Cobalt Strike BOF that utilises AMD's Ryzen Master kernel driver to read and write physical memory. It currently escalates privileges from administrator to SYSTEM. Future goal is to add features such as disabling EDR, disabling ETW TI or dumping LSASS.

Built something super satisfying — truly and tiny position independent code, cross-compiled from any OS to any OS. 😎

Calculating CVSS for this vuln with @chvancooten.

I’ve started the development of a #Nimplant C2 beacon in truly position independent pure C-code. It’s a PoC, highly opsec unsafe, but hopefully it inspires some people and sparks creativity! 👨‍💻.

Getting ready for #NullconGoa2025!

RT @0xBoku: 🔪Open-sourcing 💀StringReaper BOF!.I've had great success in engagements carving credentials out of remote process memory with….

RT @silentwarble: Another one. It's raining PIC shellcode templates around here. Added to PIC-Library:

RT @5mukx: An unexpected journey into Microsoft Defender's signature World:.

RT @netbiosX: EDRPrison - Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry

RT @nullcon: 🛠️ Malware that sleeps, works, and never stays! 😴. Learn how Kong Loader uses sleep masks to make malware invisible in memory….

I will be presenting at @nullcon 2025! 🇮🇳. The hidden ART of rolling shellcode decryption. A dive into a new shellcode loading technique!

RT @AmberWolfSec: Today, AmberWolf released two blog posts and our tool "NachoVPN" to target vulnerabilities in major VPNs, including CVE-2….

Presenting some research at RedTreat today 👀. Pretty excited for all other presentations as well. They’ve been amazing so far!

I've also published the source code & compiled binaries:

My @OrangeCon_nl talk is live!. Elevate your knowledge: From COM Object Fundamentals To UAC Bypasses. A 25-minute crash course covering Tokens, Privileges, UAC, COM, and ultimately bypassing UAC!.

Currently at @OrangeCon_nl meeting old and new friends. A lot of interesting talks and greatly organized. 🚀.

RT @gmhzxy: Defeating HVCI without admin privileges or a kernel driver(csc.sys).

Very happy to be speaking at @OrangeCon_nl 🤩. I feel like the organization puts so much passion into it; this must be and will become a great conference in The Netherlands!

RT @GabrielLandau: Introducing a new Windows vulnerability class: False File Immutability. 👉 Bonus: a kernel exploit to load unsigned driv….

From Theory to Practice: Kernel Heap Spray Exploitation for Privilege Escalation💥. Part two of the blog series by my colleague Alex:

Our @BSidesLondon Ivanti & Pulse Secure VPN kernel exploitation talk is live! The presentation is about shared research of my colleague Alex and me. CVE-2023-38043, CVE-2023-35080 & CVE-2023-38543.