Med K

@redmed666

Security guy, love reverse engineering, like to search and test new stuff

Vrijeme pridruživanja: kolovoz 2017.

Tweetovi

Blokirali ste korisnika/cu @redmed666

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @redmed666

  1. Prikvačeni tweet
    14. lip 2018.

    Now, there is even an GUI embryo for Mal6raph () using and (thanks ) 😀 it allows you to upload samples (analysed by ), displays all the samples ( db) and displays similar samples based on function analysis \o/

    Poništi
  2. proslijedio/la je Tweet
    2. velj

    KDU, Kernel Driver Utility - driver loader (and not only) bypassing Windows x64 Driver Signature Enforcement with support of various "functionality" providers - including Unwinder's RTCore,

    Poništi
  3. proslijedio/la je Tweet
    31. sij
    Poništi
  4. proslijedio/la je Tweet
    31. sij

    Hardware Debugging for Reverse Engineers Part 1: SWD, OpenOCD and Xbox One Controllers Hope you enjoy! As always ping me with any questions

    Poništi
  5. proslijedio/la je Tweet
    31. sij

    How to hack yourself admin rights on any Autopilot installed Windows 10 - aka The Return of the Shift+F10!

    Poništi
  6. proslijedio/la je Tweet
    14. lis 2019.

    Have a vendor executable with unknown command-line options? Don’t want to reverse-engineer? Brute force in Windows shell! :: Extract strings from program strings.exe program.exe >> strings.txt :: Run each string as program argument for /f %a IN (strings.txt) DO “program.exe” %a

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    14. lis 2019.

    Among the undocumented flags in Windows Defender MpCmdRun.exe: -BuildSfc -ServiceHardening -SampleHeaderService -WriteLogsForSvc -WDEnable -ReloadEngine

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    29. sij

    Forensic tools expect proper data in a proper way. So, modifying a USB stick... # hexedit /dev/sdb And change some bytes... What could go wrong? To create a loop of extended partitions and break those tools! Nice demo by Michael Hamm from

    Poništi
  9. proslijedio/la je Tweet
    28. sij

    It’s with great pleasure I'm (finally) releasing my docker images. Images are optimised for home and enterprise use. Some cleanup work to do (see issues), but its been in prod for months now. Github: DockerHub:

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    28. sij

    From the folks that brought you Atomic Red Team, Chain Reactor is a new open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.

    Poništi
  11. proslijedio/la je Tweet
    28. sij

    I think I’ve discovered Win32 application launch history / usage trace data that appears undocumented by the community. It logs 3rd-party apps too. Win32kTraceLogging.AppInteractivitySummary See Microsoft’s “Diagnostic Data Viewer” app. A massive trove of data points

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    27. sij

    Armory is a tool meant to take in a lot of external and discovery data from a lot of tools, add it to a database and correlate all of related information.

    Poništi
  13. proslijedio/la je Tweet
    5. sij 2018.

    Ooh, here's with a grand how-to on bypassing code readout protection using JTAG, OpenOCD, gdb and 's CRP bypass on the Nordic nrf51822 Bluetooth SoC

    Poništi
  14. proslijedio/la je Tweet
    26. sij

    The claim in the FTI forensics report on Bezos’ iPhone that, “due to end-to-end encryption employed by WhatsApp, it is virtually impossible to decrypt the contents of the downloader [.enc file]...” bugged me so much that I coded up how to do it:

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    25. sij

    Good whitepaper about windows 10 secure kernel: "Live forensics on the Windows 10 securekernel (2017)"

    Poništi
  16. proslijedio/la je Tweet
    24. sij

    Hello, guys! Finally, I have released new 3 tools for and for macOS. Please try them and have a nice weekend :) 1st tool: Norimaci is malware analysis sandbox for macOS. This tool was inspired Noriben sandbox. (1/3)

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    24. sij

    If you have ATP enable the NO-DEFAULT protections: 1)block office apps from creating child process and inject code to other process2)Block JS &VBS from launching downloaded executable content 3)Block credential stealing from lsass.exe and much more

    Poništi
  18. proslijedio/la je Tweet
    24. sij

    TLDR pages : Simplified, community-driven man pages w/ examples : -->to quickly get access to community-driven cheat sheets. It has more than 60 programming languages and UNIX/Linux commands :

    Poništi
  19. proslijedio/la je Tweet
    24. sij

    IOCs, the decompiled C# code with deobfuscated strings, a registry data config decrypter (for those who are infected) and some information of the Project TajMahal malware sample uploaded in 2019 to Virustotal:

    Poništi
  20. proslijedio/la je Tweet
    23. sij

    (Reversing malware challenges from Dennis Yurichev) (Malware Research Slack group from GelosSnake) (Basically all of Lenny Zeltser's blog) (Art of Memory Forensics - Volatility crew)

    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    24. sij

    Post-exploitation tip: Do you know how to trivially & remotely hijack an session without prompt nor warning on user's side using signed binary (no patch/multi-session) ? qwinsta+mstsc shadowing is the answer ;) Details:

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·