MaN0ks

@MAn0kS

programming, windows , kernel, rev engg, exploitation and everything in between

Vrijeme pridruživanja: ožujak 2010.

Tweetovi

Blokirali ste korisnika/cu @MAn0kS

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @MAn0kS

  1. proslijedio/la je Tweet
    26. sij
    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    16. sij

    If you’re tired of hearing about crypto32, elliptic curves, and other CVE-2020-0601 shenanigans, have a read over our new blog post on Windows’ Intel CET implementation in the face of SetThreadContext and NtContinue. Come for the exploit mitigation, stay for the XState Internals.

    Poništi
  3. proslijedio/la je Tweet
    12. pro 2019.

    Learn how to exploit Symantec Endpoint Protection on all versions of Windows (CVE-2019-12750). Part 2 of this series by delves into a more advanced method of exploitation!

    Poništi
  4. proslijedio/la je Tweet
    8. pro 2019.

    Some notes after exploring the Interrupt Descriptor Table in Windows Kernel

    Poništi
  5. proslijedio/la je Tweet
    8. stu 2019.

    If you missed my Windows Security Internals talk (or just want to relive the memories) it's available online!

    Poništi
  6. proslijedio/la je Tweet
    8. stu 2019.

    Second part of my kernel hacking mini-series: "Bypassing kernel function pointer integrity checks"

    Poništi
  7. proslijedio/la je Tweet
    23. lis 2019.
    Poništi
  8. proslijedio/la je Tweet
    19. lis 2019.

    Just published my latest project "ByePg", exposing an entirely new attack surface to PatchGuard/NT and bringing 's InfinityHook back:

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    15. lis 2019.

    Assessing the Effectiveness of a New Security Data Source: Windows Defender Exploit Guard and were wizards at assessing and deploying this in the env! Event fields thoroughly documented here:

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    11. lis 2019.

    If you're able to ingest ETW events, Microsoft-Windows-Kernel-Audit-API-Calls Event ID 5 captures _all_ requested process handles (including PsOpenProcess return code). Sysmon event ID 10 only captures process handles that were actually granted.

    Poništi
  11. proslijedio/la je Tweet
    10. lis 2019.

    Security Descriptor Auditing Methodology: Investigating Event Log Security In this post, I establish my process for identifying access rights, determining default security, consideration of abuse implications, audit automation, and SACL research. Enjoy!

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    9. lis 2019.

    Recently I have been working on mapping Window API calls to event IDs within Sysmon. Today I am releasing this project and a blog to talk about this more! Project: Blog:

    Poništi
  13. proslijedio/la je Tweet
    2. lis 2019.

    It’s about time... first device ships with the Microsoft hypervisor on by default! And on ARM64!

    Poništi
  14. proslijedio/la je Tweet
    1. lis 2019.

    Understanding and Defending Against Access Token Theft: Finding Alternatives to winlogon.exe via

    Poništi
  15. proslijedio/la je Tweet
    18. ruj 2019.

    Releasing a new tool to aide in Sysmon evasion, Shhmon () with an associated blog post including defensive recommendations

    Poništi
  16. proslijedio/la je Tweet
    19. ruj 2019.

    Happy to release the Threat Hunting with ETW events and  series! Part I: 🏄‍♀️🏄‍♂️ Installing SilkETW to consume events via the event log locally is out! Next, Shipping events to 😱 Thank you ⚔️

    Poništi
  17. proslijedio/la je Tweet

    The Linux Security Summit North America 2019 videos are published!

    Poništi
  18. proslijedio/la je Tweet
    16. ruj 2019.

    In June members of the team introduced a new attack called: Process Reimaging. Today I am releasing a blog on how to detect this behavior inside of an environment! Thank you to for his POC code.

    Poništi
  19. proslijedio/la je Tweet
    28. kol 2019.
    Poništi
  20. proslijedio/la je Tweet
    28. kol 2019.
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·