Giuseppe `N3mes1s`

@gN3mes1s

windows, macos, linux, android && lowlevel && ring-1 lover; EDR chef; malware hunter; purple team💜

Italy ~ Naples ~ Amsterdam
Vrijeme pridruživanja: srpanj 2009.

Tweetovi

Blokirali ste korisnika/cu @gN3mes1s

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @gN3mes1s

  1. proslijedio/la je Tweet
    2. velj

    SettingSyncHost.exe as a LolBin cd %TEMP% & c:\windows\system32\SettingSyncHost.exe -LoadAndRunDiagScript foo

    Poništi
  2. proslijedio/la je Tweet
    31. sij

    Reversing XignCode3 Anticheat – Registering Notify and Callback Routines Part 4.1 is out! 🤯 Anti-cheats use callbacks and notification routines to control what is happening on your system, let's dig into this

    Poništi
  3. proslijedio/la je Tweet
    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    30. sij

    Eclypsium published new research exposing vulnerabilities to DMA attacks in laptops from HP and Dell. Our principal researchers, and show that high speed DMA attacks can bypass hardware protections on enterprise devices.

    Poništi
  5. proslijedio/la je Tweet
    30. sij

    Well, we have a Sigma rule from 2017 that would detect this "brand new" Trickbot campaign and I'll write one for the wreset.exe UAC bypass Rule

    Poništi
  6. proslijedio/la je Tweet
    30. sij

    For the past few months, I've been diving into Apple's Endpoint Security Framework. This post shares how I use the framework for detection engineering purposes.

    Prikaži ovu nit
    Poništi
  7. 30. sij

    Seems that someone reads , the switch happened after their post about the new UAC bypass on windows 10. wsreset.exe is the new normal now. cc

    Poništi
  8. proslijedio/la je Tweet
    30. sij

    A quick post on why you shouldn't use SYSTEM Tokens when you sandbox a process. Part 1 of N (where I haven't decided how big N is).

    Poništi
  9. proslijedio/la je Tweet
    28. sij

    OS hacking: Local root exploit via the QEMU graphics driver Let’s exploit a SerenityOS kernel driver bug to get a root shell, and then fix the bug! 🐞🛠😎

    Poništi
  10. proslijedio/la je Tweet
    29. sij
    Poništi
  11. proslijedio/la je Tweet
    29. sij
    Odgovor korisnicima

    Thank you, Giuseppe for pointing this out. We are working on a fix for the cited LOLBin, and shall keep you posted. In the meanwhile, please be informed that this occurrence is associated only with admin accounts. Thank you for your understanding!

    Poništi
  12. proslijedio/la je Tweet
    28. sij
    Poništi
  13. proslijedio/la je Tweet
    27. sij

    olevba and mraptor now detect the new "_OnConnecting" trigger used in some recent malware, thanks to

    Poništi
  14. 28. sij

    argument: executecmd64 dctask64.exe executecmd64 <valid cmd.exe command> dctask64.exe executecmd64 echo "hello"

    Prikaži ovu nit
    Poništi
  15. 28. sij

    argument: invokeexe dctask64.exe invokeexe <executable> will create a process for you.

    Prikaži ovu nit
    Poništi
  16. 28. sij

    For today "side lolbin" let's say thanks to: ZOHO Corporation private Limited with their dctask64.exe. Keep injecting all the dll we want with: dctask64.exe injectDll <dllpath> <PID> bonus point: we have the outputs!!! cc

    Prikaži ovu nit
    Poništi
  17. 27. sij

    Let’s start using dtrace to write some detection rules now 😗

    Prikaži ovu nit
    Poništi
  18. 27. sij

    Windows kernel now relies on Virtualization-based Security (VBS) to securely insert dynamic trace points into kernel code. By relying on VBS, we can now safely and securely insert dynamic tracepoints in the kernel without disabling PatchGuard

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    27. sij

    Windows Kernel _IMAGE_DOS_HEADER::e_lfanew Denial Of Service/Memory Corruption

    Poništi
  20. proslijedio/la je Tweet
    27. sij

    we have an update to DTrace on Windows. with the latest 20H1 insider build, no more KD required to use dtrace on windows. plus arm64 MSI.

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·