Wika Lee

Some study notes on LSASS hooking for harvesting interactive logon credentials. https://ired.team/offensive-security/credential-access-and-credential-dumping/intercepting-logon-credentials-by-hooking-msv1_0-spacceptcredentials … Thanks to @_xpn_ for his inspiring posts about mimikatz.

New article! Anti-virus Exploitation: Malwarebytes 4.0.4 - Protection Not Found - Hijacking Malwarebytes via COM IPChttps://0x00sec.org/t/anti-virus-exploitation-malwarebytes-4-0-4-protection-not-found-hijacking-malwarebytes-via-com-ipc/18766 …

Sharing my analyses on the recent malware that targeted #Citrix instances, categorized by #FireEye as #NOTROBIN. Using #Cutter of course . https://soolidsnake.github.io/2020/01/17/citrix_malware.html … #MalwareAnalyses #NOTROBIN

RDP to RCE: When Fragmentation Goes Wrong AKA: What we know about CVE-2020-0609 and CVE-2020-0610.https://www.kryptoslogic.com/blog/2020/01/rdp-to-rce-when-fragmentation-goes-wrong/ …

Just published a blog explaining the root cause of the recent #win10 crypto vulnerability (CVE-2020-0601 / #curveball ?) using some "Load Bearing Analogies" to make it more accessible. CC: @tqbf @grittygrease @dakamihttps://medium.com/zengo/win10-crypto-vulnerability-cheating-in-elliptic-curve-billiards-2-69b45f2dcab6 …

Take a look at this blog https://darvincitech.wordpress.com/2020/01/07/security-hardening-of-android-native-code … on how to harden your native Android library using O-LLVM obfuscator, replacing libc with syscalls. #Android #AndroidSecurity #MobileSecurity #obfuscate #frida

Here is my blog post discussing different mechanisms for detecting frida for Android apps https://darvincitech.wordpress.com/2019/12/23/detect-frida-for-android/ … #MobileSecurity #AndroidSecurity #frida