S4ntiagoP Profile
S4ntiagoP

@s4ntiago_p

Followers
3K
Following
786
Media
1
Statuses
152

Infosecing at @MDSecLabs, ex @CoreSecurity CVEs: -1

Joined November 2021
Don't wanna be here? Send us removal request.
@s4ntiago_p
S4ntiagoP
10 months
As usual, always test on a controlled environment first. Running powershell "inthread" twice will unfortunately result in a crash due to the thread name being set twice.- -
0
0
6
@s4ntiago_p
S4ntiagoP
10 months
The change is pretty simple but I still think it's interesting. Available under --inthread, obviously not compatible with --timeout so be careful what you run.
1
0
4
@s4ntiago_p
S4ntiagoP
10 months
After a bit of trickery (inline-assembly and stack pivoting), No-Consolation can now run a PE within the main thread, meaning no new threads are created.
6
53
205
@s4ntiago_p
S4ntiagoP
1 year
This is still a bit experimental so use with caution, DLLs that use the Thread Local Storage are not supported. Have fun!.
0
0
1
@s4ntiago_p
S4ntiagoP
1 year
Running mimikatz with --load-all-dependencies results in more than 250 (!) DLLs being custom loaded. Everything is offloaded automatically once execution is over.
1
0
4
@s4ntiago_p
S4ntiagoP
1 year
With NoConsolation you can now custom load all the dependencies from the PE you are going to execute, ensuring no image load events!.
2
79
257
@s4ntiago_p
S4ntiagoP
1 year
Many thanks to @_batsec_ for his work on DarkLoadLibrary! This feature would not exist without it.
0
0
4
@s4ntiago_p
S4ntiagoP
1 year
🔥 Finally added support for linking the PE to the PEB on NoConsolation (under --link-to-peb).I also included some fixes and QoL improvements :^).
3
29
143
@s4ntiago_p
S4ntiagoP
1 year
It basically boils down to registering the PE's exception directory on the inverted function table list, using a custom implementation of ntdll!RtlpInsertInvertedFunctionTableEntry.
0
0
2
@s4ntiago_p
S4ntiagoP
1 year
Just added support for C++ exceptions to No-Consolation, it is still experimental but has been interesting playing with it so far.
3
3
21
@s4ntiago_p
S4ntiagoP
1 year
Got some free time and added a requested feature to NoConsolation. Now binaries are automatically encrypted and stored in memory, so they don't need to be sent each time. Have fun!.
3
17
79
@s4ntiago_p
S4ntiagoP
2 years
Many thanks to @Octoberfest73 for the original research. Direct link to the tool, named No-Consolation:.
0
16
55
@s4ntiago_p
S4ntiagoP
2 years
🔥 New blogpost 🔥.Running PEs inline without a console. You now can, for example, run PowerShell in CobaltStrike and obtain its output without spawning any process (including conhost.exe).
14
176
451
@s4ntiago_p
S4ntiagoP
2 years
RT @icyguider: I just got fired from my job today without warning. 😬 Really crazy. Anyway. If anyone is looking for a pentester, red team….
0
89
0
@s4ntiago_p
S4ntiagoP
2 years
RT @C5pider: The Havoc Framework 0.6 Hierophant Green. - stack duplication.- refactored/rewrote indirect syscalls.- proxy library loading.-….
0
79
0
@s4ntiago_p
S4ntiagoP
2 years
RT @BlueSpaceSec: Ya mandaste tu charla para el #BlueSpace2023 de esta @ekoparty? A qué estás esperando? Dejanos tu propuesta de charla, mi….
0
10
0
@s4ntiago_p
S4ntiagoP
2 years
Added support for the clang compiler to nanodump. For those doing compile time obfuscation 🙂.
0
12
34
@s4ntiago_p
S4ntiagoP
2 years
Needless to say, all the credit goes to @itm4n for this incredible work and research.
0
0
5
@s4ntiago_p
S4ntiagoP
2 years
Also, several improvements where made to the SSP module, which should be a lot easier to use now.
1
0
7
@s4ntiago_p
S4ntiagoP
2 years
🔥 Big update!.Nanodump now supports the PPLMedic exploit!.meaning you can dump LSASS on an up-to-date system with PPL enabled 😃.
2
211
578