|
Bill Demirkapi
@
BillDemirkapi
Boston, MA
|
|
Freshman at the Rochester Institute of Technology. Love reversing malware, games, and making cheats. Email: billdemirkapi@gmail.com
|
|
|
149
Tweetovi
|
54
Pratim
|
1.355
Osobe koje vas prate
|
| Tweetovi |
|
Bill Demirkapi
@BillDemirkapi
|
31. pro |
|
If only Windows Defender sample submission was opt-in instead of opt-out, "Spynet" indeed. pic.twitter.com/UWe7NTq8zO
|
||
|
|
||
|
Bill Demirkapi
@BillDemirkapi
|
19. pro |
|
mfw a vendor introduces new vulnerabilities in their security patch because they refuse to use proper security practices 🤦♂️
|
||
|
|
||
|
Bill Demirkapi
@BillDemirkapi
|
15. pro |
|
Better yet, the decompiled code is from Stuxnet :) moviecode.tumblr.com/post/165963223…
|
||
|
|
||
|
Bill Demirkapi
@BillDemirkapi
|
13. pro |
|
My only suggestion would be the fact that binaries that use this tool are suspicious cause usually Windows binaries don't have direct syscalls. Why not just search for the bytes "0f 05 c3" (syscall then ret) and call it after updating EAX with the syscall number?
|
||
|
|
||
|
Bill Demirkapi
@BillDemirkapi
|
3. pro |
|
Here's a great book: amazon.com/Windows-Intern…
|
||
|
|
||
|
Bill Demirkapi
@BillDemirkapi
|
2. pro |
|
This is certainly true and there are plenty of ways to manual map a driver. Test signing is awesome cause you can load your driver without having it manually mapped, reducing the number of headaches down the road from doing certain things in the kernel.
|
||
|
|
||
|
Bill Demirkapi
@BillDemirkapi
|
2. pro |
|
Insecure by Design: Weaponizing Windows against User-Mode Anti-Cheats, a write up about attacking unprivileged processes by abusing Windows access controls. d4stiny.github.io/Insecure-by-De…
|
||
|
|
||
|
Bill Demirkapi
@BillDemirkapi
|
24. stu |
|
Less than 4 hours of sleep for two days straight. Worth it. twitter.com/nationalcptc/s… pic.twitter.com/FiY3P3zSJi
|
||
|
|
||
|
Bill Demirkapi
@BillDemirkapi
|
16. stu |
|
Go watch my @defcon talk about security in educational software! youtube.com/watch?v=HTj6zZ…
|
||
|
|
||
|
Bill Demirkapi
@BillDemirkapi
|
11. stu |
|
Cheat Engine got one. pic.twitter.com/HglbV0cMCe
|
||
|
|
||
| Bill Demirkapi proslijedio/la je tweet | ||
|
CNBC
@CNBC
|
25. lis |
|
Gaming the game: Popular video games can be vulnerable to hackers cnb.cx/2olHicu
|
||
|
|
||
|
Bill Demirkapi
@BillDemirkapi
|
14. lis |
|
|
||
| Bill Demirkapi proslijedio/la je tweet | ||
|
NationalCPTC
@nationalcptc
|
14. lis |
|
Congratulations to our New England Regional winners:
1st Place: Rochester Institute of Technology
2nd Place: University of Texas at Austin
3rd Place: Drexel University
#NationalCPTC #DinoBank
|
||
|
|
||
|
Bill Demirkapi
@BillDemirkapi
|
22. ruj |
|
@Activision using a pretty neat method to block IDA Pro while game is running. They open a handle to the mutants IDA uses in a new thread and then terminate that thread. When IDA waits for the mutant handles, WaitForSingleObject returns WAIT_ABANDONED crashing IDA.
|
||
|
|
||
| Bill Demirkapi proslijedio/la je tweet | ||
|
EdSurge HigherEd
@HigherEdSurge
|
13. ruj |
|
So what was the student able to see when he tried out his hacking skills on his own school? Listen here: bit.ly/2HXci9m #edtech #dataprivacy
|
||
|
|
||
| Bill Demirkapi proslijedio/la je tweet | ||
|
Matt Graeber
@mattifestation
|
13. ruj |
|
The following paths within %windir% are writable by any user. Now you know. Security descriptor auditing is valuable. pic.twitter.com/KzimubFcs6
|
||
|
|
||
|
Bill Demirkapi
@BillDemirkapi
|
12. ruj |
|
You don't need VM_READ to find memory pages, Process Hacker is a great example (PhQueryMemoryItemList in memprv.c). PROCESS_QUERY_INFORMATION will allow you to find the pages of a remote process.
|
||
|
|
||
|
Bill Demirkapi
@BillDemirkapi
|
12. ruj |
|
Nice article, another neat trick you can do with PROCESS_CREATE_PROCESS permissions is start a child process with inherit handles set to true. Your child process now has all inheritable handles from the parent process (this can be very useful).
|
||
|
|
||
| Bill Demirkapi proslijedio/la je tweet | ||
|
Tony Wan
@tonywan
|
10. ruj |
|
Back in high school, @BillDemirkapi hacked into major K-12 #edtech systems. He joins @douglevin on the @EdSurge podcast to discuss how often these incidents happen, and how schools and companies can be more responsive—and responsible—when they occur. edsurge.com/news/2019-09-1…
|
||
|
|
||
|
Bill Demirkapi
@BillDemirkapi
|
6. ruj |
|
Ha
|
||
|
|
||