Introducing Telemetry Sourcerer, a tool to enumerate and disable kernel-mode callbacks, inline user-mode hooks, and ETW sessions used by AV/EDR on Windows. Thank you to @gentilkiwi, @fdiskyou, and @0x00dtm for their previous work this project builds on.
github.com/jthuraisamy/Telem…
Just posted my article called "Code Signing on a Budget" which shows how easy it is to find/abuse legitimate code signing certificates. Using this, I found a valid code signing certificate belonging to a leading tech company and disclosed it to them. jackson-t.ca/certificate-the…
Here's an implementation of a persistence technique found in Vault 7 that stores data in NVRAM variables. Data can survive OS re-imaging and cannot be enumerated with OS-level APIs. Requires admin.
gist.github.com/jthuraisamy/…
Taking GitHub's CodeQL (formerly Semmle) for a spin with the VS Code extension and workspace. So far, so good with easy installation, digestible documentation, and a CTF tutorial.
Docs: help.semmle.com/codeql/index…
CTF: securitylab.github.com/ctf/j…