Marcos Oviedo

@marcosd4h

Infosec nerd. I back your doors.

Vrijeme pridruživanja: prosinac 2018.

Tweetovi

Blokirali ste korisnika/cu @marcosd4h

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @marcosd4h

  1. Prikvačeni tweet
    15. kol 2019.

    Last week was a blast! I met old and new friends at Vegas and I also presented two tools I've been working on: SysmonX at Arsenal track, and Memhunter at Demo Labs and . Expect to hear more about these tools in the upcoming weeks 😀

    Poništi
  2. proslijedio/la je Tweet
    prije 23 sata

    Custom Signed Kernel Driver's Pretty cool 😃 Without the need to enable TestSigning. Sample Project:

    Poništi
  3. proslijedio/la je Tweet
    2. velj

    KDU, Kernel Driver Utility - driver loader (and not only) bypassing Windows x64 Driver Signature Enforcement with support of various "functionality" providers - including Unwinder's RTCore,

    Poništi
  4. proslijedio/la je Tweet
    31. sij

    Today I learned Google recently hit 50% fuzzing coverage in Chrome. Wow.

    Poništi
  5. proslijedio/la je Tweet
    27. sij

    Windows Kernel _IMAGE_DOS_HEADER::e_lfanew Denial Of Service/Memory Corruption

    Poništi
  6. proslijedio/la je Tweet
    28. sij

    PInjectra’s Stack Bombing Process Injection example was only the beginning. I wrote a practical implementation of it that performs process migration using shared Memory, self-loading/linking DLLs, and an RWX ROP chain. Also included: a detection for it

    Poništi
  7. proslijedio/la je Tweet
    28. sij

    Check out ' tips on Fuzzing, to overcome known challenges and maximize results:

    Poništi
  8. proslijedio/la je Tweet
    27. sij

    we have an update to DTrace on Windows. with the latest 20H1 insider build, no more KD required to use dtrace on windows. plus arm64 MSI.

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    27. sij

    memhunter : Live hunting of code injection techniques : cc

    Poništi
  10. proslijedio/la je Tweet
    23. sij

    KSDumper....process dumper with a twist...will be mucking with this later:

    Poništi
  11. proslijedio/la je Tweet
    22. sij

    So proud to see our PowerShell class released to the public for free. There may be some tradecraft in there FYI that might not be broadly covered. Enjoy!

    Poništi
  12. proslijedio/la je Tweet
    18. sij

    Windows kernel explorer: A free powerful Windows kernel research tool

    Poništi
  13. proslijedio/la je Tweet
    17. sij

    This has been a very long time coming, thank you so much David for developing and sharing this! The applications for this of course go far beyond BloodHound, but if you're looking for the best way to play with BloodHound, this is it!

    Poništi
  14. proslijedio/la je Tweet
    16. sij

    We have a working proof-of-concept exploit for ‘Whose Curve is it Anyway?’ — NSA’s bug in Microsoft’s Crypto API. Read on for our explainer:

    Poništi
  15. proslijedio/la je Tweet
    16. sij

    Visit the test site listed in this awesome post and validate your Audit-CVE log against an actual PoC (versus my silly attempts). If an actual exploitation attempt is made, you can parse out the embedded ASN.1 accordingly.

    Poništi
  16. proslijedio/la je Tweet
    15. sij

    Should we name CVE-2020-0601 CurveBall? Applying to twitter infosec naming committee AKA

    Poništi
  17. proslijedio/la je Tweet
    13. sij

    In this post, dissects Mimikat'z kernel mode driver, Mimidrv, and walks through some of the capabilities available to us in ring 0. Check it out:

    Poništi
  18. proslijedio/la je Tweet
    9. sij

    Video recording of my presentation with at Black Hat Asia 2019 is online. MS Office in Wonderland: 50 minutes of offensive tradecraft with Word and Excel. Exploiting fields, Power Query, VBA stomping, Excel4 macros, AMSI bypasses and more fun.

    Poništi
  19. proslijedio/la je Tweet
    30. stu 2019.

    HOW TO GIVE A CONFERENCE TALK IN FIVE EASY STEPS 1. Write the outline! It'll help you collect your thoughts and make a good talk!!! 2. Write a first draft! Doesn't need to be that good, just get your thoughts down!!! 3. Rehearse! Read the draft aloud and see if it sounds good!

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    7. sij

    For anyone interested in my presentation on Local RPC in .NET the HITB version is now up on YouTube.

    Poništi
  21. proslijedio/la je Tweet
    3. sij

    To continue, 's entire blog. The breadth and depth of Adam's work is truly amazing, but if I had to pick a favorite recent post(s) it would be his articles on Mimikatz internals: and

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·