Archie (@archie_1997) 's Twitter Profile
Archie

@archie_1997

A teen with an aspiration for computers, likes to code in C / C++ every once in a while.

ID: 1450526016326275075

calendar_today19-10-2021 18:15:32

67 Tweet

384 Followers

78 Following

Enderman (@endermanch) 's Twitter Profile Photo

The Anti-AntiAdblocker uBlock Origin filter to get rid of the annoying YouTube message. It turns off the JavaScript anti-adblock payload: go.enderman.ch/cKoci

The Anti-AntiAdblocker uBlock Origin filter to get rid of the annoying YouTube message. It turns off the JavaScript anti-adblock payload:
go.enderman.ch/cKoci
Archie (@archie_1997) 's Twitter Profile Photo

so apparently it's possible to delete files that are in-use in Windows - nuking the entire C:\Windows folder was a bad idea😅 i wonder what happens if this runs during the windows setup🤔 Enderman

Archie (@archie_1997) 's Twitter Profile Photo

#HoloCure modding has made a lot of advances in 2023, and it's now possible to mod the official YYC versions. Most of the currently worked-on projects are listed in this Reddit thread on the official subreddit: reddit.com/r/holocure/s/S… 2024 will hopefully bring even more mods.

Enderman (@endermanch) 's Twitter Profile Photo

Ever wondered how those custom loaders work? They're native user-mode applications running under SMSS — «BootExecute applications». That's the earliest stage a user-mode application can be invoked in, right before winlogon.

Ever wondered how those custom loaders work?

They're native user-mode applications running under SMSS — «BootExecute applications». That's the earliest stage a user-mode application can be invoked in, right before winlogon.
Archie (@archie_1997) 's Twitter Profile Photo

yooo why vgk.sys tryna query KVM clocks, I ain't even running the riot client 😭😭😭 #valorant #vanguard

yooo why vgk.sys tryna query KVM clocks, I ain't even running the riot client 😭😭😭
#valorant #vanguard
Virtually Fun (@virtuallyfun) 's Twitter Profile Photo

Is it me or does it look like the crowdstrike driver is loading arbitrary binary files into kernel space and executing them?? Is csagent bypassing all security of the kernel?? The faulty file is all 00s!!

Is it me or does it look like the crowdstrike driver is loading arbitrary binary files into kernel space and executing them?? Is csagent bypassing all security of the kernel?? The faulty file is all 00s!!
Archie (@archie_1997) 's Twitter Profile Photo

ETW is an incredibly powerful tool in the wrong hands. Just finished writing about how it allows drivers to hook context switches on Windows 11 24H2 while remaining PatchGuard and HVCI compatible: archie-osu.github.io/etw/hooking/20…

Archie (@archie_1997) 's Twitter Profile Photo

Dug into Riot Vanguard's kernel driver's dispatch table hooks. The article took an unexpected turn half way through, as I found some not yet documented stuff, such as the complete list of system calls hooked by the driver. Article link: archie-osu.github.io/2025/04/11/van…

Archie (@archie_1997) 's Twitter Profile Photo

Getting code execution in a process that cannot be located using traditional kernel APIs and is untouchable from usermode? All while staying PatchGuard-friendly? Sign me up: archie-osu.github.io/2025/04/13/pow…

winterknife 🌻 (@_winterknife_) 's Twitter Profile Photo

Wintel is coming for your SMEP bypasses! No more flipping the U/S bit in a PTE to mark a user-mode page as supervisor-mode on Intel Arrow Lake CPUs :) (note: this is meant for protection against speculative attacks, with the side effect of becoming SMEP 2.0)

Wintel is coming for your SMEP bypasses!
No more flipping the U/S bit in a PTE to mark a user-mode page as supervisor-mode on Intel Arrow Lake CPUs :)
(note: this is meant for protection against speculative attacks, with the side effect of becoming SMEP 2.0)