MetallicHack (@metallichack) 's Twitter Profile
MetallicHack

@metallichack

🇨🇵 Cybersecurity engineer enjoying Windows & AD security, DFIR and detection engineering

@TheDFIRReport analyst

ID: 1323923009879625728

calendar_today04-11-2020 09:45:09

881 Tweet

821 Followers

375 Following

S3cur3Th1sSh1t (@shitsecure) 's Twitter Profile Photo

The Blog post about "Revisiting Cross Session Activation attacks" is now also public. Lateral Movement with code execution in the context of an active session? 😎 Here you go: r-tec.net/r-tec-blog-rev…

vx-underground (@vxunderground) 's Twitter Profile Photo

Black Mass Volume III is available for free as a PDF and for sale as a physical copy on Amazon Locations available: US, UK, DE, FR, ES, IT, NL, PL, SE, JP, CA, AU Subsequent post contains link to US Amazon link. Use your countries Amazon domain to buy the book.

flux (@0xfluxsec) 's Twitter Profile Photo

Introducing: Hells Hollow - Thought rootkit SSDT hooking was dead? Following my previous work, I have managed to essentially reintroduce SSDT hooks, capable of modifying the *original* KTRAP_FRAME and more! Whitepaper: fluxsec.red/hells-hollow-a… #infosec #cybersecurity

Introducing: Hells Hollow - Thought rootkit SSDT hooking was dead? Following my previous work, I have managed to essentially reintroduce SSDT hooks, capable of modifying the *original* KTRAP_FRAME and more!

Whitepaper: fluxsec.red/hells-hollow-a…

#infosec #cybersecurity
ESET Research (@esetresearch) 's Twitter Profile Photo

#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom 🏴‍☠️ Anton Cherepanov welivesecurity.com/en/eset-resear… 1/7

Secure Chicken 🐣 (@securechicken) 's Twitter Profile Photo

We aridjourney Ariel Jungheit at HarfangLab had a look at archives containing weaponized XLS spreadsheets dropping C# and C++ downloaders, likely intended for targets in Ukraine and Poland

Trellix (@trellix) 's Twitter Profile Photo

Think your Linux system is safe from attacks? Think again. Trellix Advanced Research Center uncovered a new technique that uses filenames to bypass traditional defenses. Get the details in our latest blog. bit.ly/45sxajN

Think your Linux system is safe from attacks? Think again. <a href="/TrellixARC/">Trellix Advanced Research Center</a> uncovered a new technique that uses filenames to bypass traditional defenses. Get the details in our latest blog. bit.ly/45sxajN
Trellix Advanced Research Center (@trellixarc) 's Twitter Profile Photo

A new attack on Linux is challenging everything we thought we knew. We found malware hidden not in the content, but in the filename itself. Read the full analysis. bit.ly/45sxajN

A new attack on Linux is challenging everything we thought we knew. We found malware hidden not in the content, but in the filename itself. Read the full analysis. bit.ly/45sxajN
Check Point Research (@_cpresearch_) 's Twitter Profile Photo

🚨 Chasing the Silver Fox: Cat & Mouse in Kernel Shadows CP<r> uncovers: 🦊 Silver Fox APT in the wild 🔓 New vuln driver amsdk.sys 🛡️ EDR/AV evasion via PP/PPL kill ⚔️ Dual-driver trick 🐀 ValleyRAT payload 🚩 Patched driver bypassed w/ 1-byte flip research.checkpoint.com/2025/silver-fo…

Connor McGarr (@33y0re) 's Twitter Profile Photo

I cleaned up the code I have been working on for the last few days into a tool I’m calling “Vtl1Mon”! Vtl1Mon traces VTL 1 enter (“secure call”) operations via ETW and also call stack/symbol enhances the events! github.com/connormcgarr/V…

Connor McGarr (@33y0re) 's Twitter Profile Photo

Today I am releasing a new blog post on VSM "secure calls" + the SkBridge project to manually issue them!! This blog talks about how VTL 0 requests the services of VTL 1 and outlines common secure call patterns!!! Blog: connormcgarr.github.io/secure-calls-a… SkBridge: github.com/connormcgarr/S…

Today I am releasing a new blog post on VSM "secure calls" + the SkBridge project to manually issue them!!

This blog talks about how VTL 0 requests the services of VTL 1 and outlines common secure call patterns!!!

Blog: connormcgarr.github.io/secure-calls-a…

SkBridge: github.com/connormcgarr/S…
Uriel Kosayev (@malfuzzer) 's Twitter Profile Photo

🚀 It’s official — my new book is live on Amazon: MAoS – Malware Analysis on Steroids This book is not like the others. It’s built on years of raw, hands-on research, reverse engineering sessions at 3 AM, and real-world incident response cases. Inside, you’ll find full A–Z

🚀 It’s official — my new book is live on Amazon:
MAoS – Malware Analysis on Steroids

This book is not like the others. It’s built on years of raw, hands-on research, reverse engineering sessions at 3 AM, and real-world incident response cases.

Inside, you’ll find full A–Z
Jonny Johnson (@jsecurity101) 's Twitter Profile Photo

A while back I was curious about the access check that occurs when someone tries to consume from the Threat-Intelligence ETW provider. I decided to write a short blog on the topic. jonny-johnson.medium.com/peeling-back-t…

Elastic Security Labs (@elasticseclabs) 's Twitter Profile Photo

Linux syscall hooks were forever changed with kernel 6.9, check out this article from #ElasticSecurityLabs describing #FlipSwitch– the latest in Linux hooking: go.es.io/4nSrCW3

Prelude Research (@preluderesearch) 's Twitter Profile Photo

This method demonstrates how hardware-level telemetry, coupled with contextual reasoning, can surface malicious activity that signature-based approaches will always miss as malware authors innovate in response. 📃Full write-up → preludesecurity.com/blog/unexpecte…

Synacktiv (@synacktiv) 's Twitter Profile Photo

LinkPro: new stealthy #Linux rootkit based on eBPF - full analysis 🔍️ Our #CSIRT team discovered and named LinkPro, a new Linux rootkit, during an incident response. It exploits eBPF for evasion and persistence. Here are the four key technical points in the image below. 💡 🔗

LinkPro: new stealthy #Linux rootkit based on eBPF - full analysis 🔍️

Our #CSIRT team discovered and named LinkPro, a new Linux rootkit, during an incident response. It exploits eBPF for evasion and persistence.
Here are the four key technical points in the image below. 💡

🔗
dreadnode (@dreadnode) 's Twitter Profile Photo

Can we eliminate the C2 server entirely and create truly autonomous malware? On the Dreadnode blog, Principal Security Researcher Max Harley details how we developed an entirely local, C2-less malware that can autonomously discover and exploit one type of privilege escalation

Can we eliminate the C2 server entirely and create truly autonomous malware?

On the Dreadnode blog, Principal Security Researcher <a href="/0xdab0/">Max Harley</a> details how we developed an entirely local, C2-less malware that can autonomously discover and exploit one type of privilege escalation
Connor McGarr (@33y0re) 's Twitter Profile Photo

Today I am happy to release a new blog post about Pointer Authentication (PAC) on Windows ARM64! This post takes a look at the Windows implementation of PAC in both user-mode and kernel-mode. I must say, I have REALLY been enjoying Windows on ARM!! preludesecurity.com/blog/windows-a…