Just open-sourced my Rust-based Mythic agent. Huge thanks to MalDev Academy and Smukx.E for the inspiration (and some solid code)! 🚀🦀 github.com/PatchRequest/K…

Wrote a Windows kernel driver in Rust to read and write memory on request from a userland program, was pretty fun. I can recommend the Rust kernel Series from flux fluxsec.red

Just added screenshot capability to my Mythic agent. It captures the screen using GDI (BitBlt into a bitmap), extracts raw pixels with GetDIBits, and encodes them as PNG. Anyone know a good method to take screenshots that aren't monitored by EDRs? #maldev github.com/PatchRequest/K…

Cleaned up a lot of the com stuff and now I use a minifilter communication port with custom structs to send userland telemetry about: - OB callbacks (handle operations) - Process/Thread notify routines - Minifilter I/O events (create, read, write) github.com/PatchRequest/O…

Started detecting remote thread creation, pretty cool if you ask me :) At first I was confused until I realized my notify routine runs in the process context of the invoker, then it was pretty easy to detect github.com/PatchRequest/O…

Second detection: when somebody requests a handle to my protected process, I can react to it. github.com/PatchRequest/O…

I think scoring applications based on ProcAge, ExeAge, and their behavior is a valid approach to determine whether it’s just Task Manager requesting a handle for the billionth time or a Python CreateRemoteThread PoC github.com/PatchRequest/O…

Injecting a DLL into every process and overwriting WinAPI functions can easily go wrong. My anti-cheat crashed the PC with the pop-ups :) Is this technique a thing for anti-cheats? I mainly know it from EDR and AV github.com/PatchRequest/O…

Sneak Peek of what’s coming October 1st Be ready | millions of never-before-seen exposed files will become searchable cerast-intelligence.com

We are live! Search our database of over 8 million potentially exposed files by domain 🔍 Explore now: cerast-intelligence.com

Vibe Coding with AI was the best ever for Bug Bounty. The DevOps is so bad that I love it. While generating tokens, it somehow generates infosec jobs too Find more at: cerast-intelligence.com

Still learning and pushing my anticheat forward. Implemented disk vs memory integrity checks to detect module tampering. Starting with the .text section simple but the most important one.

I wanted to consume some ETW providers, but it turned out I needed to be a PPL. So thats a side quest I worked on for now. Not sure how useful this is for protecting the game, but the protection for my own usermode part should be useful for the anti-cheat github.com/PatchRequest/P…

Basic, but I guess effective enough to catch some script kiddies. I added a blacklist of words that should not appear in any running process. I think some cheaters actually get caught in the wild by this lol github.com/PatchRequest/P…

Just implemented self-deletion in my Mythic agent while the process keeps running smoothly. Big thanks to MalDev Academy for the inspiration 🔥 github.com/PatchRequest/K…

Just added self-clone to my Mythic agent: spawn new proc + spoofed PPID while original stays alive and running as backup github.com/PatchRequest/K…

Continued working on my proof-of-concept anticheat. These are the events visible to an anticheat when you use default DLL injection; pretty obvious, I'd say :) github.com/PatchRequest/P…