Dad, Researcher, and infosec psudo-specialist, posts and thoughts are my own. He/Him

Australia
Joined October 2018
Just before I try this "parenthood" thing, I've open sourced my Event Tracing for Windows research tooling. If you're interested in ETW or WPP you might find this project useful: github.com/pathtofile/Sealig… Thanks for the ideas: @jdu2600 @zacbrown @mattifestation @Cyb3rWard0g
1
37
90
Thanks to @silascutler for doing the scan! As the blog shows, different types of analysis and fingerprinting can yield different results for different systems, so it’s important to analyse things from multiple angles
0
0
2
Show this thread
The new UAC Provider I cover in the blog looks hella interesting, possibly useful to find more of those auto-elevating COM Object bugs @axagarampur keeps finding
0
0
1
pat_h/to/file retweeted
I’ve written up a quick example of how to use krabsetw to consume WPP events. Thanks @mattifestation for sharing your WPP knowledge, @pathtofile for suggesting the approach, and @MSwannMSFT for the krabsetw community. github.com/microsoft/krabset…
1
9
16
Thabks @BSidesCbr, talking was Hella Dope! Here's my tool to safely and easily run python code in Docker that I spoke about: dockenv.readthedocs.io #BSidesCbr19
3
2
7
Thanks buds, all: slides are now here: github.com/pathtofile/bsides…
0
0
0