Dear politicians/political influencers:
When you tweet about my father’s birthday, remember that he was resolute about eradicating racism, poverty & militarism.
Encourage & enact policies that reflect your birthday sentiments.
Here’s the authentic #MLK:
Having discovered various issues with Windows mini-filter drivers lately I found public information about how to analyze such drivers for security issues somewhat lacking. Therefore today I've put out a blog post to try and fix that glitch :-) googleprojectzero.blogspot.c…
We've noted our findings after a couple of years auditing #Windows#Defender Attack Surface Reduction events.
Hopefully it will help anyone considering block mode.
Being able to use the credential stealing/lsass rule was the surprise for me.
medium.com/palantir/microsof…
A big part of engineering security features is addressing performance impact
Great post by @JosephBialek showing the work he did to improve memset performance to offset the impact of uninitialized use vulnerability mitigations :)
💥😱 @tiraniddo added "named pipe RPC client transport" to NtObjectManager 🔥 Thank you very much James for all your work 👏!
I'll create PS scripts to cover a few scenarios 🍻 (Img 4)
If anyone would like to help me, let me know 😉 @OTR_Communitygithub.com/Cyb3rWard0g/WinRp…
Built some automation to help with dumping cookies using Chromium's remote debugger. This technique works against Chromium browsers (Google Chrome, Microsoft Edge, etc.) on any OS! I dig into how the technique works and present my implementation posts.specterops.io/hands-in…
During @jaredcatkinson's SO-CON talk - "Rethinking Detection Engineering: False Positives are Bad, False Negatives are Worse" I demoed an automation detection pipeline using @ProjectJupyter Notebooks. You can find the code I used in the project below:
github.com/jsecurity101/Auto…
Finally got around to releasing an updated version of NtObjectManager on the PS Gallery (and an update to NtApiDotNet on nuget). Too many things to list in the update, but one is you can now run a debug output monitor using Start-Win32DebugConsole. powershellgallery.com/packag…