With some guidance from @DebugPrivilege I've found a way to easily dump clear text implants even while they sleep. Bad day for sleep obfuscation 💤 https://t.co/GpNQS6yMjl

Question for people doing Windows dev on Macbooks. Are you using Azure VMs or are you using a physical NUC with Proxmox (etc). Curious what experiences people have had with both and which is recommended most 🧐

Announcing our whitepaper on the future of endpoint security. https://t.co/NogsQiku9B

Introducing Havoc Professional: A Lethal Presence We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth! https://t.co/0aPVihoFIU

Ever tried VSS tracing? I’ve been using it to troubleshoot Volume Shadow Copy issues. It’s super useful but not widely known, so I wrote a quick blog post about it.

Really cool work in this blog. My answer to the Time Travel Debugging problem attached. Using timers (Ekko) for sleep, add an additional one to check if the TTDRecordCPI.dll is loaded; if so force the process to crash so implant is never unmasked during the trace.

This evening @DebugPrivilege walked me through some case studies from the WinDBG section of his debugging fundamentals repo. Defiantly check it out and bookmark it! https://t.co/pKxacSfU5X

How it feels opening IDA

I just finished writing the final part of my anti-anti-rootkit series, where I do a slight twist on the .data ptr hijacking IPC method, to create a "threadless" rootkit, concluding the trilogy :) Enjoy. https://t.co/GJzKqI6xDj

It doesnt have to be RISC-V :) Wrote a little MIPS I VM (based on a playstation emulator I started writing years ago) that can execute MIPS compiled modules without the need for allocating additional executable memory

WatchMojo Presents: Top 5 APT 🤡 Moments of 2024 All that effort for initial access just to use sam save and vssadmin 💀 https://t.co/MUjrfybw5O

The (Anti-)EDR Compendium EDR functionality and bypasses in 2024, with focus on undetected shellcode loader. https://t.co/5na8KcjqbV

Yesterday I finally finished part II of my anti rootkit evasion series, where I showcase some detections for driver "stomping", attack flawed implementations of my anti-rootkit, hide system threads via the PspCidTable and detect that as well. Enjoy! https://t.co/kxo34cIX4N

Top 1% red teamer POV

How many of you are down the bottom?💀

POV: You pushed C-00000291*.sys on Friday and see a meeting with HR and Legal on Monday

CrowdStrike legal team are gonna be pulling out all the tricks to dodge the incoming lawsuits

Great talk about MacOS logic bugs by my friend Max!

#Maldev - Packer Development is going strong in a #workshop at #x33fcon being taught by @ShitSecure and @eversinc33 - #redteam #blueteam

Just got linked this really awesome blog by @_vanvleet about Detection Data Models. This should be a valuable read for my Detection Engineering friends out there: https://t.co/l1GNHryHNo