pre.empt (@preemptdev) 's Twitter Profile
pre.empt

@preemptdev

🏴‍☠️ @__mez0__
🏴‍☠️ @michaeljranaldo

ID: 1209213091306758144

linkhttps://pre.empt.blog calendar_today23-12-2019 20:44:16

51 Tweet

1,1K Takipçi

99 Takip Edilen

OtterHacker (@otterhacker) 's Twitter Profile Photo

Hey ! I published a large part of my notes, and I hope you will find something new to learn in it. It goes from simple #OSCP notes to #Malware development (#COFFLoader, #ModuleStomping, #ReflectiveDLLInjection...). otterhacker.github.io

OtterHacker (@otterhacker) 's Twitter Profile Photo

I tried to credit the posts. If you think I forgot you please feel free to PM me. For the malware dev post, all the credit goes to the one I've learned from through their blogs or github : - Ahmed Hesham - dylan - ☠️ Brandon - Rad - 5pider - TrustedSec - BINARLY🔬

Ido Veltzman (@idov31) 's Twitter Profile Photo

I'm glad to release with yxel a new sleep obfuscation technique based on 5pider's Ekko named Cronos. This technique is using waitable timers, highly stable and very easy to use. You can check it out at github.com/Idov31/Cronos #infosec #CyberSecurity

TrustedSec (@trustedsec) 's Twitter Profile Photo

In the second part of the memory scanners #blog post from ☠️ Brandon, learn how to determine if threads contain nefarious qualities. hubs.la/Q01rnsTz0

pre.empt (@preemptdev) 's Twitter Profile Photo

The Maelstorm C2 Series has been summarised: mez0.cc/posts/maelstro… We don't have time at the moment to carry on with the series, so we put it all together in one place. However, let us know if there are any gaps you think we could expand on and we could pick it back up!

klez (@klezvirus) 's Twitter Profile Photo

[BLOG POST] And as promised, this is a brief article the describing the technique used within SilentMoonwalk. Might be a good weekend read! klezvirus.github.io/RedTeaming/AV_…

pre.empt (@preemptdev) 's Twitter Profile Photo

Somehow all of our blog images died on Gitbook, we've gone back through and fixed them. Some of the older ones are still broken but the Maelstrom series is fixed. With that said, are there any other series of blogs that would be of interest? 👀👀 pre.empt.blog

☠️ Brandon (@__mez0__) 's Twitter Profile Photo

I wanted an excuse to play with an LLM API and ended up using ChatGPT to categorise a ton of WinAPI functions to (kind of) expand on malapi.io. Here is the post: pre.empt.blog/2024/catergori…

☠️ Brandon (@__mez0__) 's Twitter Profile Photo

I put together a blog on LLMs and RAGs for offsec. A particular usecase I found interesting was ingesting engagement data like Confluence, Jira, etc, and asking things like "How does X onboard new starters"? The backend LLM really varied the responses, though.

pre.empt (@preemptdev) 's Twitter Profile Photo

Last summer we spent some time collecting both benign and malicious applications. We picked it back up and put together a preliminary exploration of that dataset: pre.empt.blog/posts/static-d…

☠️ Brandon (@__mez0__) 's Twitter Profile Photo

We procrastinated this for a few months, but ember 2024 released inspired us to pick this back up. Right now, it’s just exploratory of our dataset and idea, we’ll do more in the future ❤️cc: Michael Ranaldo pre.empt

☠️ Brandon (@__mez0__) 's Twitter Profile Photo

🧵 since the rise of AI, we’ve seen a lot of people pick up papers and not really understand how to read them. In my experience, I’ve found the Birds Eye approach the easiest. You don’t need to sit and read it end to end immediately 1/3

SEKTOR7 Institute (@sektor7net) 's Twitter Profile Photo

Impressive analysis of goodware and malware static artifacts, identifying some gaps offensive devs fall into during the development process. Research conducted by Michael Ranaldo (@michaeljranaldo) and Brandon (☠️ Brandon) of pre.empt. Great work, gents! Side note: binary

Impressive analysis of goodware and malware static artifacts, identifying some gaps offensive devs fall into during the development process.

Research conducted by Michael Ranaldo (@michaeljranaldo) and Brandon (<a href="/__mez0__/">☠️ Brandon</a>) of <a href="/preemptdev/">pre.empt</a>. Great work, gents!

Side note: binary
☠️ Brandon (@__mez0__) 's Twitter Profile Photo

Under-the-hood, Ember uses LightGBM to score a sample from 0 to 1. I added this functionality into Citadel so any binaries added to the framework are now summarised and scored as well as the rest of the Citadel analysis. Read it here: mez0.cc/posts/citadel-…

pre.empt (@preemptdev) 's Twitter Profile Photo

throwback to our first blog in 2022. still fun, relevant, and still a headache to detect - despite the meme: pre.empt.blog/posts/bluffy/

☠️ Brandon (@__mez0__) 's Twitter Profile Photo

1/2 Over the past few weeks I've used the EMBER2024 model to try and figure out how to make implants less likely to be hit by ML. I wrote about the process here: mez0.cc/posts/evaluati…