How to use Trend Micro's Rootkit Remover to Install a Rootkit, including a fun bonus discovery that Trend Micro is cheating WHQL certification. cc Microsoft Security d4stiny.github.io/How-to-use-Tre…

I'm excited to share this project, C++ STL in the Windows Kernel with C++ Exception Support: github.com/jxy-s/stlkrn The project uses MSVC C++ STL in a Windows Kernel Driver - jxystl implements MSVC functionality and STL wrappers to make it Windows Kernel friendly. Check it out!

David Weston (DWIZZZLE) Yarden Shafir The driver doesn't have "arbitrary kernel RW" functionality, you can verify our source code... The bigger issue here is Microsoft Security and David Weston (DWIZZZLE) secretly banning a competitors product using a false pretext which is a federal crime.

Microsoft no longer signs Windows drivers for Process Hacker : borncity.com/win/2021/10/23…

A targeted attempt on security researchers has been happening. dnspy[dot]net has been registered and is serving a trojanized dnSpy binary (file: dnSpy.dll) Third rate trojan, caught by Microsoft Defender. Download links have been removed. Stay safe out there. Download from GitHub

Alex Ionescu David Weston (DWIZZZLE) And then we have Steven G that's trying its best to be complaint and MS bans them without any reason or help to solve the issues :(

New features for Steven G - many others I can't cover here. Some highlights: Fiber, Stack usage, CPU breakdown, Priority boost for process thread columns. Bound connections for network tab. Check out the latest nightly!

This. Or if you want to skip the RE: go read the Steven G source code and learn all the cool things that happen behind the scenes. It’s one of the best sources of public Windows Internals documentation!

I am ecstatic to announce that Winsider Seminars & Solutions, Inc. (the training company that Yarden Shafir and I co-own) has finalized the transfer of the venerable Process Hacker project into a new System Informer project (github.com/winsiderss/sys…). We are still migrating.. 1/2

And the driver finally runs together with HVCI 😍

In more System Informer news, Johnny Shaw and Alex Ionescu did amazing work mapping process connections over ALPC ports

Malware Analysis Tip - Use Process Hacker to watch for suspicious .NET assemblies in newly spawned processes. Combined with DnSpy - it's possible to locate and extract malicious payloads without needing to manually de-obfuscate. 1/ #Malware #dnspy #analysis #RE

The new Token Universe v0.5 can view and edit security descriptors on 30 types of securable objects. 🔥 It also knows how to handle complex ACLs with compound and callback ACEs, mandatory and trust labels, and more. Enjoy experimenting! github.com/diversenok/Tok…

Microsoft finally updates documentation after 20 years @MSFTCopilot

So I made a thing ☺️ Converted #phnt (Native API header files from the System Informer project) to #IDA TIL, IDC. To import "phnt" types and function definitions to IDA and help with Reverse Engineering. Hex-Rays SA Duncan Ogilvie 🍍 Introducing #IDA_PHNT_TYPES: github.com/Dump-GUY/IDA_P…

Changes to cycle accounting in 24H2 ARM64: PMCCNTR_EL0 removed, multiple new branches in the accounting path, and feature flags gating idle thread changes. Working on updates to System Informer cycle-based usage on ARM64 and the blog post. winsiderss.github.io/si-blog/2023/0…

As promised, I've updated the blog post with details and System Informer has received a patch to account for these changes in 24H2: winsiderss.github.io/si-blog/2023/0…

Better socket handle visibility coming soon to System Informer 🔥 When viewing a process handle table, SI will recognize files under \Device\Afd and retrieve information about their state, protocol, addresses, and more. Also works on Bluetooth and Hyper-V sockets 🤩

My new blog post 🥳 Improving AFD Socket Visibility for Windows Forensics & Troubleshooting It discusses the low-level API under Winsock (IOCTLs on \Device\Afd handles) and explores the workings of the new socket inspection feature in System Informer 🔥 huntandhackett.com/blog/improving…

me when the feds show up asking why ive got 30tb of malware