Peter Winter-Smith

@peterwintrsmith

Security consultant at . Loves coding, hacking, reversing, maths, learning! Admires many.

London, UK
Joined August 2010
28 Photos and videos Photos and videos

Tweets

You blocked @peterwintrsmith

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @peterwintrsmith

  1. Pinned Tweet
    May 31

    I recently stumbled upon the code I had written for the Crystal Anti-Exploit Protection product back in 2011-2012 and decided to make it public! There’s lots of stuff in there for any fans of exploit dev/reversing/low level windows! Check it out:

    6 replies 62 retweets 152 likes
    Undo
  2. Retweeted
    Dec 5

    I’m excited to finally release a short book that’s about building C2 implants in C++. I hope it can serve as an educational resource for those in Red Teams who want to get started writing their own implants and related C2 components. You can read it here:

    12 replies 309 retweets 801 likes
    Show this thread
    Show this thread
    Undo
  3. Retweeted
    Nov 26

    We’re very happy to announce dates for our next public Adversary Simulation and Red Team Tactics Training are now available...

    1 reply 24 retweets 81 likes
    Undo
  4. Nov 25

    Has anyone successfully retrieved an out/ref .NET method parameter when hosting the CLR? I have a function with signature public static void foo(out string[] bar) and I can’t seem to get at bar! I’ve tried the usual suspects, i.e. SAFEARRAY with VT_BYREF|VT_ARRAY|VT_BSTR 😫

    1 reply
    Undo
  5. Retweeted
    Nov 23

    Just pushed a new blog post to the blog on Outlook based persistence -

    7 replies 194 retweets 456 likes
    Undo
  6. Retweeted
    Nov 22

    Dominic Chell - Offensive Development: Post Exploitation Tradecraft in an EDR World at 2020

    1 reply 78 retweets 202 likes
    Undo
  7. Retweeted
    Nov 5

    Since Microsoft is stepping up their game against OAuth Phishing attacks, we are releasing our internal version of the Office 365 Attack Toolkit. New features include interactive email search, email sending etc.

    3 replies 213 retweets 629 likes
    Undo
  8. Retweeted
    Oct 26

    Due to continued expansion, we have vacancies for UK based, experienced appsec professionals in our consultancy and pentest team

    13 retweets 35 likes
    Undo
  9. Retweeted
    Oct 20

    Segmentation Vault: Cloning Thick Client Access... a new blog post by dives in to cloning OneDrive access

    9 replies 74 retweets 115 likes
    Undo
  10. Retweeted
    Oct 15

    Our 2nd post of the week, Covert Web Shells in .NET by is now live at

    76 retweets 128 likes
    Undo
  11. Retweeted
    Oct 12

    I found an interesting using Windows Update Client (wuauclt.exe) as a loader - blog, pull request to LOLBAS and in the wild sample here - I am hoping to finalise some of my work on the methodology I used soon so keep your eyes posted.

    18 replies 347 retweets 598 likes
    Undo
  12. Retweeted
    Oct 12

    The final post in the lateral movement series by is now live! This time we dive in to DLL Hijacking for jumping laterally...

    109 retweets 212 likes
    Undo
  13. Oct 8

    Anyone wanting to train combat sports in London should train with Paul Clark! He’s a fantastic coach with whom I’ve had many fantastic classes and 1-on-1 sessions over the past few years (and can’t wait to have more when things are back to normal routines!)

    Live your life! Train Hard - Train Smart - Train Safe
    1 reply 1 retweet 5 likes
    Undo
  14. Oct 1

    Welcome guys! Excited to be working with you both!

    One Of Us GIF
    Today we’re super excited to welcome Donut core dev () and shad0w c2 dev () to the team
    14 likes
    Undo
  15. Retweeted
    6 Nov 2018

    Just blogged on using Cobaltstrike Over External C2 via Dropbox: Github Repo: Any feedback is appreciated and welcome 😃

    6 replies 165 retweets 302 likes
    Undo
  16. Retweeted
    Sep 17

    Part 2 in ’s series on Windows lateral movement is now live on the blog stayed tuned for part 3...

    1 reply 102 retweets 187 likes
    Undo
  17. Sep 4

    Great work by Tom!

    New blog post is out! Creating a custom dll injector using Cobalt Strike BOF's
    4 likes
    Undo
  18. Retweeted
    Sep 1

    Part 1 in the “I Like to Move It” series on lateral movement by is now live...

    6 replies 119 retweets 224 likes
    Undo
  19. Retweeted
    Sep 1

    Big thanks to for his assistance with the detection section here and putting the time in to produce a Mordor dataset!

    Madagascar King Julien GIF
    Part 1 in the “I Like to Move It” series on lateral movement by is now live...
    2 replies 19 retweets 60 likes
    Undo
  20. Retweeted
    Aug 28

    Last weekends project was looking at 4(ish) ways to move laterally with Win32_ScheduledJob in both .NET and PowerShell:

    3 replies 57 retweets 101 likes
    Show this thread
    Show this thread
    Undo
  21. Aug 28

    I couldn’t recommend working highly enough! Great company, work environment and peers! I encourage anyone on the fence about a change to consider!

    Join Us GIF by memecandy
    We have open positions for experienced AppSec consultants in our UK-based team - come join us
    3 retweets 27 likes
    Undo

@peterwintrsmith hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·