Bruce Dang

@brucedang

Chief Gardener at Veramine. Previously at Microsoft. author of Practical Reverse Engineering.

Vrijeme pridruživanja: kolovoz 2010.

Tweetovi

Blokirali ste korisnika/cu @brucedang

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @brucedang

  1. proslijedio/la je Tweet
    31. lis 2019.

    So I can honestly say that the and Hypervisor training is worth every penny. Seriously - It is awesome. If you have a chance to go, absolutely do it.

    Poništi
  2. 25. ožu 2019.

    Motivated by a question from a friend and his coworker, I wrote a blog about HyperV and exit dispatching. See cc Also, and I are offering a course on hypervisor development! See

    Poništi
  3. proslijedio/la je Tweet
    30. sij 2019.
    Odgovor korisniku/ci

    has a really great rootkits training!

    Poništi
  4. proslijedio/la je Tweet
    28. sij 2019.

    ’s course is one of the best I’ve had the chance to attend.

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    25. sij 2019.

    If you want to venture into kernel development ‘s course is the the best out there..Don’t think twice, enroll..

    Poništi
  6. proslijedio/la je Tweet
    25. sij 2019.

    When rest of the Twitter world was engulfed in drama about what is/was wrong with in terms of gender,race etc etc, I was learning some serious shit from the expert himself ..It was a humbling experience in terms of what I learned but also how humble he was..

    Poništi
  7. proslijedio/la je Tweet
    10. sij 2019.

    There are many reasons to read Windows Internals end-to-end, but the most exciting one is attending 's Windows Kernel Rootkits training in , one month from today. And I even get to be in the con with 😍 Thank you so much!

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    4. stu 2018.

    My new blogpost: WoW64 internals - from the kernel initialization, through turbo thunks, "WoW64 functions", xtajit, CHPE, ... all the way to "Heaven's Gate" on ARM.

    Poništi
  9. proslijedio/la je Tweet
    1. stu 2018.

    Day 2 took a little longer than expected. I hope you enjoy the article. Thanks for sticking with me.

    Poništi
  10. proslijedio/la je Tweet
    25. lis 2018.
    Poništi
  11. proslijedio/la je Tweet
    9. lis 2018.
    Poništi
  12. proslijedio/la je Tweet
    9. ruj 2018.

    I've now open sourced my latest hypervisor written in C. . See it in action ! This is what I demoed to way back at Recon 2016 and he thought it was pretty cool, so it must be.

    Poništi
  13. proslijedio/la je Tweet
    29. kol 2018.

    tbh, I didn't want to publish it, but since someone is pushing me out of my comfort zone (meh! :P), you will probably have some news from me in the following days. :-^ Meanwhile, and I wrote a massive "thank you" post for here:

    Poništi
  14. 21. kol 2018.

    I am offering a public session of my Windows Kernel Rootkits class in January 2019 in Laurel, Maryland (JHU-APL campus). Last year we analyzed and implemented some of Equation Group's kernel implants; maybe we will do another group this year. More info at

    Poništi
  15. proslijedio/la je Tweet
    20. kol 2018.

    If you ever wanted to diff any structure or list of functions from NTDLL/NTOSKRNL/HAL across any Windows version (XP - 19H1), now you can: Note keywords "ALL", "ALL_SORTED" and "ALL_FUNCTIONS", but prepare for one huge browser hiccup.

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    17. kol 2018.

    Blog Post: Arbitrary, Unsigned Code Execution Vector in Microsoft.Workflow.Compiler.exe Bypasses all forms of whitelisting, circumvents Win 10S, and is unlikely to ever be used in your environment, hence, it should be trivial to detect.

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    17. kol 2018.

    I hope I'm not too late to the party, but here's my take at hypervisors - meet hvpp, the simple x64/VT-x hypervisor for Windows. Repo includes example which shows CPUID interception and hiding of user-mode hooks via EPT.

    Poništi
  18. proslijedio/la je Tweet
    14. kol 2018.

    Just published a new article detailing a method allowing circumvention of integrity checks and the ability to supersede driver altitude limits in the kernel:

    Poništi
  19. proslijedio/la je Tweet
    13. kol 2018.

    Was just talking to about our mutual respect for 's teaching style of only teaching enough to empower students to discover solutions on their own. A good instructor teaches methodology. A good student takes good notes and doesn't expect to be spoon-fed knowledge

    Poništi
  20. 13. kol 2018.

    Ever wonder what process is using your microphone? I just wrote short entry on how to do this with WNF from a kernel-mode driver. . cc

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·