The Havoc Framework.

I just sponsored @mrexodia. No other tool I have been so much besides x64dbg for the past 4-5 years on a daily basis. Saved me countless hours, learned so much, and helped me solve a lot of problems quickly. The work & research he is putting out has been more then invaluable to.

Truly excited for the upcoming workshop. Covering modern ransomware evasion & detection and also implementing your own ransomware/decryptor for Windows, MacOS and Linux. See you soon! 👻

Truly grateful and excited to be presenting this workshop alongside @rad9800 at @x33fcon!. It’s an honor to collaborate with someone as sharp and creative as Rad 😄🫡.

Never expected to see my trolling ending up on LinkedIn out of all places.

I never got an answer about avast 😔

Also the compiler now used is clang, switching away from mingw. Mainly because I wanna utilize some LLVM shenanigan in future projects.

spend some time rewriting stardust to be more minimalist and easier to use! I needed a generic minimal shellcode template that works for both x86 and x64 out of the box so I rewrote stardust to do so. It is now written in C++20 and utilizing some of its language features. The.

song fire tho .

what is up with some bands having weird and or oddly long names? How am I going to explain to someone that I am listening to "I DONT KNOW HOW BUT THEY FOUND ME".

Thanks to @jetbrains for sponsoring me with a license so I can continue working on havoc and other projects 😄. I have been using their IDEs for more than 4 years nearly every single day.

I will be at @BSidesLondon in December :) . hit me up or say hi if you want to chat about windows internals or malware.

Reimplemented the Early Cascade Injection technique documented by the @OutflankNL team . The code is boring but the blog post was very interesting to read, especially when it came to how the process is initialized and how LdrInitializeThunk works. Cheers .

ChatGPT is such a good alternative to reading the library or API documentation. Which I already rarely do either way.

I will be at @BSidesVienna (23.11) with some other friends :) .hit me up or say hi if you want to chat about Windows internals, malware, or the fall of the Roman Empire. cheers.

test/demo? store added for a centralized way of installing plugins and scripts to extend the agent and client features.

The RISC-V interpreter/VM has been heavily inspired by the work of @mrexodia and @oopsmishap and their RISC-Y Business project ( .All credit goes out to them.

Using an interpreter or custom VM has been abused by malware authors for decades now. Various abuse the LUA interpreter or some even wrote their VM such as FinFisher. I have noticed that for now it has not been utilized by commercial frameworks.

I haven't posted anything about Havoc in a while so imma share something I have been working on. Wrote a custom VM/Interpreter (based on the RISC-V instruction set) to execute exploits and other arbitrary code. The client is now fully extendable and scriptable via the Python API