Just released a post detailing a methodology for analyzing Windows drivers. My goal is to lower the barrier to entry for finding exploitable driver vulnerabilities through static reversing. posts.specterops.io/methodol…
We've noted our findings after a couple of years auditing #Windows#Defender Attack Surface Reduction events.
Hopefully it will help anyone considering block mode.
Being able to use the credential stealing/lsass rule was the surprise for me.
medium.com/palantir/microsof…
Introduction episode coming January 11th, with @jaredcatkinson and @jsecurity101 hosting, and @v3r5ace as producer. This will be available wherever you listen to podcasts. We are all excited to start getting content out to you, drop a follow to keep updated!
Built some automation to help with dumping cookies using Chromium's remote debugger. This technique works against Chromium browsers (Google Chrome, Microsoft Edge, etc.) on any OS! I dig into how the technique works and present my implementation posts.specterops.io/hands-in…
I've created a project that lets you start (almost) any binary as PPL, then used that to run a TI Trace and read events from it - Blog and Code here: blog.tofile.dev/2020/12/16/e…
Hope that makes it easier for everyone to experiment with PPL and the Threat-Intel Provider :-)
Public training offerings have been posted for Red Team Operations, Mac Tradecraft and Vulnerability Research for Operators in March/April.
Sign up here: specterops.io/how-we-help/tr…