Narib

@n4r1B

Give a man a mask and he will show his true face. Reverse Engineer & Kernel enthusiast

Vrijeme pridruživanja: srpanj 2014.

Tweetovi

Blokirali ste korisnika/cu @n4r1B

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @n4r1B

  1. proslijedio/la je Tweet
    27. sij

    we have an update to DTrace on Windows. with the latest 20H1 insider build, no more KD required to use dtrace on windows. plus arm64 MSI.

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    20. sij

    My IDA Plugins HeapViewer and deREferencing have been ported to Python3 on GitHub. Both should support python2/3. If you find any error, let me know:

    Poništi
  3. proslijedio/la je Tweet
    20. sij

    The 7th part of the tutorial Hypervisor From Scratch is published! In this part, I described EPT. Thanks to Petr as Hypervisor From Scratch could never have existed without his help and to Alex for patiently answering my questions.

    Poništi
  4. proslijedio/la je Tweet
    16. sij

    After a lot of work and some crypto-related delays, I couldn't be more proud to publish 's and mine latest research - The complete overview of CET internals on Windows (so far!):

    Poništi
  5. 20. pro 2019.

    We just updated the executive callback repo with a research on the callback used by PatchGuard

    Poništi
  6. proslijedio/la je Tweet
    29. stu 2019.

    It's not completely finished, but good enough for playing with C++ exceptions in Windows Driver. - FH3 & new FH4 - x86 & x64 - optimized stack usage - no TLS impl. details: x86: x64: credits:

    Poništi
  7. proslijedio/la je Tweet
    22. ožu 2019.

    Use whatever tool you want, I do use both IDA and Ghidra. But stop being a fucking dick and acting like it's holy war insulting , , Arnaud and all the other people making a living by coding the tool we all have been using for fucking decades.

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    12. stu 2019.

    deobfuscated / payloads and extracted its config with Hatching Triage . Check his write up here:

    Poništi
  9. 5. stu 2019.

    Myself and have been doing a research on Executive Callback Objects. It's still WIP but feel free to contribute or add more info 😃

    Poništi
  10. 5. stu 2019.
    Poništi
  11. 2. stu 2019.

    Best energy drink ever 🤣

    Poništi
  12. proslijedio/la je Tweet
    28. lis 2019.

    Microsoft symbol server is experiencing an outage. No ETA to a fix yet.

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    21. lis 2019.

    I just published an in-depth analysis of how the network protocol works. Also I've released a tool which emulated this protocol and is capable to download new & from the C&Cs. It's integrated with and .

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    19. lis 2019.

    next to add Tactics to ease Initial Assessment

    Poništi
  15. 17. lis 2019.

    Finally managed to finish translating this quite long post, big overview on how the Bootloader loads the essential Drivers

    Poništi
  16. proslijedio/la je Tweet
    15. lis 2019.

    And, done! 2.0 with support for Python 3.X and IDA 7.4 has been published:

    Prikaži ovu nit
    Poništi
  17. 14. lis 2019.

    Little research and me did on the new AltSystemCallHandlers functionality added to Windows 10 20H1 18995. Register a handler that gets executed every time KiSystemCall is called, this has a lot of potential!!

    Poništi
  18. proslijedio/la je Tweet
    11. lis 2019.

    I've written a little IDA Python's <= 7.3 compatibility module that you can use to support old IDA Python plugins in IDA 7.4. It's in Public Domain. Thank me later...

    Poništi
  19. proslijedio/la je Tweet

    New blog post: New machine learning protection features in Microsoft Defender ATP’s behavioral blocking and containment capabilities recently protected 100 organizations from a highly targeted credential theft attack

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    5. lis 2019.

    If you need a fast/light way to instrument and save each instruction (with general purpose & r/e flags) in all levels of execution (User-mode/Kernel-mode/Hypervisor) then use my new customized version of QEMU.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·