Wayne
@kprobes
Followers
164
Following
1K
Media
10
Statuses
390
Threat Intelligence - Detection Engineering
Joined June 2011
RT @joehowwolf: New CS Blog - Revisiting the UDRL Part 3: If you like the idea of loading a custom c2 channel in y….
cobaltstrike.com
Learn UDRL's role in runtime masking, including how to track Beacon with BUD and loading an External C2 DLL at the same time as Beacon and mask both DLLs at runtime with Sleepmask-VS.
0
53
0
RT @joehowwolf: New CS blog: Introducing the Mutator Kit - Creating Object File Monstrosities with Sleep Mask and LLVM .
cobaltstrike.com
This blog introduces the mutator kit, which uses an LLVM obfuscator to break in-memory YARA scanning of the sleep mask.
0
47
0
RT @jukelennings: My #BlueHat talk "The new SaaS cyber kill chain" has finally dropped! . If you didn't make it to Seattle last month, chec….
0
5
0
RT @joehowwolf: A new blog from @ptrpieter and me - Cobalt Strike and @OutflankNL Security Tooling: Friends in Evasive Places https://t.co….
cobaltstrike.com
This blog provides an update of the technical strategy of Cobalt Strike and Outflank's OST individually before giving a glimpse into the future of the two combined.
0
20
0
RT @joehowwolf: I wrote a PoC memory scanner for detecting timer-queue timers ala @C5pider 's Ekko sleep obfuscation. Blog here: https://t.….
github.com
Contribute to WithSecureLabs/TickTock development by creating an account on GitHub.
0
86
0
RT @FranticTyping: I'm happy to announce the release of Chainsaw v2! 🥳 . Chainsaw allows users to rapidly search through Windows event logs….
github.com
Rapidly Search and Hunt through Windows Forensic Artefacts - WithSecureLabs/chainsaw
0
240
0
RT @joehowwolf: Ever wanted to make your sketchy sys calls look squeaky clean? I wrote a blog demonstrating a PoC which calls NtOpenProcess….
github.com
A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess) - WithSecureLabs/CallStackSpoofer
0
240
0
RT @AlleinAan: Awesome research on macOS #ESF and some practical examples for threat detection by my colleague Connor .
0
2
0
RT @nullenc0de: I just used for a real IR. 😲 unbelievable! The best IR tool in my tool belt, bar none. Customer….
github.com
Rapidly Search and Hunt through Windows Forensic Artefacts - WithSecureLabs/chainsaw
0
170
0
RT @FSecure_Consult: Join @Lavi161 at @AISA_National as he discusses #UEFI variable runtime manipulation persistence techniques, and detect….
0
5
0
RT @FranticTyping: I'm excited to release a tool that I wrote at @countercept to help triage Windows event logs. Chainsaw is a RUST CLI to….
0
185
0
RT @rookuu_: \o/. Looking forward to presenting this with @_calumhall in August at BlackHat USA 2021. It's going to be a good one! https:/….
0
10
0
RT @AlleinAan: . Write up of some analysis we did off the back of an incident a few months ago. Mapped to @MITREatt….
0
37
0
RT @FSecureLabs: How do we spot the rotten Apples? Join Calum and Luke as they take us through the basics of macOS detection..
0
26
0
RT @joehowwolf: My talk on detecting access token manipulation from last years Black Hat is now up. If you have ever been confused by the b….
0
75
0
RT @FSecureLabs: Oh, you liked them Lazarus Detection Rules? See what happens when Incident Response and Threat Hunting really get along &….
0
31
0
RT @FSecureLabs: We just released our analysis of new technical details related to Lazarus targeting the cryptocurrency vertical (Macros n….
0
48
0