Peter Winter-Smith

@peterwintrsmith

Security consultant at . Loves coding, hacking, reversing, maths, learning! Admires many.

London, UK
Joined August 2010

Tweets

You blocked @peterwintrsmith

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @peterwintrsmith

  1. Pinned Tweet
    May 31

    I recently stumbled upon the code I had written for the Crystal Anti-Exploit Protection product back in 2011-2012 and decided to make it public! There’s lots of stuff in there for any fans of exploit dev/reversing/low level windows! Check it out:

    Undo
  2. Retweeted
    Dec 5

    I’m excited to finally release a short book that’s about building C2 implants in C++. I hope it can serve as an educational resource for those in Red Teams who want to get started writing their own implants and related C2 components. You can read it here:

    Show this thread
    Undo
  3. Retweeted
    Nov 26

    We’re very happy to announce dates for our next public Adversary Simulation and Red Team Tactics Training are now available...

    Undo
  4. Nov 25

    Has anyone successfully retrieved an out/ref .NET method parameter when hosting the CLR? I have a function with signature public static void foo(out string[] bar) and I can’t seem to get at bar! I’ve tried the usual suspects, i.e. SAFEARRAY with VT_BYREF|VT_ARRAY|VT_BSTR 😫

    Undo
  5. Retweeted
    Nov 23
    Undo
  6. Retweeted
    Nov 22

    Dominic Chell - Offensive Development: Post Exploitation Tradecraft in an EDR World at 2020

    Undo
  7. Retweeted
    Nov 5

    Since Microsoft is stepping up their game against OAuth Phishing attacks, we are releasing our internal version of the Office 365 Attack Toolkit. New features include interactive email search, email sending etc.

    Undo
  8. Retweeted
    Oct 26

    Due to continued expansion, we have vacancies for UK based, experienced appsec professionals in our consultancy and pentest team

    Undo
  9. Retweeted
    Oct 20

    Segmentation Vault: Cloning Thick Client Access... a new blog post by dives in to cloning OneDrive access

    Undo
  10. Retweeted
    Oct 15

    Our 2nd post of the week, Covert Web Shells in .NET by is now live at

    Undo
  11. Retweeted
    Oct 12

    I found an interesting using Windows Update Client (wuauclt.exe) as a loader - blog, pull request to LOLBAS and in the wild sample here - I am hoping to finalise some of my work on the methodology I used soon so keep your eyes posted.

    Undo
  12. Retweeted
    Oct 12

    The final post in the lateral movement series by is now live! This time we dive in to DLL Hijacking for jumping laterally...

    Undo
  13. Oct 8

    Anyone wanting to train combat sports in London should train with Paul Clark! He’s a fantastic coach with whom I’ve had many fantastic classes and 1-on-1 sessions over the past few years (and can’t wait to have more when things are back to normal routines!)

    Undo
  14. Oct 1

    Welcome guys! Excited to be working with you both!

    Undo
  15. Retweeted
    6 Nov 2018

    Just blogged on using Cobaltstrike Over External C2 via Dropbox: Github Repo: Any feedback is appreciated and welcome 😃

    Undo
  16. Retweeted
    Sep 17

    Part 2 in ’s series on Windows lateral movement is now live on the blog stayed tuned for part 3...

    Undo
  17. Sep 4
    Undo
  18. Retweeted
    Sep 1
    Undo
  19. Retweeted
    Sep 1

    Big thanks to for his assistance with the detection section here and putting the time in to produce a Mordor dataset!

    Undo
  20. Retweeted
    Aug 28

    Last weekends project was looking at 4(ish) ways to move laterally with Win32_ScheduledJob in both .NET and PowerShell:

    Show this thread
    Undo
  21. Aug 28

    I couldn’t recommend working highly enough! Great company, work environment and peers! I encourage anyone on the fence about a change to consider!

    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·