🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Today at #Troopers24 we released Certiception – the ADCS honeypot we always wanted to have. Blog: srlabs.de/blog-post/cert… Source code: github.com/srlabs/Certice… Slide deck, including our guide to deception strategy: github.com/srlabs/Certice…

Here’s the second part of my blog series on Compiler and LLVM internals, where I’ve explained the following concepts: 1. Basic blocks 2. Control flow graphs 3. Modules 4. Some applications of LLVM passes sh4dy.com/2024/07/06/lea… Source code: github.com/0xSh4dy/learni…

CrowdStrike and the Formidable BSOD – Pavel Yosifovich (scorpiosoftware.net)

If you are interested in learning more about EDRs, malware research, detection engineering, call stack analysis, etc. I highly recommend checking out the blog from 0SKR blog, which is full of great detailed posts on these topics. sabotagesec.com/category/offen… #redteam

Ever wanted to spin up a GOAD environment in VMware ESXi? Well I decided to dig into it and I wrote a step-by-step guide to help anyone that wants to deploy it. netsecfocus.com/infosec/walkth…

Creating a Kernel Object type part 2: scorpiosoftware.net/2024/08/31/imp…

🧵1/n Jerry Cain from Stanford University explains pointers and structs in C, showing a clever way to access struct fields. This series is one of the best resources online for C programming. Source: Stanford University 👇 Lectures with handouts, assignments, and videos.

I was interested in better understanding a specific detection mechanism of an EDR, focusing on fake DLLs, page guard hooking, PEB manipulation, and vectored exception handling - techniques inspired by the game hacking community. I'm not a reverse engineer, but in this blog post

It has been a while since I set up a DNS Listener in Cobalt Strike. So I have documented it step by step in this blog post. Available in English and German, just switch from EN to DE on the website. If there is anything wrong or not explained correctly, please let me know.

Not 100% sure yet, but it looks like "bad EDR" is preparing or doing some string manipulation on ntdll.dll, maybe to give ntdll.dll a new special "HaCk1nG" name, who knows? 😉

I believe I've recently made progress in reverse engineering within the context of a specific EDR. Using IDA, I identified an exclusion rule that prevents an entire detection chain, which relies on specific EDR DLLs, from being triggered. By assigning the "correct" name to a

In-person workshop announcement: "Endpoint Security Insights: Shellcode Loaders & Evasion Fundamentals" See the link below for full details. Course details in german redops.at/blog/training-… Course details in english redops.at/en/blog/traini… #redteam #itsec #infosec

I’m currently transferring the learning material for Chapter 13, "Mapped Memory," into the handout script for my upcoming in-person workshop, "𝐄𝐧𝐝𝐩𝐨𝐢𝐧𝐭 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐈𝐧𝐬𝐢𝐠𝐡𝐭𝐬: 𝐒𝐡𝐞𝐥𝐥𝐜𝐨𝐝𝐞 𝐋𝐨𝐚𝐝𝐞𝐫𝐬 & 𝐄𝐯𝐚𝐬𝐢𝐨𝐧 𝐅𝐮𝐧𝐝𝐚𝐦𝐞𝐧𝐭𝐚𝐥𝐬," taking