🧵 In part 4 of the C2 Development Series, we finally look at writing a Stage 0 and 1 Implants. As well as doing this, we go on a bit of an adventure with the history of offence/defence over the past 15~ years. pre.empt.dev/posts/maelstro… 1/2

I listed the lessons I learned from converting a simple malware dropper written in C to x64 assembly. I wrote about specific x64 Windows assembly concepts like "shadow spaces", the Microsoft x64 Calling Convention, and other things. accidentalrebel.com/converting-a-m…

Article 4: The interconnectivity of APT41 and the Chinese hacker community #MSS #APT41 #allroadsleadtoChengdu #Chengdu404 intrusiontruth.wordpress.com/2022/07/23/the…

Announcement: Me and Soumyadeep Basu will be giving a free workshop on Offensive Lateral Movement in Windows Environment. Attached is the small glimpse of the content. You can find more details at github.com/dazzyddos/dazz… (1/2).

Incase you missed it, check out my new tool from #DEFCON30 ! github.com/kyleavery/AceL…

#flareon9 is happening. Let your family know you'll miss them. mandiant.com/resources/anno…

As a malware analyst I sometimes receive Microsoft files which have been manipulated. E.g. infected by a virus and cleaned afterwards. Here are some indicators to recognize PE file manipulation. 🧵

I knew a girl once who coded the best backdoors. She'd give them out for free, but recently she's moved to selling them. If you go to Venice Beach she has a stall near the pier. That's right. She sells C shells on the sea shore.

Exploit dev's be like

In early 2022, Mandiant detected & responded to an incident where #APT29 successfully phished a European diplomatic entity & ultimately abused the Windows Credential Roaming feature. Read the blog post for more on this research.👇 mndt.info/3FZp7Pk

I just wrote a tutorial on how to write a Windows packer! github.com/frank2/packer-… Learn to instrument CMake to help pack your executable and learn the mechanics of a fundamental piece of the chain of binary protection software!

We've just released the first post in the Cobalt Strike reflective loader blog series! 🥷This one took allot of effort and I am excited to share it with you! The better it does, the better i'll make the next ones 😉 securityintelligence.com/posts/defining…

I've long been interested in how EDRs work under the hood and how we can apply a more evidence-based approach to evasion. I'm happy to announce that I've written a book covering these topics with No Starch Press which is now available for preorder 🎉 nostarch.com/book-edr

And it’s home!

One of the things I have ponderered repeatedly in life: there are folks that get bored or lonely when alone, and I have no memory of ever being bored alone after learning how to read. My memories of boredom and loneliness tend to be in the presence of people.

I published a step by step guide on using Windows event logs to hunt for malware trying to steal sensitive data from browsers e.g. cookies, passwords etc. security.googleblog.com/2024/04/detect… #DFIR Hope it's useful!

Absolute hall of fame material this thread hahaha

Some of you were asking for my /ˈziːf-kɒn/ 2024 presentation. I cover: > current state of offsec > why red needs to up its game to stay relevant > entrepreneurship in the offsec world using my past experience. Thanks #x33fcon for having me again!

10/10 times people who regret are those who got into CS not because they loved it the man who loves walking will walk further than the man who loves the destination

Exploit dev is nothing short of art. Finally got this off my bucket list! #OSED