With some guidance from @DebugPrivilege I've found a way to easily dump clear text implants even while they sleep. Bad day for sleep obfuscation 💤.

RT @DebugPrivilege: Ever tried VSS tracing? I’ve been using it to troubleshoot Volume Shadow Copy issues. It’s super useful but not widely….

RT @Octoberfest73: Really cool work in this blog. My answer to the Time Travel Debugging problem attached. Using timers (Ekko) for sleep, a….

This evening @DebugPrivilege walked me through some case studies from the WinDBG section of his debugging fundamentals repo. Defiantly check it out and bookmark it! .

How it feels opening IDA

RT @eversinc33: I just finished writing the final part of my anti-anti-rootkit series, where I do a slight twist on the .data ptr hijacking….

RT @eversinc33: It doesnt have to be RISC-V :) Wrote a little MIPS I VM (based on a playstation emulator I started writing years ago) that….

WatchMojo Presents: Top 5 APT 🤡 Moments of 2024. All that effort for initial access just to use sam save and vssadmin 💀.

RT @S0ufi4n3: The (Anti-)EDR Compendium.EDR functionality and bypasses in 2024, with focus on undetected shellcode loader. .

RT @eversinc33: Yesterday I finally finished part II of my anti rootkit evasion series, where I showcase some detections for driver "stompi….

Top 1% red teamer POV.

How many of you are down the bottom?💀

Havoc potentially implementing a marketplace! Massive opertunities for indipendant maldevs incoming?👀.

Really cool write-up about North Korean actors abusing malicious NPM packages by my friend @0xpoppaea .

POV: You pushed C-00000291*.sys on Friday and see a meeting with HR and Legal on Monday

CrowdStrike legal team are gonna be pulling out all the tricks to dodge the incoming lawsuits

Great talk about MacOS logic bugs by my friend Max!.

RT @x33fcon: #Maldev - Packer Development is going strong in a #workshop at #x33fcon being taught by @ShitSecure and @eversinc33 - #redteam….

Just got linked this really awesome blog by @_vanvleet about Detection Data Models. This should be a valuable read for my Detection Engineering friends out there:.

@eversinc33 @C5pider Side note: Unlike Trevor, 5pider is actually a very pretty boy in real life fr 😳.