RWXstoned
@RWXstoned
Followers
216
Following
159
Media
5
Statuses
107
RT @IceSolst: Iranians have dropped a nuke on the UK gov: Advanced censorship bypass tech, from the experts, OSS and on both desktop and mo….
0
3K
0
A helper function to log debug strings at runtime in your UDRL and hopefully make the whole process a bit easier. To use with the CobaltStrike UDRL-VS.
rwxstoned.github.io
a simple addition to the UDRL-VS framework to enable the logging of debug strings in your loader at runtime
0
15
33
Seems like an interesting talk!😬.
Code injection getting tougher? @rwxstoned is at #x33fcon to unveil how to abuse Windows DLL loading complexities for stealthy execution! Learn new API proxying and remote injection techniques using only read/write ops. This is a must for #RedTeam pros seeking evasion. Learn
0
1
8
RT @durov: A Western European government (guess which 🥖) approached Telegram asking us to silence conservative voices in Romania ahead of t….
0
10K
0
If you want to hire a disgruntled Crowdstrike employee to learn all about their secret sauce, now is your time.
0
0
7
Can't believe @Google bought the duckduckgo[.]fr domain to make it redirect to Google. @DuckDuckGo.
0
0
1
Which library you choose for your CobaltStrike beacon can have significant OPSEC impact if you're counting on BeaconGate to hide your Internet calls since it only does so for wininet (InternetConnectA and InternetOpenA).
2
7
98
Maybe a big shift in this field: no more "we vehemently deny such baseless accusations" from state-sponsored hacking?.
UPDATE: The NSA has officially responded to the blog post and did not deny the allegations China made. Big thanks to @WashTimes and @LovelaceRyanD .
0
0
0
If you thought your callstack spoofing was good enough, you need to recompile your Hunt-Sleeping-Beacon!
0
2
26
Looking into a dearly loved browser to find out how it blocks RWX execution, pretty much like and EDR:.
rwxstoned.github.io
reviewing an EDR-like mechanism implemented by a popular browser
1
3
8
If you're a a pentester or red teamer, Xmas holydays have been cancelled.
Awesome presentation. To help discover WorstFit style issues in the wild, I've just updated ActiveScan++ with unicode-normalisation detection. Enjoy!
0
0
4
European bureaucracy at its best.
After thousands of dollars spent and weeks of my personal time, my Schengen entry visa application was denied again, fourth or fifth time in last 6 years. Which means that I won't go to CCC'24 where my technical talk was scheduled. I give up on Europe. All of my cutting edge.
0
0
1
New Red Team script: find out where and how to hide your implants with good opsec. Are there RWX pages? Does the process already have winhttp or wininet loaded? Is it signed ?.
rwxstoned.github.io
a situational awareness Python script to help you find where to put your beacons
2
48
174