Your security tools can't protect you if they can't run. New video: Using AppLocker to disable Windows Defender—and how to detect it. 🔴 Attack walkthrough with EDR-GhostLocker 🔵 SIEM rules + Jupyter hunting notebooks youtu.be/qvv1W5sUlU8 #CyberSecurity

🔥 Weaponizing Windows Toast Notifications ✅ Enumeration paths: Start Menu, AppX, Registry ✅ .NET + PowerShell Snippets to craft spoofed toasts ✅ Detection via wpnapps.dll / msxml6.dll image loads ✅ SIGMA + MDE for correlation ✅ Purple Team playbook 🔗

I just updated my most starred GitHub repository after 3 years. I added a BYOVD technique to combine with the registry-based approach for a more reliable result github.com/S12cybersecuri…

Working on a new project to represent the function call chain in a reversing exercise Do you think it could be useful to someone other than me?

COMouflage: Surrogate Injection New Medium post, in this one we have a great technique used to inject a DLL into the svchost.exe process, masquerading the parent process id. The technique is named COMouflage Surrogate Injection Author: zer02504 medium.com/@s12deff/comou…

Approaching the PPL deactivation to run our shellcode🫠

Get Code Integrity status from userland

Abusing BYOVD for Process Injection into PPL Protected Processes New Medium post. In this article, we build upon a previous one where we demonstrated how to disable PPL This time, we take it a step further, using PPL bypass to perform process injection medium.com/@s12deff/abusi…

Built a free browser-based forensic file analysis tool 🔍 ✅ Entropy & encryption analysis ✅ Hidden payloads / polyglot detection ✅ EXIF, GPS, VBA, PDF, steganography Zero uploads. Everything runs locally in your browser. Beta :D feedback very welcome 👇 meta-sleuth.com

MetaSleuth‼️ Excited to share a new project with zer02504: MetaSleuth, a client-side file analysis tool that runs entirely in your browser no uploads, no tracking Detect anomalies, metadata and threats with forensic modules. Free beta, no account needed meta-sleuth.com

Worker Factory Start Routine Overwrite Process Injection 🥴 Do you want it in medium?

Discover Code Integrity Protection Status New Medium post. In this article, we’ll explore how to determine the status of Windows Code Integrity protection directly from userland medium.com/@s12deff/disco…

I'm looking for bug bounty programs where Windows Drivers vulnerabilities are in-scope I will appreciate a LOT any help with the list For the moment I just got: - Microsoft - AMD - Intel - Lenovo

Worker Factory StartRoutine Injection New Medium post. In this article, I’ll show a process injection technique presented by Deku This technique overwrites the memory address referenced by the thread worker factory’s start routine with our shellcode medium.com/@s12deff/worke…

Intermediate Practical Malware Analysis New Course release! Get more details here: medium.com/@s12deff/inter…

Module Release! Process Injection Part III https://0 x12darkdev.net/modules/

Working on the TP_WORK injection from safebreach.com/blog/process-i…

Classic Windows Shellcode Execution in YT youtu.be/TkurPPEYOaU