Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @PetrBenes
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @PetrBenes
-
Prikvačeni tweet
I hope I'm not too late to the party, but here's my take at hypervisors - meet hvpp, the simple x64/VT-x hypervisor for Windows. https://github.com/wbenny/hvpp Repo includes example which shows CPUID interception and hiding of user-mode hooks via EPT.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Petr Beneš proslijedio/la je Tweet
– Kamarádce píše počítač nějakou chybu. Můžeš jí poradit? – A jakou? – Prý nějaký error. – Bych potřeboval vědět přesně co to píše. – Já jí řeknu ať mi to napíše.pic.twitter.com/4Kw2ueylyx
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
TIL there's practically no easy silver bullet in getting "real parent" when process was created using DCOM (C08AFD90-...). Sure, DLL hooking might help you but it also can be fooled. What the heck. Few other RPC/LPC methods suffer from this as well. MSI server is my favorite.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Besides VS_VERSION_INFO & PE signature check - can anyone think of "good enough" and fast heuristic by which you can recognize Microsoft's PE file (e.g. DLLs in System32)?
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Petr Beneš proslijedio/la je Tweet
The 7th part of the tutorial Hypervisor From Scratch is published! In this part, I described EPT. Thanks to Petr
@PetrBenes as Hypervisor From Scratch could never have existed without his help and to Alex@aionescu for patiently answering my questions.https://rayanfam.com/topics/hypervisor-from-scratch-part-7/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Petr Beneš proslijedio/la je Tweet
After a lot of work and some crypto-related delays, I couldn't be more proud to publish
@aionescu's and mine latest research - The complete overview of CET internals on Windows (so far!): http://windows-internals.com/cet-on-windows/Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Petr Beneš proslijedio/la je Tweet
My blog post about CVE-2020-0601 is online! I hope you guys enjoy it, I didn't sleep for 2 days now, pardon me if I made some mistakes :) Feel free to point out any mistakes!https://blog.layle.io/uncovering-cve-2020-0601/ …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Related: any tips for clustering them based on similarity? I'm doing https://github.com/bwall/ssdc on it overnight and I have no idea what to expect. Is there anything better?https://twitter.com/PetrBenes/status/1217907402726658048 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Any tips for indexing ~1TB of .txt files? Grepping is quite unuseful at this point. I think indexing for searching simple one-word strings is sufficient. Also it'd be a nice plus if that indexing could somehow print number of references.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
MSDN states, that you shouldn't do "heavy operations" in the ProcessCreateNotifyRoutine/LoadImageNotifyRoutine (https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/windows-kernel-mode-process-and-thread-manager …) I dared to disobey this advice and oh boy, the BSODs I got are one of the most crazy and non-sensical I had ever seen.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
4 days into new decade and I might've discovered the best feature for me already.pic.twitter.com/zsswZp6qBL
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Is there any way how to schedule callback _into specific thread of specific process_ that runs at PASSIVE_LEVEL in kernel mode? I need to run ZwQueryInformationProcess(ProcessDeviceMap), but I'm at APC_LEVEL and it returns STATUS_INVALID_PARAMETER if I don't pass NtCurrentProcess
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Question about %SystemRoot% and %SystemDrive%: Is there a guarantee that SystemRoot is ALWAYS on the SystemDrive? ...either that, or is there any way how to get SystemDrive from Windows Driver?
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Tip: if you have C++ template function for different char type (char/wchar_t) and you're trying to "if constexpr" stuff like strlen/wcslen/strcmp/wcscmp, consider using std::char_traits<CharT>::length()/::compare(), ... It's constexpr, too!
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I hope I'm not the only one who uses spreadsheets to convert C enums to Python dicts.pic.twitter.com/5xTDjvJLSw
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Petr Beneš proslijedio/la je Tweet
We just updated the executive callback repo with a research on the callback used by PatchGuard
@0xcpuhttps://github.com/0xcpu/ExecutiveCallbackObjects/tree/master/542875F90F9B47F497B64BA219CACF69 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
In case you missed this month old news like me:https://www.neowin.net/news/exclusive-microsoft-is-working-to-bring-64-bit-intel-app-emulation-to-windows-on-arm/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
A very short observation of the new NtContinueEx syscall and the new parameter it accepts, KCONTINUE_ARGUMENT. https://gist.github.com/wbenny/0d2269a8ae93c420d013632dc2cd432f … cc
@zwcloseHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
There was nobody to motivate me, nobody to share passion with, quite poor and quite anti-tech family on top of that... That's why I can't thank enough all the people that have ever supported me. It was (and still is) hell of a ride, I could DoS twitter with the stories.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Downloaded tutorials on floppy disks in neighborhood library that was opened 2x/week and reading them at home, because we've had no Internet for several years. No google, no stack overflow, If I didn't know something, I had to figure it out on my own or wait for another Tuesday.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.