RWXstoned
@RWXstoned
Followers
197
Following
110
Media
5
Statuses
101
A helper function to log debug strings at runtime in your UDRL and hopefully make the whole process a bit easier. To use with the CobaltStrike UDRL-VS.
0
15
32
Seems like an interesting talk!😬.
Code injection getting tougher? @rwxstoned is at #x33fcon to unveil how to abuse Windows DLL loading complexities for stealthy execution! Learn new API proxying and remote injection techniques using only read/write ops. This is a must for #RedTeam pros seeking evasion. Learn
0
1
8
RT @durov: A Western European government (guess which 🥖) approached Telegram asking us to silence conservative voices in Romania ahead of t….
0
10K
0
If you want to hire a disgruntled Crowdstrike employee to learn all about their secret sauce, now is your time.
0
0
7
Can't believe @Google bought the duckduckgo[.]fr domain to make it redirect to Google. @DuckDuckGo.
0
0
1
Which library you choose for your CobaltStrike beacon can have significant OPSEC impact if you're counting on BeaconGate to hide your Internet calls since it only does so for wininet (InternetConnectA and InternetOpenA).
2
7
98
Maybe a big shift in this field: no more "we vehemently deny such baseless accusations" from state-sponsored hacking?.
UPDATE: The NSA has officially responded to the blog post and did not deny the allegations China made. Big thanks to @WashTimes and @LovelaceRyanD .
0
0
0
If you thought your callstack spoofing was good enough, you need to recompile your Hunt-Sleeping-Beacon!
0
2
26
Looking into a dearly loved browser to find out how it blocks RWX execution, pretty much like and EDR:.
1
3
8
If you're a a pentester or red teamer, Xmas holydays have been cancelled.
Awesome presentation. To help discover WorstFit style issues in the wild, I've just updated ActiveScan++ with unicode-normalisation detection. Enjoy!
0
0
4
European bureaucracy at its best.
After thousands of dollars spent and weeks of my personal time, my Schengen entry visa application was denied again, fourth or fifth time in last 6 years. Which means that I won't go to CCC'24 where my technical talk was scheduled. I give up on Europe. All of my cutting edge.
0
0
1
New Red Team script: find out where and how to hide your implants with good opsec. Are there RWX pages? Does the process already have winhttp or wininet loaded? Is it signed ?.
2
48
176
RT @HackingDave: Luis Elizondo under oath testifying that the government knows we are not alone in the cosmos and is directly hiding it fro….
0
6
0
An example of custom Sleep in the new Cobalt Strike framework, reusing Sleepmask-VS. Hopefully clarifying how BeaconGate, Sleepmask, and Beacon Userdata all fit together!.
0
8
27