The Wover

@TheRealWover

Designs "malware" to make the world safer.

Vrijeme pridruživanja: svibanj 2019.

Tweetovi

Blokirali ste korisnika/cu @TheRealWover

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @TheRealWover

  1. Prikvačeni tweet
    9. svi 2019.

    Introducing Donut, an x86 / x64 position-independent shellcode generation framework for loading .NET Assemblies from memory:

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet

    Also coming soon: Process Explorer dark mode

    Poništi
  3. proslijedio/la je Tweet
    2. velj

    SettingSyncHost.exe as a LolBin cd %TEMP% & c:\windows\system32\SettingSyncHost.exe -LoadAndRunDiagScript foo

    Poništi
  4. proslijedio/la je Tweet
    31. sij

    I'm glad someone finally took a chance on me and got me a job. After 5 years of getting nowhere in this industry (guess people didnt think my work had value for their company). Now I can finally learn new things and step up my game.

    Poništi
  5. proslijedio/la je Tweet
    31. sij

    Wrote a post on how to use GadgetToJScript with Covenant & Donut Thanks to for the answering my queries and helping me while exploring tool 🙏

    Poništi
  6. proslijedio/la je Tweet
    31. sij

    The code to execute in JS via "System.Runtime.InteropServices.RegistrationServices" here: You need to expose a static method public static void UnRegisterClass(string key) And of course you need an assembly object :) Cheers

    Poništi
  7. proslijedio/la je Tweet
    28. sij

    PInjectra’s Stack Bombing Process Injection example was only the beginning. I wrote a practical implementation of it that performs process migration using shared Memory, self-loading/linking DLLs, and an RWX ROP chain. Also included: a detection for it

    Poništi
  8. proslijedio/la je Tweet
    27. sij

    Move Faster, Stay Longer blog about extending CS and tools to go with it.

    Poništi
  9. proslijedio/la je Tweet
    27. sij

    If 's DotnetToJScript is blocked on newer versions of Windows or if it gets flagged by AMSI, you can use Excel automation via a COM object as an alternative to execute shellcode from JScript or VBScript w/o touching disk. PoC for x86 & x64 here:

    Poništi
  10. proslijedio/la je Tweet
    25. sij

    Just finished the writeup for my learning process to replicate the CVE-2019-19470, I also public the source code for exploit and a Masquerade-PEB C#. Hope you enjoy!

    Poništi
  11. proslijedio/la je Tweet
    25. sij

    A thread about my ego and how we can better serve in our industry. Story time... 1/9

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    24. sij

    modexp is one of my fav. researchers; while I often skim on details he is killing it with posts that combine an extensive and comprehensive research on interesting and often nuanced topics and a very well written narrative top quality right there

    Poništi
  13. proslijedio/la je Tweet
    24. sij

    Friends, We've added a new paper: Analyzing Modern Malware Techniques Part 1 by This paper dives into the abyss of fileless malware, more specifically, Kovter. It is an incredibly well written paper. Check it out. 11/10

    Poništi
  14. proslijedio/la je Tweet
    23. sij

    The malware repurposing lab was my favorite one from the PowerShell course. It was designed to tie all the reflection concepts together where the students build a script to interact with a subversive .NET binary that an analyst might overlook.

    Prikaži ovu nit
    Poništi
  15. 23. sij

    Dark mode should be default mode.

    Poništi
  16. proslijedio/la je Tweet
    21. sij

    We released a Red Teaming book! Red Team Development and Operations. It's been a crazy project that has existed in many forms. It started as simple notes, came together as a SANS class, and will now live as a book. Read about it here.

    Poništi
  17. proslijedio/la je Tweet
    21. sij

    When I was 8 learning to program alone in my room on my Commodore64, I dreamed of the day my friends would want to play the games I made. At the time, they just wanted to play Barbies. Around 1989 I dialed into a local BBS, & found lifelong friends. The Internet was our place.

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    21. sij

    Added 2 more PoC scripts to the OffensiveDLR repo. One of which embeds the SSharp Compiler within a Posh script (Can be easily embedded from within any .NET language.) SSharp code compilation does not call csc.exe :)

    Poništi
  19. proslijedio/la je Tweet
    20. sij

    Fellow hackers, you asked, we listened! Coming soon a lab to practice Active Directory attacks from Linux. Latest servers, interesting flags, dedicated lab for everyone, video walk-through and browser based access. cc

    Poništi
  20. proslijedio/la je Tweet
    20. sij

    Myself and are super excited to head out to BHIL to talk about covert injection tradecraft in .NET ☠️⚔️🛡️

    Poništi
  21. proslijedio/la je Tweet
    20. sij

    It's here!!! Tell your colleagues, tell your friends, tell your grandma.

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·