I'm starting another series - Buffer Overflows in the Modern Era. I'll go over the basics of using a debugger all the way to successfully achieving a buffer overflow exploit on Windows 11 24H2, using ROP gadgets and bypassing ASLR, etc. Here's part 1! .

RT @x64dbg: We're excited to announce a major new release of x64dbg!. The main new feature is support for bitfields, enums and anonymous ty….

Part 3 of the Buffer Overflows in Modern Era series has been posted! In this lengthy yet detailed walkthrough, we'll start to link ROP gadgets together, set register values, and execute VirtualAlloc() ! .

Here's Part 2 of the Buffer Overflows in Modern Era series. In this post, we'll perform the actual buffer overflow using Python, learn how ROP works + DEP restrictions, and once again execute the obligatory Windows calculator 😸.

RT @_xpn_: My second blog post of the month is up. Nothing too crazy, this time I’m looking at the upcoming Windows Administrator Protectio….

RT @5mukx: Finally parallel syscalls done in Rust successfully =)

RT @mansk1es: Microsoft: no bounty but you'll get a CVE! Here's even the date: . Me: Ok, sounds alright. *fix releases*.Microsoft: Sorry,….

RT @0xTriboulet: More defensive insights, made possible by offsec contributions. What a time to be alive.

Folks still seem to be interested in UAC bypass techniques that work on Win 11 24H2. I added content to an existing post on my site going over how to use COM interfaces to bypass UAC. Enjoy 😀.

RT @0xTriboulet: Microsoft, and other software vendors, have demonstrated time and again that security will always come second. I agree tha….

RT @0xTriboulet: rssh-rs is a reflective DLL that performs some hacky integration with your favorite C2 Framework to provide SSH session ac….

Hey all. Here's my latest blog post discussing using steganography for concealing shellcode in an image, extracting it, and executing it. All while bypassing EDR. Enjoy!.

RT @0xTriboulet: There's never been a better time to learn how to build cool stuff. 1. AI can on-the-spot answer whatever programming que….

RT @0xTriboulet: Separated prepend loaders and stomp-style loader functionality into separate branches. This facilitates the use of other l….

RT @0xTriboulet: Made hacky named pipe support available via rdll-rs.cna. This means you can now develop Reflective DLLs with some support….

RT @0xTriboulet: In my opinion, the full potential of reflective DLLs as an offensive development platform has yet to be adequately explore….

RT @0gtweet: WHAT?! 😂.If you provide /FS:FILESYSTEM parameter to the format[.]com utility, the resulting process will try to load ("U"+FILE….

RT @techspence: Everyone wants to defend against ransomware…. No one wants to segment their flat network becuse the windows firewall is “to….

RT @hasherezade: Cool beginner-level introduction to the PE format: - featuring #PEbear 🐻: .

RT @hasherezade: New #PEbear : 0.7.1: - is out! Updated with some important fixes.