Really cool tool and awesome README that discusses in detail how EDR works (kernel callbacks, ETW, userland hooking, etc.) and how it can be bypassed with a vulnerable driver. They also put defensive considerations at the bottom! github.com/wavestone-cdt/…

Donjon CTF is now over. Congratulations to the winners: 1. meltdown 2. Izy Wallet (MANSOUR Cyril, Maxime Meignan, i27) 3. Idefix First 3 teams managed to solve all the challenges. Full scoreboard is available on the CTF site donjon-ctf.io See you next year!

🇫🇷🎙️ Nouvel épisode du podcast Hack'n Speak avec Maxime Meignan & Qazeer pour parler de leur outil EDRSandBlast 🚀 Une interview un peu plus technique que d'habitude où l'on parle du fonctionnement d'un EDR et des mécanismes de contournement 🔥 Bonne écoute 🎶anchor.fm/hacknspeak

Un titre et une miniature clickbait au possible ? En effet. Du fond ? Encore plus ! Vidéo à ne pas rater, pour tout public, que je recommande sans hésiter ! GG Romain du Marais

I'm extremely proud to announce Wavestone speaking engagements at BSides Las Vegas DEF CON & more, and it doesn't fit in a tweet (far from it, actually), so a 🧵:

Actually good question, let's start with obviously wrong answers and see where they lead us. A thread 🧵

Aaand it's a wrap! EDRSandblast v1.1 and the slides from the DefCon30 DemoLab "EDR detection mechanisms and bypass techniques with EDRSandblast" with Maxime Meignan can now be found on GitHub: github.com/wavestone-cdt/… 1/2

A promise is a promise: the slides from the #DEFCON30 DemoLabs Qazeer and I presented about EDRSandblast are uploaded on GitHub (github.com/wavestone-cdt/…), along with the latest version of the tool! Check out the list of new features in the slides, documentation is on its way ;)

#Podcast #Cybersécurité Épisode #387 consacré à l'outil de contournement des EDR, "EDR Sandblast", avec Maxime Meignan et Qazeer nolimitsecu.fr/edrsandblast/

🚩 Wavestone France CTF team #YoloSw4g ranks first of 80+ teams at #CyberEx23! 🚩 Thanks INCIBE and OEA Ciberseguridad for the organization & challenges! 🚩 Congratz to Qazeer Maxime Meignan and Dlvl François for the great team we've been for the last 8 hours, now we go to a well-deserved sleep!

Continuing the #NtSetInformationProcess exploitation series, Maxime Meignan wrote an article on universal #EDR blinding through exploitation of NtSetInformationProcess and it's worth it riskinsight-wavestone.com/en/2023/10/a-u…

How to disable some parts of EDR’s telemetry on Windows 10? Just ask nicely! See riskinsight-wavestone.com/en/2023/10/a-u… for more info about an interesting logic bug we found on Win10 that affects all EDRs 😉

I'm thrilled to announce that I'll be presenting a previously-unnamed vulnerability class at BlueHat IL. Oh, and I'll be dropping 0day. Be sure to stop by, learn something new, pwn the kernel, and have a coffee. It should be a good time. microsoftrnd.co.il/bluehatil/conf…

the Cellebrite Labs French🇫🇷 team is recruiting! Don't miss the rare opportunity to join a team that specializes in breaking Android security boundaries (bootchain/trustzone/Secure Element/kernel and other goodies) for forensic purposes. ⤵️ 1/5

Nous avons quelques tickets pour #hexacon2024 à offrir, car certains collègues de Cellebrite Labs ne peuvent venir. Pour participer, il suffit de répondre à ce tweet, et nous sélectionnerons les gagnants demain (3 octobre) en début d'après-midi !

Our global research team is on its way home from Paris, marking the official close of Hexacon! If you missed how our work saves lives or want to explore the challenges we tackle, check this page and feel free to reach out: cellebrite.com/en/cellebrite-… Until next time, Cellebrite Labs

A small but important note: so far I’ve received exactly $0 in compensation from OST2 over the past 3 years. I will accept honorariums, the same as other instructors, only when OST2 can afford to pay them out. So donations and/or company Sponsorships help us reward instructors!

👋