Assaf Carlsbad

@assaf_carlsbad

Security Researcher

Vrijeme pridruživanja: lipanj 2017.
6 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @assaf_carlsbad

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @assaf_carlsbad

  1. 9. lip 2019.

    About six months ago I signed up for a 10-day silent Vipassana course, but left on the 9th day with a bitter taste in my mouth. One day I'll write down my own negative experiences, but until I do I recommend reading this excellent write-up:

    1 proslijeđeni tweet 2 korisnika označavaju da im se sviđa
    Poništi
  2. 22. svi 2019.

    The case of KernelBase is even more interesting: its DllMain will be called, but with the arguments of DriverEntry. The crash is due to the fact that the GS segment register is interpreted differently. While in user-mode it points to the TEB, in kernel-mode it points to the KPCR.

    9 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  3. 22. svi 2019.

    Fun fact: you can load NTDLL as a driver and get yourself a nice BSOD. As it turns out, there is no flag in the PE header which differentiates user-mode binaries from kernel-mode binaries. Also, if the RVA for the entry point is 0, the loader will blindly jump into the MZ header.

    26 proslijeđenih tweetova 93 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    1. sij 2019.

    Just published a new research I worked on recently, documenting an undocumented kernel callbacks mechanism:

    11 replies 231 proslijeđeni tweet 482 korisnika označavaju da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    1. stu 2018.

    We added a couple of new mitigations to SKREAM - now it can randomize pool allocations by 3rd party drivers to break pool overflow exploits. Blog post to be published soon :)

    15 proslijeđenih tweetova 24 korisnika označavaju da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    28. ruj 2018.

    If you're too impatient to read the whole article, here's the repo with the code for pre-allocating and protecting memory pages used by some kernel exploitation techniques in Win7+8: Hopefully it'll contain more mitigations in the future.

    8 proslijeđenih tweetova 16 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    27. ruj 2018.

    Started playing with kernel-mode exploit mitigations together with and eventually we came up with this new project: This mitigation is only the first, there's more to come!

    1 reply 19 proslijeđenih tweetova 42 korisnika označavaju da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    31. srp 2018.

    Now On Stage! Deep Hooks: Monitoring Native Execution In WOW64 Applications Yarden Shafir and Assaf Carlsbad SentinelOne researchers presented on BSidesTLV. Watch it now

    4 proslijeđena tweeta 5 korisnika označava da im se sviđa
    Poništi
  9. 20. lip 2018.

    What mingling in a conference feels like.

    1 reply 5 proslijeđenih tweetova 12 korisnika označava da im se sviđa
    Poništi
  10. 11. lip 2018.

    AV industry is like a circular linked list...

    1 reply 10 proslijeđenih tweetova 17 korisnika označava da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    8. tra 2018.

    microsoft WTF?

    1 proslijeđeni tweet 5 korisnika označava da im se sviđa
    Poništi

@assaf_carlsbad još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·