Wrote a short blog post about implementing stealthy keylogging in the kernel with gafAsyncKeyState, inspired by chompie's & b33f | 🇺🇦✊'s blackhat talk eversinc33.com/posts/kernel-m…

first time I post here : ) quick research and overview of WFP, aimed at understanding the underlying callout mechanism to enumerate all registered callouts on the system , as well as some general ideas / approaches for silencing callouts github.com/0mWindyBug/WFP…

If you are facing an EDR with PEB protection/obf which makes Ldr inaccessible & want to inject shellcode, just pass the VA of LoadLibrary (which is consistent across processes) to the shellcode via egg-hunting from your injector, enabling lib resolution without touching the PEB

AllExtendedRights and WriteAccRestrictions on a Unix system joined to the domain (netgear nas). No ssh open. Any ideas how this can be exploited to gain code exec?

Cool trick I learned from Grzegorz Tworek today: you can look up windows error codes, even in the -DEC form instead of hex, via certutil 🤯 Dont know if this was common knowledge but I used to convert it to hex and google it everytime

If you had told me 3 years ago, when I got my first IT job, that I would be doing a workshop at /ˈziːf-kɒn/, I wouldnt have believed you. It was a pleasure to meet new friends and talk to some of my idols in person. Dziękuję dorota & do następnego razu 🏴‍☠️ It was a wonderful time.

Sunday R&D thoughts, we built a model where all our red team members have R&D time and a dedicated research team. Often, the red teamers kick over PoCs from gigs for future development to the research team to turn into more robust projects, continue to take on the project

Is there a tool/website for identifying windows structs when reverse engineering? E.g., I know that the struct im analysing contains the PID at offset XYZ, thus I want it to list all structures that contain a parameter called ProcessId at offset XYZ, to narrow my search