Antonio Cocomazzi

@splinter_code

CTF player at $ my-interests -v malware obfuscation techniques, ids evasion techniques

Milano, Lombardia
github.com/antonioCoco
Vrijeme pridruživanja: kolovoz 2016.
10 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @splinter_code

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @splinter_code

  1. Prikvačeni tweet
    6. pro 2019.

    knocked to our door and wanted to get listen and ... we kindly answered! From Service Account to SYSTEM again cc 0xea31()

    62 proslijeđena tweeta 79 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    prije 19 sati

    Had fun playing with fantastic ntobjectmanager :-)

    1 reply 25 proslijeđenih tweetova 69 korisnika označava da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    4. velj

    Seems that league of legends has an anti cheat kernel driver now - interesting to find out what will do -

    6 proslijeđenih tweetova 9 korisnika označava da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    3. velj

    is looking for speakers The Call for Papers closes on May 3rd (23:59 CEST) Theme: Attack and Defense The focus is on pratical knowledge Presentation slots are 45 minutes Check RomHack website to get more info and submit your proposal

    9 proslijeđenih tweetova 10 korisnika označava da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    2. velj

    Can your EDR detect symbolic link callback rootkits? Because ours sure as heck can't. and I wrote about these!

    163 proslijeđena tweeta 374 korisnika označavaju da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    2. velj

    SettingSyncHost.exe as a LolBin cd %TEMP% & c:\windows\system32\SettingSyncHost.exe -LoadAndRunDiagScript foo

    169 proslijeđenih tweetova 366 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    28. sij

    From Hyper-V Admin to SYSTEM : cc Small POC in powershell exploiting hardlinks during the VM deletion process :

    13 proslijeđenih tweetova 38 korisnika označava da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    28. sij

    For today "side lolbin" let's say thanks to: ZOHO Corporation private Limited with their dctask64.exe. Keep injecting all the dll we want with: dctask64.exe injectDll <dllpath> <PID> bonus point: we have the outputs!!! cc

    7 replies 78 proslijeđenih tweetova 175 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    27. sij

    we have an update to DTrace on Windows. with the latest 20H1 insider build, no more KD required to use dtrace on windows. plus arm64 MSI.

    80 proslijeđenih tweetova 181 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    23. sij

    Be a regular user, face "Access Denied" when starting a system service, inject false ETW trigger to make it starting anyway. Fully working PoC for wersvc:

    35 proslijeđenih tweetova 95 korisnika označava da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    7. sij

    Full analysis and exploit for Windows kernel ws2ifsl use-after-free (CVE-2019-1215) by our researcher

    1 reply 193 proslijeđena tweeta 326 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    20. sij

    As promised, a short post on Hyper-V admin privesc: /cc

    144 proslijeđena tweeta 278 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    19. sij

    "Analyzing Modern Malware Techniques - Part 1" by

    126 proslijeđenih tweetova 303 korisnika označavaju da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    18. sij

    ": a Stealthy Lateral Movement Strategy" is now available to read Read if interested to see a new practical lateral movement Demo (TDS (MS SQL) & FTP): Prototype will be released soon

    1 reply 184 proslijeđena tweeta 356 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    17. sij

    Want to make service removal really fun? Create a service with a unicode name. The service will run but won't show in sc.exe, services.msc, or taskmgr.exe and will sometimes cause a critical error while trying to find it with PowerShell/WMI. Unicode wins again.🤦‍♂️

    13 replies 390 proslijeđenih tweetova 885 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    13. sij

    I've been poking around the Windows kernel a lot lately and one of my favorite samples I've referenced is Mimikatz's driver, Mimidrv. I took some time and documented all of its functions and included some write-ups on important kernel structures. Post: 1/3

    265 proslijeđenih tweetova 516 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    12. sij

    Here's the Gist to do both BlockDLLs and PPID Spoof: Both ALWAYS_ON & ALLOW_STORE seem to work. On my machine, MSEdge runs with ALLOW_STORE, so maybe better for blending in?

    Looks like I got the whole BlockDLLs thing working in C#. Quite a trivial exercise thanks to 's example in C:
    1 reply 85 proslijeđenih tweetova 171 korisnik označava da mu se sviđa
    Poništi
  18. proslijedio/la je Tweet
    12. sij

    From Hyper-V admin to full system compromise.. coming soon ;-) cc

    1 reply 12 proslijeđenih tweetova 74 korisnika označavaju da im se sviđa
    Poništi
  19. 11. sij

    splintercode just got 1st blood owning system on Monteverde ! di

    1 korisnik označava da mu se sviđa
    Poništi
  20. proslijedio/la je Tweet
    9. sij

    I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit over iMessage:

    15 replies 542 proslijeđena tweeta 1.269 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    9. sij

    Have reproduced Citrix SSL VPN pre-auth RCE successfully on both local and remote. Interesting bug!

    10 replies 309 proslijeđenih tweetova 708 korisnika označava da im se sviđa
    Poništi

@splinter_code još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·