Tweets

You blocked @vm_call

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @vm_call

  1. Pinned Tweet
    19 Oct 2019

    First part of my kernel hacking mini-series: "Hooking the graphics kernel subsystem"

    Show this thread
    Undo
  2. Feb 2

    Okay guys, enough with the jokes. Why are cheaters renaming themselves to "vm_call fan" 😅

    Undo
  3. Jan 26

    I ported from Jekyll to Wordpress in hopes that the "comments" feature would be used to provide meaningful commentary to my content. Let's just say that I am pleased with my decision

    Undo
  4. Retweeted
    Jan 26

    Ladies and gentlemen, I present you a working Remote Code Execution (RCE) exploit for the Remote Desktop Gateway (CVE-2020-0609 & CVE-2020-0610). Accidentally followed a few rabbit holes but got it to work! Time to write a blog post ;) Don't forget to patch!

    Show this thread
    Undo
  5. Jan 24

    Hackers have been abusing a poor integrity check in BattlEye to completely circumvent game protection mechanisms. This has allowed cheat communities to intercept and modify every single piece information sent by the anti cheat to the respective servers.

    Show this thread
    Undo
  6. Jan 24

    BattlEye has begun virtualising all new shellcode, 1:0 to the secret club. Confirms that the developers are lurking my twitter - next article will be released shortly, which will allow you to hook BattlEye while bypassing their internal integrity checks :) stay put

    Undo
  7. Retweeted
    Jan 23

    PoC (Denial-of-Service) for CVE-2020-0609 & CVE-2020-0610 Please use for research and educational purpose only.

    Undo
  8. Jan 21

    FE CTF 2019 write-up by national champion (coincidentally, a fellow secret club member💪🏻)

    Undo
  9. Jan 20

    Here's a full write-up of the danish intelligence agency's CTF. I might publish my Femtium (custom RISC architecture used in the CTF) -> x86 converter and optimizer, which enabled me to reverse engineer the applications in good old IDA Pro :-)

    Undo
  10. Jan 20

    This hit major providers that haven't previously been detected in the past 6 months :-)

    Show this thread
    Undo
  11. Jan 20

    have updated their detections of hypervisor-based cheats. This happens under a week after and I published an article on how to improve the time-based detections. *shrug* that's what you get for pasting hvpp/ddimon

    Show this thread
    Undo
  12. Retweeted
    Jan 15
    Undo
  13. Jan 14

    The secret club does it again. Whose side are we even on?

    Undo
  14. Jan 14

    Anticheats such as BattlEye have been trying to detect generic hypervisors, in particular those prevalent in the cheating community (DdiMon and hvpp), by using time-based detections. Here's some advice on that for the developers.

    Undo
  15. Jan 14

    We of course can't say if there's been added anything to this module in the past week, but the module heavily relies on a vectored exception handler which will absolutely kill performance if virtualized, therefore explaining the drastic overhead.

    Show this thread
    Undo
  16. Jan 14

    Okay ignore this tweet, that was our monitor tool hitting the timeout limit of 60 seconds. Actual execution time was 110 seconds on a very high end machine = 11000% overhead due to the new obfuscation, have fun playing DayZ on your low end machines

    Show this thread
    Undo
  17. Jan 14

    The virtualized BEClient2 now takes over 60 seconds to run thanks to virtualization overhead, the execution time before was under a second - you guys need any help?

    Show this thread
    Undo
  18. Jan 14

    Obfuscation sadly doesn't work retroactively - shoe on head or i drop the entire write-up of your disastrous stack scanner

    Show this thread
    Undo
  19. Jan 14

    BattlEye has now begun fully virtualizing BEClient2 after my last tweet, too bad I already dumped it ;)

    Show this thread
    Undo
  20. Jan 13

    And yes, you read that correctly, literally the entire driver on disk will be sent over UDP if it matches a very vague name check :( ouch oof oowie my intellectual property

    Show this thread
    Undo
  21. Jan 13

    BattlEye is uploading device drivers from your machine as a part of its larger system enumeration routine, which sends unfiltered dumps of process names, window titles, module names, certificates and more to their server - stay put

    Show this thread
    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·