Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @subTee
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @subTee
-
Custom Signed Kernel Driver's Pretty cool
Without the need to enable TestSigning.
Sample Project:
https://github.com/HyperSine/Windows10-CustomKernelSigners …pic.twitter.com/opyM91m1HI
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Casey Smith proslijedio/la je Tweet
s/debugging/living your life/ghttps://twitter.com/cocoaphony/status/1224364439429881856 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
This podcast helped me tremendously with my anxiety and understanding the physiological affects. tl;dr: your body shuts down functions if you stay in fight/flight too long... tears for example Perhaps it will help someone else... https://podcasts.apple.com/us/podcast/kristen-bell-on-anxiety-part-1/id956742638?i=1000428070232 … Thxs:
@realrobbellHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The engineering behind WDEG is extraordinary. Opt apps in to drive out entire classes of adversaries. I _think_ I can finally grok ACG and CIG Opt MSBuild into CIG (Code Integrity Guard) for systems that aren't using MSbuild. https://github.com/palantir/exploitguard …https://blogs.windows.com/msedgedev/2017/02/23/mitigating-arbitrary-native-code-execution/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Solid read. I love the chapter on "Seeing in the Dark"pic.twitter.com/gZa5IYhwZv
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Casey Smith proslijedio/la je Tweet
Root cause analysis and exploit for a Windows kernel ws2ifsl.sys use-after-free vulnerability. https://labs.bluefrostsecurity.de/blog/2020/01/07/cve-2019-1215-analysis-of-a-use-after-free-in-ws2ifsl/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Very useful tool if you are studying Drivers. https://github.com/zodiacon/DriverMon … Also really enjoyed the book: Windows Kernel Programming https://leanpub.com/windowskernelprogramming …
@zodiaconHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Casey Smith proslijedio/la je Tweet
ICYMI
@riotgames announced a kernel mode anticheat engine ( https://na.leagueoflegends.com/en-us/news/dev/dev-null-anti-cheat-kernel-driver/ …) They mention no surveillance capabilities (prove it) & others are doing it (true) My question: How much@TencentGlobal code, developers, and involvement in this? Asking for a friendHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[PDF] Threat Group Cards: A Threat Actor Encyclopedia https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf … Nice single collection of Threat Actors, Tools, etc...
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Casey Smith proslijedio/la je Tweet
KDU, Kernel Driver Utility - driver loader (and not only) bypassing Windows x64 Driver Signature Enforcement with support of various "functionality" providers - including Unwinder's RTCore, https://github.com/hfiref0x/KDU pic.twitter.com/s154qYlIKR
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Casey Smith proslijedio/la je Tweet
Can your EDR detect symbolic link callback rootkits? Because ours sure as heck can't.
@aionescu and I wrote about these! https://windows-internals.com/dkom-now-with-symbolic-links/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Casey Smith proslijedio/la je Tweet
SettingSyncHost.exe as a LolBin http://www.hexacorn.com/blog/2020/02/02/settingsynchost-exe-as-a-lolbin/ …
#LOLBIN cd %TEMP% & c:\windows\system32\SettingSyncHost.exe -LoadAndRunDiagScript foopic.twitter.com/dOM4EHq4ZuHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[Excellent Read] Was reviewing some of the data in this blog. Solid Write up. https://posts.specterops.io/mimidrv-in-depth-4d273d19e148 … by
@matterpreterHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Load encrypted PE from XML Attribute. MSBuild is still the best.
https://github.com/XwingAngel/PELoader/ …
MSBuild sets Property then calls Execute.
Use this example to decouple payloads & prove that all security products have a "Single File Bias".
Decouple payloads to subvert detection.pic.twitter.com/648rujlLQn
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I was thinking of that hacking fest
@mattifestation organized when@webyeti and I wrote a Mimikatz ClickOnce delivery, and@enigma0x3 and@CptJesus and found some OneNote code execution
miss ya'llPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thinking of the memories
huge shout out to the ATD alumni!!!
Thanks @davidpmcguire and@jasonjfrank and all the team.
This is like the Bat Signal.
You have changed the Infosec landscape and I am grateful to have known everyone on that team.pic.twitter.com/F5BSCJfDCT
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The code to execute in JS via "System.Runtime.InteropServices.RegistrationServices" here: https://ghostbin.co/paste/krdqe You need to expose a static method public static void UnRegisterClass(string key) And of course you need an assembly object :) Cheers
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
New Twist on an older technique MD5: 4b82f1de393a07aa9ba91d046e2fd6b0 Execute Assembly via System.Runtime.InteropServices.RegistrationServices.UnregisterAssembly. Basically just Another Way to Call Instead of CreateInstance. There is more here but that was fun.pic.twitter.com/PEa7VaLf5A
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
In case you want more information on Overlapped IO Some good data here: http://www.beefycode.com/post/Using-Overlapped-IO-from-Managed-Code.aspx …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.