I like making computers misbehave. Does stuff at specterops.io/.

Joined January 2011
Lee Christensen retweeted
Dear politicians/political influencers: When you tweet about my father’s birthday, remember that he was resolute about eradicating racism, poverty & militarism. Encourage & enact policies that reflect your birthday sentiments. Here’s the authentic #MLK:
NBC News
423
21,710
46,499
14,757,236
Lee Christensen retweeted
Having discovered various issues with Windows mini-filter drivers lately I found public information about how to analyze such drivers for security issues somewhat lacking. Therefore today I've put out a blog post to try and fix that glitch :-) googleprojectzero.blogspot.c…
4
238
477
Lee Christensen retweeted
We've noted our findings after a couple of years auditing #Windows #Defender Attack Surface Reduction events. Hopefully it will help anyone considering block mode. Being able to use the credential stealing/lsass rule was the surprise for me. medium.com/palantir/microsof…
12
143
323
Lee Christensen retweeted
A big part of engineering security features is addressing performance impact Great post by @JosephBialek showing the work he did to improve memset performance to offset the impact of uninitialized use vulnerability mitigations :)
I've published a blog post on improving the Windows AMD64 memset implementation: msrc-blog.microsoft.com/2021… cc @trav_downs
1
17
41
Lee Christensen retweeted
💥😱 @tiraniddo added "named pipe RPC client transport" to NtObjectManager 🔥 Thank you very much James for all your work 👏! I'll create PS scripts to cover a few scenarios 🍻 (Img 4) If anyone would like to help me, let me know 😉 @OTR_Community github.com/Cyb3rWard0g/WinRp…
2
52
151
Lee Christensen retweeted
Today our #Ghidra team pushed a preview debugger on @GitHub. #Developers and testers, check out this long awaited feature: github.com/NationalSecurityA…
51
404
1,113
Lee Christensen retweeted
Built some automation to help with dumping cookies using Chromium's remote debugger. This technique works against Chromium browsers (Google Chrome, Microsoft Edge, etc.) on any OS! I dig into how the technique works and present my implementation posts.specterops.io/hands-in…
6
78
186
Show this thread
Lee Christensen retweeted
During @jaredcatkinson's SO-CON talk - "Rethinking Detection Engineering: False Positives are Bad, False Negatives are Worse" I demoed an automation detection pipeline using @ProjectJupyter Notebooks. You can find the code I used in the project below: github.com/jsecurity101/Auto…
1
11
40
Show this thread
Lee Christensen retweeted
Finally got around to releasing an updated version of NtObjectManager on the PS Gallery (and an update to NtApiDotNet on nuget). Too many things to list in the update, but one is you can now run a debug output monitor using Start-Win32DebugConsole. powershellgallery.com/packag…
0
35
100