Cobalt Strike BOF that utilises AMD's Ryzen Master kernel driver to read and write physical memory. It currently escalates privileges from administrator to SYSTEM. Future goal is to add features such as disabling EDR, disabling ETW TI or dumping LSASS. https://t.co/vErevstmwd

Back in July, Neeraj Gupta introduced DeepPass2, a smarter secret scanner that finds both API keys/tokens & contextual passwords using BERT + LLM validation. The model & tool code are now live! Model ➡️ https://t.co/dzFnhyHW6J Code ➡️ https://t.co/N2aShS3xYg 🧵: 1/2

🍿My second OrangeCon talk is live! A 25-minute crash course on metamorphic malware. In Memory of In-Memory Detection! https://t.co/mDBE2HRNYS

Exciting times. I'm publishing Dittobytes today after presenting it at @OrangeCon_nl ! Dittobytes is a true metamorphic cross-compiler aimed at evasion. Use Dittobytes to compile your malware. Each compilation produces unique, functional shellcode. https://t.co/761G96JDF1

Built something super satisfying — truly and tiny position independent code, cross-compiled from any OS to any OS. 😎

Calculating CVSS for this vuln with @chvancooten...

I’ve started the development of a #Nimplant C2 beacon in truly position independent pure C-code. It’s a PoC, highly opsec unsafe, but hopefully it inspires some people and sparks creativity! 👨‍💻 https://t.co/3FOl0WOjNX

Getting ready for #NullconGoa2025!

🔪Open-sourcing 💀StringReaper BOF! I've had great success in engagements carving credentials out of remote process memory with this BOF https://t.co/rgQj7PfGS0

Another one. It's raining PIC shellcode templates around here. Added to PIC-Library:

An unexpected journey into Microsoft Defender's signature World: https://t.co/17xtrUXk1A

EDRPrison - Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry

🛠️ Malware that sleeps, works, and never stays! 😴 Learn how Kong Loader uses sleep masks to make malware invisible in memory throughout its execution, offering a new level of stealth and evasion Join @tijme at #NullconGoa2025 👉 https://t.co/pv9DTqfoZI #kongloader #shellcode

I will be presenting at @nullcon 2025! 🇮🇳 The hidden ART of rolling shellcode decryption. A dive into a new shellcode loading technique!

Today, AmberWolf released two blog posts and our tool "NachoVPN" to target vulnerabilities in major VPNs, including CVE-2024-29014 (SonicWall NetExtender SYSTEM RCE) and CVE-2024-5921 (Palo Alto GlobalProtect RCE and Priv Esc), after our SANS HackFest presentation.🧵

Presenting some research at RedTreat today 👀. Pretty excited for all other presentations as well. They’ve been amazing so far!

I've also published the source code & compiled binaries:

My @OrangeCon_nl talk is live! Elevate your knowledge: From COM Object Fundamentals To UAC Bypasses. A 25-minute crash course covering Tokens, Privileges, UAC, COM, and ultimately bypassing UAC! https://t.co/H1VZJdBzTZ

Currently at @OrangeCon_nl meeting old and new friends. A lot of interesting talks and greatly organized. 🚀