Tweetovi

Blokirali ste korisnika/cu @PetrBenes

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @PetrBenes

  1. Prikvačeni tweet
    17. kol 2018.

    I hope I'm not too late to the party, but here's my take at hypervisors - meet hvpp, the simple x64/VT-x hypervisor for Windows. Repo includes example which shows CPUID interception and hiding of user-mode hooks via EPT.

    Poništi
  2. proslijedio/la je Tweet
    29. sij

    – Kamarádce píše počítač nějakou chybu. Můžeš jí poradit? – A jakou? – Prý nějaký error. – Bych potřeboval vědět přesně co to píše. – Já jí řeknu ať mi to napíše.

    Poništi
  3. 29. sij

    TIL there's practically no easy silver bullet in getting "real parent" when process was created using DCOM (C08AFD90-...). Sure, DLL hooking might help you but it also can be fooled. What the heck. Few other RPC/LPC methods suffer from this as well. MSI server is my favorite.

    Poništi
  4. 23. sij

    Besides VS_VERSION_INFO & PE signature check - can anyone think of "good enough" and fast heuristic by which you can recognize Microsoft's PE file (e.g. DLLs in System32)?

    Poništi
  5. proslijedio/la je Tweet
    20. sij

    The 7th part of the tutorial Hypervisor From Scratch is published! In this part, I described EPT. Thanks to Petr as Hypervisor From Scratch could never have existed without his help and to Alex for patiently answering my questions.

    Poništi
  6. proslijedio/la je Tweet
    16. sij

    After a lot of work and some crypto-related delays, I couldn't be more proud to publish 's and mine latest research - The complete overview of CET internals on Windows (so far!):

    Poništi
  7. proslijedio/la je Tweet
    17. sij

    My blog post about CVE-2020-0601 is online! I hope you guys enjoy it, I didn't sleep for 2 days now, pardon me if I made some mistakes :) Feel free to point out any mistakes!

    Prikaži ovu nit
    Poništi
  8. 17. sij

    Related: any tips for clustering them based on similarity? I'm doing on it overnight and I have no idea what to expect. Is there anything better?

    Poništi
  9. 16. sij

    Any tips for indexing ~1TB of .txt files? Grepping is quite unuseful at this point. I think indexing for searching simple one-word strings is sufficient. Also it'd be a nice plus if that indexing could somehow print number of references.

    Poništi
  10. 8. sij

    MSDN states, that you shouldn't do "heavy operations" in the ProcessCreateNotifyRoutine/LoadImageNotifyRoutine () I dared to disobey this advice and oh boy, the BSODs I got are one of the most crazy and non-sensical I had ever seen.

    Poništi
  11. 4. sij

    4 days into new decade and I might've discovered the best feature for me already.

    Poništi
  12. 31. pro 2019.

    Is there any way how to schedule callback _into specific thread of specific process_ that runs at PASSIVE_LEVEL in kernel mode? I need to run ZwQueryInformationProcess(ProcessDeviceMap), but I'm at APC_LEVEL and it returns STATUS_INVALID_PARAMETER if I don't pass NtCurrentProcess

    Poništi
  13. 28. pro 2019.

    Question about %SystemRoot% and %SystemDrive%: Is there a guarantee that SystemRoot is ALWAYS on the SystemDrive? ...either that, or is there any way how to get SystemDrive from Windows Driver?

    Poništi
  14. 26. pro 2019.

    Tip: if you have C++ template function for different char type (char/wchar_t) and you're trying to "if constexpr" stuff like strlen/wcslen/strcmp/wcscmp, consider using std::char_traits<CharT>::length()/::compare(), ... It's constexpr, too!

    Poništi
  15. 24. pro 2019.

    I hope I'm not the only one who uses spreadsheets to convert C enums to Python dicts.

    Poništi
  16. proslijedio/la je Tweet
    20. pro 2019.

    We just updated the executive callback repo with a research on the callback used by PatchGuard

    Poništi
  17. 12. pro 2019.
    Poništi
  18. 11. pro 2019.

    A very short observation of the new NtContinueEx syscall and the new parameter it accepts, KCONTINUE_ARGUMENT. cc

    Poništi
  19. 11. pro 2019.
    Poništi
  20. 10. pro 2019.

    There was nobody to motivate me, nobody to share passion with, quite poor and quite anti-tech family on top of that... That's why I can't thank enough all the people that have ever supported me. It was (and still is) hell of a ride, I could DoS twitter with the stories.

    Prikaži ovu nit
    Poništi
  21. 10. pro 2019.

    Downloaded tutorials on floppy disks in neighborhood library that was opened 2x/week and reading them at home, because we've had no Internet for several years. No google, no stack overflow, If I didn't know something, I had to figure it out on my own or wait for another Tuesday.

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·