[RELEASE] After a little wait, I'm happy to present SilentMoonwalk, a PoC implementation of a TRUE call stack spoofer, result of a joint research on an original technique developed by namazso, done with my friends @trickster012 and @waldoirc. Enjoy! ;) https://t.co/C5QBzNawza

Section 10/12 of the UDRL/Sleepmask course is finally complete. By far the most complicated / longest to write. Super excited to finish this out and get it into people's hands!

So far, I have spent sleepless months writing custom libs and loaders for my red teaming assessments and its still going on =) After going through all this, I have decided to write a blog about some mistakes I made and why you shouldn't make them. Finally, I would like to

How do I delete someone else's post

@nickeverdox There are other usable instructions to do that, like vpgather/vpgatherqq ;) https://t.co/o3r3l74qjy I've mentioned the "rep movs" there too, but I'm not sure you actually need ERMSB? Although I've explicitly called out vpgather is usable for EPT/#VE later, in PagedOut 6 zine.

Today I am releasing a new blog on Windows on ARM! It comes from the perspective of one, like myself, who comes from an x86 background and is new, but, interested in Windows on ARM! ELs, OS & hypervisor behavior (with VBS), virtual memory, paging, & more! https://t.co/jUHls4wupu

Welcome back Hasherezade (@hasherezade) to our RE//verse review board! Hasherezade, a malware analyst and software engineer from Poland, is known for her impactful work in cybersecurity and reverse engineering. @hasherezade has created several open source tools including PE-bear,

Today I am happy to release a new blog post about Pointer Authentication (PAC) on Windows ARM64! This post takes a look at the Windows implementation of PAC in both user-mode and kernel-mode. I must say, I have REALLY been enjoying Windows on ARM!! https://t.co/isnItJ0nb3

💣 We caught @ycombinator–backed @gecko_sec stealing two of our CVEs, one on @ollama , one on @Gradio. They copied our PoCs, claimed CVE IDs, and even back-dated their blog posts. Here’s the full story 👇

[Crystal Kit] Evasion kit for Cobalt Strike. https://t.co/RYlbXGn1bQ

By exploiting the antivirus's clone service technique and hijacking libraries via the Cryptographic Provider, the IAmAntimalware tool can inject code into processes that are whitelisted and protected by #antimalware. #itsecurity #cybersecurity https://t.co/sltel6v1Ci

I’ll be teaching how EDR REALLY works this Friday at BSIDES NOVA https://t.co/G6AeYHxWf2. It’ll be a medium level course where we analyze malware and its telemetry found in EDR, then try to build hunts around it. Great for attackers and defenders. Hope to see you there!

Close your eyes and ✨imagine: From a low-integrity process (from LPAC even), you can inject your data anywhere you want: privileged tasks, PPL/protected processes, the OS kernel itself, and VTL1 trustlets. Now open your eyes. It is not hypothetical. It is the reality. Page 33.

Lateral movement getting blocked by traditional methods? @werdhaihai just dropped research on a new lateral movement technique using Windows Installer Custom Action Server, complete with working BOF code.

You got access to vsphere and want to compromise the Windows hosts running on that ESX? 💡 1) Create a clone into a new template of the target VM 2) Download the VMDK file of the template from the storage 3) Parse it with Volumiser, extract SAM/SYSTEM/SECURITY (1/3)

Added CRED-8 to Misconfiguration Manager, which is @unsigned_sh0rt's MP relay to dump machine policy secrets. MM link: https://t.co/yMNHpWeb2z Blog link:

Nice! Excited to be speaking at @BSidesPDX again this October. This one was a fun bug ☁️😜

Introducing Wyrm, currently in pre-release - a bit of a hobby project which I am working towards v1.0 for, a Red Team C2 framework which one day will hopefully rival Cobalt Strike, Sliver, etc in terms of capability. Come check it out here! https://t.co/DDkEJfwnta #redteam

In addition to this, we've added a new plugin-based and extensible stage 1 framework we've dubbed the Stager Kit -

Excited to present with @breakfix at #BHEU @BlackHatEvents where we'll be sharing our research on attacking System Center Operations Manager! @SpecterOps

We can exploit the #securityvulnerability of Windows Error Reporting to put EDRs and #antimalware into a coma-like state. By using the EDR-Freeze #redteam tool: Github: TwoSevenOneT/EDR-Freeze