. proslijedio/la je Tweet
    28. sij

    New Blog Post from on Azure. Ryan discusses Azure and Azure AD's components, reviews some of the attacks, and release PowerZure to help understand the attacks. Link: PowerZure:

    Poništi
  14. proslijedio/la je Tweet
    28. sij
    Poništi
  15. proslijedio/la je Tweet
    28. sij

    Some Lateral Movement Methods: -Pass the Hash/Relay ((Net-)NTLM) -Pass the Ticket (Silver/Golden) -RDP (Legit creds) -Remote Services (VNC/SSH) -(D)COM (Remote sched tasks, Services, WMI) -Remote Service Vuln (EB) -Admin Shares (PSExec) -Webshell (Chopper) -WinRM (PS Remoting)

    Poništi
  16. proslijedio/la je Tweet
    28. sij
    Poništi
  17. proslijedio/la je Tweet
    27. sij

    Part one of "Unleashing the Power of : How to Get Started and Go Beyond the Basics" begins this Wednesday! Microsoft MVP will cover application whitelisting during his presentation and live demo.

    Poništi
  18. proslijedio/la je Tweet
    27. sij

    pwndrop - The new fast & fun way to set up an HTTP/WebDAV server for your payloads is coming! python -m SimpleHTTPServer may soon be retiring. Stay tuned! Here is a quick sneak peek:

    Poništi
  19. proslijedio/la je Tweet
    26. sij

    Some study notes on LSASS hooking for harvesting interactive logon credentials. Thanks to for his inspiring posts about mimikatz.

    Poništi
  20. proslijedio/la je Tweet
    24. sij

    Ever get a pointer to the middle of a struct? Just add the __shifted keyword to the variable's type definition!

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·