50% Hack, 50% Slack @FSecure_Consult Tweets my own.

Joined November 2010
One more for the collection - added a Syscalls process dump BOF to the repo. Effectively a port of @OutflankNL's awesome Dumpert. github.com/ajpc500/BOFs/tree…
1
41
83
Alfie Champion retweeted
github.com/sbousseaden/macOS… set to public, pls feel free to contribute, some few examples:
similar to the EVTX-ATT&CK repo, working on a execution logs dataset (JSON) for basic and common macOS TTPs repo, 36 examples so far, once I reach 50 examples will set it to public.
1
44
119
Nice. Super simple to combine Nim DLLs with sRDI for shellcode injection🐚
2
23
99
Well damn, @nojonesuk and I have been accepted to speak at #RSAC this year! 🎉
2
2
18
Thanks for the mention @armitagehacker! 😃
Pushing back on userland hooks with Cobalt Strike blog.cobaltstrike.com/2021/0…
0
0
5
Alfie Champion retweeted
Just released a new @OutflankNL Cobalt Strike BOF project which uses direct system calls to enumerate processes for specific loaded modules or process handles. E.g. to find open handles to LSASS or processes with CLR loaded for execute-assembly spawnto. github.com/outflanknl/FindOb…
2
111
229
Alfie Champion retweeted
I wrote a blog & proof of concept for a Beacon Object File that performs remote process injection via thread hijacking instead of spawning a new thread. This was a lot of fun & I’m glad operators who leverage Cobalt Strike can now run in-memory C tools!! connormcgarr.github.io/threa…
4
154
346
Show this thread