Casey Smith

@subTee

Student Tweets are my own, personal opinion. 😄 Always learning. "I often regret that I have spoken; never that I have been silent."  - Arsenius

United States
Vrijeme pridruživanja: studeni 2019.

Tweetovi

Blokirali ste korisnika/cu @subTee

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @subTee

  1. prije 8 sati

    Custom Signed Kernel Driver's Pretty cool 😃 Without the need to enable TestSigning. Sample Project:

    Poništi
  2. proslijedio/la je Tweet
    prije 16 sati
    Poništi
  3. 4. velj

    This podcast helped me tremendously with my anxiety and understanding the physiological affects. tl;dr: your body shuts down functions if you stay in fight/flight too long... tears for example Perhaps it will help someone else... Thxs:

    Poništi
  4. 4. velj

    The engineering behind WDEG is extraordinary. Opt apps in to drive out entire classes of adversaries. I _think_ I can finally grok ACG and CIG Opt MSBuild into CIG (Code Integrity Guard) for systems that aren't using MSbuild.

    Poništi
  5. 4. velj

    Solid read. I love the chapter on "Seeing in the Dark"

    Poništi
  6. proslijedio/la je Tweet
    4. velj

    Root cause analysis and exploit for a Windows kernel ws2ifsl.sys use-after-free vulnerability.

    Poništi
  7. 4. velj

    Very useful tool if you are studying Drivers. Also really enjoyed the book: Windows Kernel Programming

    Poništi
  8. proslijedio/la je Tweet
    3. velj

    ICYMI announced a kernel mode anticheat engine ( ) They mention no surveillance capabilities (prove it) & others are doing it (true) My question: How much code, developers, and involvement in this? Asking for a friend

    Poništi
  9. 3. velj

    [PDF] Threat Group Cards: A Threat Actor Encyclopedia Nice single collection of Threat Actors, Tools, etc...

    Poništi
  10. proslijedio/la je Tweet
    2. velj

    KDU, Kernel Driver Utility - driver loader (and not only) bypassing Windows x64 Driver Signature Enforcement with support of various "functionality" providers - including Unwinder's RTCore,

    Poništi
  11. proslijedio/la je Tweet
    2. velj

    Can your EDR detect symbolic link callback rootkits? Because ours sure as heck can't. and I wrote about these!

    Poništi
  12. proslijedio/la je Tweet
    2. velj

    SettingSyncHost.exe as a LolBin cd %TEMP% & c:\windows\system32\SettingSyncHost.exe -LoadAndRunDiagScript foo

    Poništi
  13. 1. velj

    [Excellent Read] Was reviewing some of the data in this blog. Solid Write up. by

    Poništi
  14. 1. velj
    Prikaži ovu nit
    Poništi
  15. 1. velj

    Load encrypted PE from XML Attribute. MSBuild is still the best.😅 MSBuild sets Property then calls Execute. Use this example to decouple payloads & prove that all security products have a "Single File Bias". Decouple payloads to subvert detection.

    Prikaži ovu nit
    Poništi
  16. 1. velj

    I was thinking of that hacking fest organized when and I wrote a Mimikatz ClickOnce delivery, and and and found some OneNote code execution ❤️ miss ya'll

    Prikaži ovu nit
    Poništi
  17. 1. velj

    Thinking of the memories 😄 huge shout out to the ATD alumni!!! Thanks and and all the team. ❤️ This is like the Bat Signal. 😄 You have changed the Infosec landscape and I am grateful to have known everyone on that team.

    Prikaži ovu nit
    Poništi
  18. 31. sij

    The code to execute in JS via "System.Runtime.InteropServices.RegistrationServices" here: You need to expose a static method public static void UnRegisterClass(string key) And of course you need an assembly object :) Cheers

    Poništi
  19. 30. sij

    New Twist on an older technique MD5: 4b82f1de393a07aa9ba91d046e2fd6b0 Execute Assembly via System.Runtime.InteropServices.RegistrationServices.UnregisterAssembly. Basically just Another Way to Call Instead of CreateInstance. There is more here but that was fun.

    Poništi
  20. 30. sij

    In case you want more information on Overlapped IO Some good data here:

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·