Kill Switch  (@killswitchx7) 's Twitter Profile
Kill Switch 

@killswitchx7

Network, Systems, Microservices, Containers, APIs, Wireless, Active Directory, Cloud & Web Application Penetration Tester | Exploit Development |

ID: 1346015786997956610

linkhttps://blog.killswitchx7.com/ calendar_today04-01-2021 08:49:38

12,12K Tweet

1,1K Takipçi

3,3K Takip Edilen

Rad (@rad9800) 's Twitter Profile Photo

I figured out a new way to **completely** disable certain EDR products only with Admin privileges in less than 30 lines of code with native applications. It works by deleting critical application files before they can do anything 🙃 A link to the GitHub repo with a PoC follows.

I figured out a new way to **completely** disable certain EDR products only with Admin privileges in less than 30 lines of code with native applications.

It works by deleting critical application files before they can do anything 🙃

A link to the GitHub repo with a PoC follows.
Hors (@horsicq) 's Twitter Profile Photo

Astral-PE is a powerfull low-level mutator (headers obfuscator) for native Windows PE files (x32/x64). Supports EXE and DLL. github.com/DosX-dev/Astra… #obfuscator #infosec #CodeSecurity

Astral-PE is a powerfull low-level mutator (headers obfuscator) for native Windows PE files (x32/x64). Supports EXE and DLL. 

github.com/DosX-dev/Astra…

#obfuscator #infosec #CodeSecurity
es3n1n (@es3n1n) 's Twitter Profile Photo

published a new version of defendnot (the tool that disables windows defender using wsc) with a bunch of compability fixes, if something didn't work on your machine - consider trying again with the latest version github.com/es3n1n/defendn…

published a new version of defendnot (the tool that disables windows defender using wsc) with a bunch of compability fixes, if something didn't work on your machine - consider trying again with the latest version

github.com/es3n1n/defendn…
BlackSnufkin (@blacksnufkin42) 's Twitter Profile Photo

Ohhhh snap now you can use Claude in your #maldev and #redteam workflow LitterBox v3.0.0: GrumpyCats python client & #MCP server that can be used to interact with LitterBox #sandbox See it in action

ö (@r0keb) 's Twitter Profile Photo

Good morning! I just published a blog post about a KASLR bypass that works on modern Windows 11 versions. It leverages Intel CPU cache timings to exfiltrate the base address of ntoskrnl.exe. I hope you like it! r0keb.github.io/posts/Bypassin…

Grzegorz Tworek (@0gtweet) 's Twitter Profile Photo

Looks like Microsoft added such a "lsof" feature to fsutil.exe file queryProcessesUsing in Windows 11 24H2. 🥳 It uses the same Vista-old syscall I am using in my PowerShell script. The choice is yours :) BTW I have created my script literally one month before 24H2 release. 😎

Looks like Microsoft added such a "lsof" feature to fsutil.exe file queryProcessesUsing in Windows 11 24H2. 🥳
It uses the same Vista-old syscall I am using in my PowerShell script. The choice is yours :)
BTW I have created my script literally one month before 24H2 release. 😎
Luca Beurer-Kellner (@lbeurerkellner) 's Twitter Profile Photo

😈 BEWARE: Claude 4 + GitHub MCP will leak your private GitHub repositories, no questions asked. We discovered a new attack on agents using GitHub’s official MCP server, which can be exploited by attackers to access your private repositories. creds to Marco Milanta (1/n) 👇

😈 BEWARE: Claude 4 + GitHub MCP will leak your private GitHub repositories, no questions asked.

We discovered a new attack on agents using GitHub’s official MCP server,  which can be exploited by attackers to access your private repositories.

creds to <a href="/marco_milanta/">Marco Milanta</a>

(1/n) 👇
I am Jakoby (@i_am_jakoby) 's Twitter Profile Photo

well i have something unfortunate to share last night they gave my bounty an important rating, but marked it out of scope some how all of this is just wildly dishonest. For one its not just information disclosure. I included and addendum that showed how to leak bearer tokens and

well i have something unfortunate to share
last night they gave my bounty an important rating, but marked it out of scope some how

all of this is just wildly dishonest. For one its not just information disclosure. I included and addendum that showed how to leak bearer tokens and
Saad AHLA (@d1rkmtr) 's Twitter Profile Photo

Very stealthy way of dumping LSASS, is done from the kernel, doesn't matter if LSASS is LSA Protected. Once loaded, the rootkit creates a system thread (PsCreateSystemThread) for dumping LSASS, iterates over all processes gets its EPROCESS (PsLookupProcessByProcessId ), then its

Anton (@antonlovesdnb) 's Twitter Profile Photo

Coming up on my 1 year anniversary with Huntress ! Taking this opportunity to go over some things myself and the team have seen in intrusions and drop some tips on basic things you can do to make your network more immune to compromise. Let's start with initial access -

ö (@r0keb) 's Twitter Profile Photo

Good morning! Just published a blog post diving into Windows Kernel Pool internals: basics, memory allocation functions, internal structures, and how Segment Heap, LFH, and VS work. r0keb.github.io/posts/Windows-…

Panos Gkatziroulis 🦄 (@netbiosx) 's Twitter Profile Photo

Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when attackers disable standard process notify callbacks github.com/Dor00tkit/BamE…

SEKTOR7 Institute (@sektor7net) 's Twitter Profile Photo

Another way to circumvent ETW logging the SetThreadContext() calls - use NtContinue()/ZwContinue() instead. Calling thread can change its CONTEXT, including debug registers. This can be used in any patchless hooking, also as an AMSI bypass. A post by Rad Kawar (Rad). Well

Another way to circumvent ETW logging the SetThreadContext() calls - use NtContinue()/ZwContinue() instead.

Calling thread can change its CONTEXT, including debug registers. This can be used in any patchless hooking, also as an AMSI bypass.

A post by Rad Kawar (<a href="/rad9800/">Rad</a>). Well