A mountain man with an Internet connection and a professional interest in malware.

Joined May 2019
Cyberpunk 2077 + Christmas = assume I am have disappeared from society until January. 👋
3
0
23
PSA: Speculation does not equal evidence.
2
0
7
Important Update for @PlayStation Users
6,436
5,770
80,909
The Wover retweeted
Winim added support for interacting with .NET & the CLR directly.... it even supports loading assemblies from memory! Straight 🔥 Thanks to 3xpl01tc0d3r for the heads up. Nim + .NET = <3 khchen.github.io/winim/clr.h…
0
24
65
Anyone know why calling NtUnmapViewOfSection to unmap the base image during process hollowing would fail with an NTSTATUS value of (0xC0000019) STATUS_NOT_MAPPED_VIEW? I can see the address I am specifying is definitely correct.
5
1
7
For anyone to watching at home, I still don't know WHY this happened, but using UnmapViewOfFile2 or NtUnmapViewOfSectionEx instead works fine. No change in the data passed, but it unmaps the file. 🤷‍♂️🤦‍♂️
1
0
10
Dis/mis information has reached the point where the Turing test seems satisfied. Not because the bots have become so much smarter at impersonating humans, but because online human discourse has degraded to that of bots. I now ask myself if the humans can pass the test.
0
3
14
Show this thread
The Wover retweeted
My recent contribution to Process Hacker: PH now has "Image Coherency" checks to highlight Herpaderped, Doppelganged, or Hollowed processes. github.com/processhacker/pro…
7
233
705
New Launch - Windows Internals and Systems Programming bootcamps by the amazing @zodiacon This is a set of classes I wish I had when starting out. bootcamps.pentesteracademy.c… bootcamps.pentesteracademy.c…
0
21
95