Infosec things

Joined June 2018
Great post+video from @armitagehacker on implementing direct syscalls. Ever since @Jackson_T released SysWhispers it has become incredibly easy to implement in offensive tooling, raising the bar for defenders significantly. Stoked to have my blog post featured, glad it's of use!
Pushing back on userland hooks with Cobalt Strike blog.cobaltstrike.com/2021/0…
0
1
9
brsn retweeted
I am proud to release VDM (Vulnerable Driver Manipulation). A library that uses any driver that exposes a physical memory read and write primitive to leverage kernel execution. @namazso github.com/namazso/physmem_d… githacks.org/xerox/vdm
7
178
449
Show this thread
Introducing Telemetry Sourcerer, a tool to enumerate and disable kernel-mode callbacks, inline user-mode hooks, and ETW sessions used by AV/EDR on Windows. Thank you to @gentilkiwi, @fdiskyou, and @0x00dtm for their previous work this project builds on. github.com/jthuraisamy/Telem…
10
316
602
Show this thread
'Removing Kernel Callbacks Using Signed Drivers' - I just released a write-up and tool to blind all EDRs on a system. Many thanks to @matterpreter @gentilkiwi @Jackson_T @SpecterOps @FuzzySec for previous excellent work. Writeup at br-sn.github.io/Removing-Ker…
11
327
592
PoC using signed vulnerable driver to remove process creation callbacks to blind all EDRs on the system. Building on great work by @gentilkiwi @mattifestation @_xpn_ @Jackson_T @Kharosx0 @SpecterOps @FuzzySec Writeup and sample code tomorrow.
9
249
666
We are thrilled to welcome Pavel Yosifovich, the co-author of Windows Internals 7th edition to our team! We will be launching his first course "Windows Process Injection Fundamentals for Red-Blue Teams" next week on PentesterAcademy! Super excited! cc: @zodiacon
23
98
498
Calculate http.favicon.hash for Shodan: ----------- import mmh3 import requests response = requests.get('https://website/favicon.ico') favicon = response.content.encode('base64') hash = mmh3.hash(favicon) print hash ----------- @shodanhq #bugbountytips
2
29
49