Twitter | Pretraživanje | |
Bill Demirkapi
Freshman at the Rochester Institute of Technology. Love reversing malware, games, and making cheats. Email: billdemirkapi@gmail.com
149
Tweetovi
54
Pratim
1.355
Osobe koje vas prate
Tweetovi
Bill Demirkapi 31. pro
If only Windows Defender sample submission was opt-in instead of opt-out, "Spynet" indeed.
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi 19. pro
mfw a vendor introduces new vulnerabilities in their security patch because they refuse to use proper security practices 🤦‍♂️
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi 15. pro
Odgovor korisniku/ci @tiraniddo @laparisa
Better yet, the decompiled code is from Stuxnet :)
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi 13. pro
Odgovor korisniku/ci @Jackson_T
My only suggestion would be the fact that binaries that use this tool are suspicious cause usually Windows binaries don't have direct syscalls. Why not just search for the bytes "0f 05 c3" (syscall then ret) and call it after updating EAX with the syscall number?
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi 3. pro
Odgovor korisniku/ci @Rotticus
Here's a great book:
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi 2. pro
Odgovor korisniku/ci @DitmarWendt
This is certainly true and there are plenty of ways to manual map a driver. Test signing is awesome cause you can load your driver without having it manually mapped, reducing the number of headaches down the road from doing certain things in the kernel.
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi 2. pro
Insecure by Design: Weaponizing Windows against User-Mode Anti-Cheats, a write up about attacking unprivileged processes by abusing Windows access controls.
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi 24. stu
Less than 4 hours of sleep for two days straight. Worth it.
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi 16. stu
Go watch my talk about security in educational software!
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi 11. stu
Odgovor korisniku/ci @GuidedHacking
Cheat Engine got one.
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi proslijedio/la je tweet
CNBC 25. lis
Gaming the game: Popular video games can be vulnerable to hackers
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi 14. lis
Odgovor korisniku/ci @Rewzilla @nationalcptc @AF_Academy
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi proslijedio/la je tweet
NationalCPTC 14. lis
Congratulations to our New England Regional winners: 1st Place: Rochester Institute of Technology 2nd Place: University of Texas at Austin 3rd Place: Drexel University
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi 22. ruj
using a pretty neat method to block IDA Pro while game is running. They open a handle to the mutants IDA uses in a new thread and then terminate that thread. When IDA waits for the mutant handles, WaitForSingleObject returns WAIT_ABANDONED crashing IDA.
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi proslijedio/la je tweet
EdSurge HigherEd 13. ruj
So what was the student able to see when he tried out his hacking skills on his own school? Listen here:
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi proslijedio/la je tweet
Matt Graeber 13. ruj
The following paths within %windir% are writable by any user. Now you know. Security descriptor auditing is valuable.
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi 12. ruj
Odgovor korisniku/ci @dronesec @wordmonger
You don't need VM_READ to find memory pages, Process Hacker is a great example (PhQueryMemoryItemList in memprv.c). PROCESS_QUERY_INFORMATION will allow you to find the pages of a remote process.
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi 12. ruj
Odgovor korisniku/ci @dronesec
Nice article, another neat trick you can do with PROCESS_CREATE_PROCESS permissions is start a child process with inherit handles set to true. Your child process now has all inheritable handles from the parent process (this can be very useful).
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi proslijedio/la je tweet
Tony Wan 10. ruj
Back in high school, hacked into major K-12 systems. He joins on the podcast to discuss how often these incidents happen, and how schools and companies can be more responsive—and responsible—when they occur.
Reply Retweet Označi sa "sviđa mi se"
Bill Demirkapi 6. ruj
Odgovor korisniku/ci @0xmchow @Hallsy19
Ha
Reply Retweet Označi sa "sviđa mi se"