open.spotify.com/track/7sVbKoBd…

I'm pleased to announce that I will be giving my talk 'Kernel Games: The ballad of offense & defense' in /ˈziːf-kɒn/ this year, I hope to see you all there 🥳

Update 10 out now!
1.Patchless Threadless Injection Via Hardware Breakpoints

2.Tampered Syscalls

3.Exploiting EDRs for Evasion - Preventing EDR From Taking Action

4.Exploiting EDRs for Evasion - EDR LOLBINs

Update 11 next:
1. Introduction to BoF

2. Writing BoF Files

3. BoF

One of the issues i learned from today that when we write a custom GetProcAddress we will face the a little optimization issue which it's Forwarded Functions

I bypassed Windows Defender !!!

After a long time, the 6th and final part of Lord Of The Ring0 is here: idov31.github.io/posts/lord-of-…
In this part, the focus will be on kernel mode and user mode memory interaction, look into how attaching process work, and writing an AMSI bypass driver

#infosec #CyberSecurity

I will be at Security BSides Prague next week around April 3-4.
The first con I am going to visit 😄

New blogpost and small tool release: Wrote a naive anti-rootkit driver that detects mapped drivers, and talk about some bypasses for those detections in part I of my new (anti-)-anti-rootkit series.

More research on rootkit evasion coming soon : )

eversinc33.com/posts/anti-ant…

first chapter of two, stay tuned 🤠

sillywa.re/posts/flower-d…

really interesting blog post about another way of designing implants and agents. reminds me of metasploit railgun :D
blog post looks promising

Super interesting approach to API interactions

My first ever blog post is out:
medium.com/@sapientflow/f…

Happy for any constructive criticism or anyone that just wants to engage on the topic.

open.spotify.com/track/1mvI5pGo…

We are happy to share a guest blog post by Steve S! Steve is a Marine veteran, graduate student, and offensive security developer. He is currently Associate Staff at Datalytica where he spearheads the development of counter-AI capabilities.protexity.com/post/going-nat…

open.spotify.com/track/09riz9pA…

open.spotify.com/track/2OKo7g3K…

been spending a lot of time looking at macOS security internals recently

found that XPR binaries contain ~75 of apple's spiciest YARA rules looking for malware like SimpleTea and TriangleDB 🥵

as always, binja made the whole process super easy :)

alden.io/posts/secrets-…