Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @vm_call
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @vm_call
-
Pinned Tweet
First part of my kernel hacking mini-series: "Hooking the graphics kernel subsystem" https://vmcall.blog/nt/2019/10/18/kernel_gdi_hook.html …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Okay guys, enough with the jokes. Why are cheaters renaming themselves to "vm_call fan"
https://twitter.com/HecticPXL/status/1222775828456640517 …
0:34Thanks. Twitter will use this to make your timeline better. UndoUndo -
I ported https://vmcall.blog/ from Jekyll to Wordpress in hopes that the "comments" feature would be used to provide meaningful commentary to my content. Let's just say that I am pleased with my decisionpic.twitter.com/mbiJ8IWPus
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Carl Schou / vm Retweeted
Ladies and gentlemen, I present you a working Remote Code Execution (RCE) exploit for the Remote Desktop Gateway (CVE-2020-0609 & CVE-2020-0610). Accidentally followed a few rabbit holes but got it to work! Time to write a blog post ;) Don't forget to patch!pic.twitter.com/FekupjS6qG
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Hackers have been abusing a poor integrity check in BattlEye to completely circumvent game protection mechanisms. This has allowed cheat communities to intercept and modify every single piece information sent by the anti cheat to the respective servers. https://vmcall.blog/battleye-communication-hook/ …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
BattlEye has begun virtualising all new shellcode, 1:0 to the secret club. Confirms that the developers are lurking my twitter - next article will be released shortly, which will allow you to hook BattlEye while bypassing their internal integrity checks :) stay put
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Carl Schou / vm Retweeted
PoC (Denial-of-Service) for CVE-2020-0609 & CVE-2020-0610 Please use for research and educational purpose only. https://github.com/ollypwn/BlueGate …pic.twitter.com/R43AHUwGV0
Thanks. Twitter will use this to make your timeline better. UndoUndo -
FE CTF 2019 write-up by national champion
@floofstrid (coincidentally, a fellow secret club member
)https://astr.cc/blog/fe-ctf-2019-writeup/ …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Here's a full write-up of the danish intelligence agency's CTF. I might publish my Femtium (custom RISC architecture used in the CTF) -> x86 converter and optimizer, which enabled me to reverse engineer the applications in good old IDA Pro :-)https://twitter.com/CitadelArcho/status/1219341477429547008 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
This hit major providers that haven't previously been detected in the past 6 months :-)
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
#BattlEye have updated their detections of hypervisor-based cheats. This happens under a week after@daax_rynd and I published an article on how to improve the time-based detections. *shrug* that's what you get for pasting hvpp/ddimonShow this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Carl Schou / vm Retweeted
PoC for CVE-2020-0601
#x509#crypt32 https://github.com/ollypwn/cve-2020-0601 …pic.twitter.com/gg5toHwpht
Thanks. Twitter will use this to make your timeline better. UndoUndo -
The secret club does it again. Whose side are we even on?https://twitter.com/daax_rynd/status/1217175553452756992 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Anticheats such as BattlEye have been trying to detect generic hypervisors, in particular those prevalent in the cheating community (DdiMon and hvpp), by using time-based detections. Here's some advice on that for the developers. https://vmcall.blog/battleye-hypervisor-detection/ …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
We of course can't say if there's been added anything to this module in the past week, but the module heavily relies on a vectored exception handler which will absolutely kill performance if virtualized, therefore explaining the drastic overhead.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Okay ignore this tweet, that was our monitor tool hitting the timeout limit of 60 seconds. Actual execution time was 110 seconds on a very high end machine = 11000% overhead due to the new obfuscation, have fun playing DayZ on your low end machines
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
The virtualized BEClient2 now takes over 60 seconds to run thanks to virtualization overhead, the execution time before was under a second - you guys need any help?
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Obfuscation sadly doesn't work retroactively - shoe on head or i drop the entire write-up of your disastrous stack scanner
@TheBattlEyeShow this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
BattlEye has now begun fully virtualizing BEClient2 after my last tweet, too bad I already dumped it ;)
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
And yes, you read that correctly, literally the entire driver on disk will be sent over UDP if it matches a very vague name check :( ouch oof oowie my intellectual property
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
BattlEye is uploading device drivers from your machine as a part of its larger system enumeration routine, which sends unfiltered dumps of process names, window titles, module names, certificates and more to their server - stay putpic.twitter.com/Jcxbtifswh
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.