Just got linked this really awesome blog by VanVleet about Detection Data Models. This should be a valuable read for my Detection Engineering friends out there: medium.com/@vanvleet/impr…

#Maldev - Packer Development is going strong in a #workshop at #x33fcon being taught by S3cur3Th1sSh1t and eversinc33 🤍🔪⋆｡˚ ⋆ - #redteam #blueteam

Great talk about MacOS logic bugs by my friend Max!

CrowdStrike legal team are gonna be pulling out all the tricks to dodge the incoming lawsuits

POV: You pushed C-00000291*.sys on Friday and see a meeting with HR and Legal on Monday

How many of you are down the bottom?💀

Top 1% red teamer POV

Yesterday I finally finished part II of my anti rootkit evasion series, where I showcase some detections for driver "stomping", attack flawed implementations of my anti-rootkit, hide system threads via the PspCidTable and detect that as well. Enjoy! eversinc33.com/posts/anti-ant…

The (Anti-)EDR Compendium EDR functionality and bypasses in 2024, with focus on undetected shellcode loader. blog.deeb.ch/posts/how-edr-…

WatchMojo Presents: Top 5 APT 🤡 Moments of 2024 All that effort for initial access just to use sam save and vssadmin 💀 volexity.com/blog/2024/11/2…

It doesnt have to be RISC-V :) Wrote a little MIPS I VM (based on a playstation emulator I started writing years ago) that can execute MIPS compiled modules without the need for allocating additional executable memory

I just finished writing the final part of my anti-anti-rootkit series, where I do a slight twist on the .data ptr hijacking IPC method, to create a "threadless" rootkit, concluding the trilogy :) Enjoy. eversinc33.com/posts/anti-ant…

How it feels opening IDA

This evening DebugPrivilege walked me through some case studies from the WinDBG section of his debugging fundamentals repo. Defiantly check it out and bookmark it! github.com/DebugPrivilege…

Really cool work in this blog. My answer to the Time Travel Debugging problem attached. Using timers (Ekko) for sleep, add an additional one to check if the TTDRecordCPI.dll is loaded; if so force the process to crash so implant is never unmasked during the trace.

Ever tried VSS tracing? I’ve been using it to troubleshoot Volume Shadow Copy issues. It’s super useful but not widely known, so I wrote a quick blog post about it. medium.com/@Debugger/trou…

Introducing Havoc Professional: A Lethal Presence We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth! infinitycurve.org/blog/introduct…

Announcing our whitepaper on the future of endpoint security. preludesecurity.com/runtime-memory…

Question for people doing Windows dev on Macbooks. Are you using Azure VMs or are you using a physical NUC with Proxmox (etc). Curious what experiences people have had with both and which is recommended most 🧐