DiffRays v2.0 is live Smart diff w/ custom scoring, mnemonics for better diff results. https://t.co/U6RzM3XcXk PR Credit: @gh0stbyt3 [1/2]

My new blog describes a vulnerability in Windows that allows a low privileged user or guest to remotely crash the Spooler service in Windows by one simple call. https://t.co/fiQVib9k6C

Teaming with @gh0stbyt3, we built DiffRays for headless IDA (@HexRaysSA) decompilation. It stores decompiled code in a SQLite DB and provides a Web UI for diffing between the stored functions. Built for vuln research. https://t.co/U6RzM3XcXk #pwnfuzz

It's been almost a year since my last blog... So, here is a new one: Extending AD CS attack surface to the cloud with Intune certificates. Also includes ESC1 over Intune (in some cases). https://t.co/Dm1x9ORW7Q Oh, and a new tool for SCEP:

Good Morning! Just published a blog post diving into Windows Kernel LFH exploitation in the latest Windows 24h2 build, Focusing on controlled allocations to achieve arbitrary read/write in the kernel. https://t.co/ZAGDKCNZOp

Today MSRC fixed two vulnerabilities I reported a couple months ago. EoP in Windows Update service (affects only windows 11/10 with at least 2 drives) https://t.co/YnCsk1934F EoP in Microsoft PC Manager https://t.co/ssudyvpgDS PoC for CVE-2025-48799: https://t.co/brRVf18DnY

Good morning! Just published a blog post diving into Windows Kernel Pool internals: basics, memory allocation functions, internal structures, and how Segment Heap, LFH, and VS work. https://t.co/2KlYba9gxc

Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native shellcode using this one weird trick -- exploiting the V8 engine of a vulnerable trusted application. https://t.co/ykJv0sePN9

New blogpost! Want to see how we exploited @Synology network-attached-storage devices at Pwn2Own Ireland? RCE to root via out-of-bounds NULL-byte writes, click the embed for a fun little writeup of CVE-2024-10442 🔎🎉 https://t.co/VOhC5NSCat

I made this tool that checks if drivers from https://t.co/QABNdVCnBU are blocked by HVCI. It helps identify vulnerable drivers not blocked by Windows Hypervisor Code Integrity policy to find suitable BYOVD candidates. Tool: https://t.co/57NDRuKiby #BYOVD #HVCI #Cybersecurity

Hey there, Finally published the article on the exploit for CVE-2025-21333-POC exploit. Here the link to the article:

Today I’m sharing a blog post on the implementation of kernel mode shadow stacks on Windows! This post covers actively debugging the Secure Kernel and also outlines why VTL 1 is relied on to help maintain the integrity of the supervisor shadow stacks!

0x0 - Windows Driver 101 - https://t.co/QQBRbTnwQP 0x1 - Setup & Reversing - https://t.co/eeONmyJAUj 0x2 - SMEP & kASLR & VBS - https://t.co/gCeVED3kpO 0x3 - VBS & HVCI - https://t.co/434waY8CxS #windows #cybersecurity #kernel #redteam

I’ve been diving into Windows Internals and Kernel Exploitation, and I’m excited to share my notes through a new series of blog posts (since it’s been a while). The first four parts are now live, covering some of the basic concepts and exploitation techniques.

Oh, so you track ransomware tools? OK, name every one. Me:

Learn advanced analysis techniques 🔥🚀 from real-world malware and harness this knowledge to craft your own malware ⚔🦠 understanding attacker strategies. Empower yourself with both defensive and offensive cybersecurity skills in this immersive workshop led by world-renowned

Those bad boys got new guns: - ADCS ESC12 & 13 and ESC8 from WSUS poisoning - SCCM takeover from passive server - AD Miner and SOAPHound - LDAP pass back - PXE boot attacks - Creds from third-party softs ... https://t.co/Q3YeRqPDnc https://t.co/mq25kTec2V https://t.co/Ey8wayKWUz

Modern implant design: position independent malware development. A small blog post on how to design "modern" malware with features like global variables, raw strings, and compile-time hashing. https://t.co/Drz7kcVhyK Repo:

October giveaway - We are giving away 2 seats for our latest "AD CS Attacks" Lab. Please follow @AlteredSecurity, Reply and Repost to participate. Two random winners will be announced on 19th October 2023. https://t.co/OpanHXNU9o #CESP #RedTeam

Congratulations to @0xw0lf for clearing our Certified Azure Red Team Professional exam! #AzADLab #CARTP #AlteredSecurity cc @nikhil_mitt https://t.co/TkqD92HcJP https://t.co/Afk4v08wrI