Red team guy at @SpecterOps | Aut viam inveniam aut faciam

USA
Joined June 2010
Just released a post detailing a methodology for analyzing Windows drivers. My goal is to lower the barrier to entry for finding exploitable driver vulnerabilities through static reversing. posts.specterops.io/methodol…
1
355
797
Matt Hand retweeted
We've noted our findings after a couple of years auditing #Windows #Defender Attack Surface Reduction events. Hopefully it will help anyone considering block mode. Being able to use the credential stealing/lsass rule was the surprise for me. medium.com/palantir/microsof…
12
143
323
Matt Hand retweeted
Introduction episode coming January 11th, with @jaredcatkinson and @jsecurity101 hosting, and @v3r5ace as producer. This will be available wherever you listen to podcasts. We are all excited to start getting content out to you, drop a follow to keep updated!
2
20
34
Matt Hand retweeted
A very quick note on detecting hooked syscalls ired.team/offensive-security… Thanks to @matterpreter 👊
4
89
251
Matt Hand retweeted
All video and slide content from SO-CON 2020 has been posted to our website. Check them out: specterops.io/so-con2020 Also, YouTube playlist link: invidious.snopyta.org/playlist?list=PL… Thank you again to all of the attendees!
0
124
243
Matt Hand retweeted
Built some automation to help with dumping cookies using Chromium's remote debugger. This technique works against Chromium browsers (Google Chrome, Microsoft Edge, etc.) on any OS! I dig into how the technique works and present my implementation posts.specterops.io/hands-in…
6
78
186
Show this thread
Matt Hand retweeted
I've created a project that lets you start (almost) any binary as PPL, then used that to run a TI Trace and read events from it - Blog and Code here: blog.tofile.dev/2020/12/16/e… Hope that makes it easier for everyone to experiment with PPL and the Threat-Intel Provider :-)
1
7
20
Matt Hand retweeted
Public training offerings have been posted for Red Team Operations, Mac Tradecraft and Vulnerability Research for Operators in March/April. Sign up here: specterops.io/how-we-help/tr…
1
19
68