Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @hFireF0X
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @hFireF0X
-
Thoughts about "Process Doppelganging" and proof-of-concepts, http://www.kernelmode.info/forum/viewtopic.php?f=15&t=4879 …
Thanks. Twitter will use this to make your timeline better. Undo -
Win32k NtUserOpenDesktop Denial Of Service (9200-17046)https://gist.github.com/hfiref0x/6e726b352da7642fc5b84bf6ebce0007 …
Thanks. Twitter will use this to make your timeline better. Undo -
IceID trojan downloader with embedded tiraniddo (token manipulation) and CMSTPLUA UAC bypasses, both copied from uacme together with PEB patch, http://www.kernelmode.info/forum/viewtopic.php?f=16&p=31078#p31077 …
Thanks. Twitter will use this to make your timeline better. Undo -
Collection of UAC bypasses based on <HKCU\Volatile Environment@SYSTEMROOT> registry hijack, https://bytecode77.com/hacking/exploits …, note: this should be somewhat fixed in Windows 10 RS3 1709, and work everywhere on 1703 and below.
Thanks. Twitter will use this to make your timeline better. Undo -
Good news, 17035 seems fixed shell and this method is now fully working on RS4.
Show this threadThanks. Twitter will use this to make your timeline better. Undo -
IColorDataProxy (Color Management) undocumented COM interface represents another UAC bypass via ability to execute custom display calibrator from HKLM entry (which can be easily controlled by another MS backdoor interface ICMLuaUtil), this works from Win7 up to recent Win10 RS4).
Thanks. Twitter will use this to make your timeline better. Undo -
Win7 - Win10 RS3 UAC bypass using FWCPLLUA uncodumented autoelevated COM interface and enigma0x3 HKCU mscfile registry hijack https://gist.github.com/hfiref0x/a044cb0ad425488e38556408b179cb61 …, loader process PEB patch required.
Show this threadThanks. Twitter will use this to make your timeline better. Undo -
/ or as result of Windows Shell API/components redesign.
Show this threadThanks. Twitter will use this to make your timeline better. Undo -
Windows 10 RS4 17025 sdclt (kickoffelev exefile hkcu) uac bypass no longer works. They seems managed to fix it from the 2nd attempt. /cont
Show this threadThanks. Twitter will use this to make your timeline better. Undo -
FireF0X Retweeted
I released some part of my DMA attack tools based on Xilinx SP605 evaluation kit to public, enjoy :)https://github.com/Cr4sh/s6_pcie_microblaze …
Thanks. Twitter will use this to make your timeline better. Undo -
So you want to say being a part of AV botnet can lead to stealing your data? Wow, rly? Windows Defender "Microsoft SpyNet" anyone?
Thanks. Twitter will use this to make your timeline better. Undo -
Thanks. Twitter will use this to make your timeline better. Undo
-
Short summary of UAC changes in Windows 10 RS3 (16299.15 as it suppose to be RTM). tl:dr; It is still useless, annoying piece of junk code.pic.twitter.com/NgdTbfI5mW
Show this threadThanks. Twitter will use this to make your timeline better. Undo -
Try not to break anything if you change something. https://twitter.com/hFireF0X/status/901102575017222144 … rs3 wow64 elevation bugfestpic.twitter.com/TpzppikGEr
Thanks. Twitter will use this to make your timeline better. Undo -
Well you can disregard above tweet as it seems another cascade of fun *bug-features* added in 16273. I'll look more when I've time.
Thanks. Twitter will use this to make your timeline better. Undo -
NtLoadEnclaveData bug has been fixed in public 16273 build.https://twitter.com/hFireF0X/status/887930221466443776 …
Thanks. Twitter will use this to make your timeline better. Undo -
UAC bypass based on wow64 logger functionality is apparently no longer works starting from win10 16273 build, everything else works as b4.
Thanks. Twitter will use this to make your timeline better. Undo -
CMLuaUtil interface also offers more interesting functions such as: initiate system shutdown, write access to registry (set/del values/keys)
Thanks. Twitter will use this to make your timeline better. Undo -
Note: above requires PEB patch or work from inject.
Thanks. Twitter will use this to make your timeline better. Undo -
Win7-Win10rs4 UAC bypass using CMSTPLUA COM interface https://gist.github.com/hfiref0x/196af729106b780db1c73428b5a5d68d …, the magic ofhttps://twitter.com/Oddvarmoe/status/897386061290250241 …
Thanks. Twitter will use this to make your timeline better. Undo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.