|
MaN0ks
@
MAn0kS
|
|
programming, windows , kernel, rev engg, exploitation and everything in between
|
|
|
473
Tweetovi
|
1.034
Pratim
|
230
Osobe koje vas prate
|
| Tweetovi |
| MaN0ks proslijedio/la je tweet | ||
|
t1g4x
@iN127pkt
|
26. sij |
|
Learn Reversing/Bin Exploitation:
youtube.com/watch?v=iyAyN3…
Practice:
2019game.picoctf.com
247ctf.com
Great content about it:
youtube.com/user/GynvaelEN
Learn x64 Assembly(MASM):
youtube.com/playlist?list=…
Thanks guys <3 @LiveOverflow @gynvael @WhatsACreel
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
Alex Ionescu
@aionescu
|
16. sij |
|
If you’re tired of hearing about crypto32, elliptic curves, and other CVE-2020-0601 shenanigans, have a read over our new blog post on Windows’ Intel CET implementation in the face of SetThreadContext and NtContinue. Come for the exploit mitigation, stay for the XState Internals. twitter.com/yarden_shafir/… pic.twitter.com/rfFlA1aZXR
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
Nettitude Labs
@Nettitude_Labs
|
12. pro |
|
Learn how to exploit Symantec Endpoint Protection on all versions of Windows (CVE-2019-12750). Part 2 of this series by @kyREcon delves into a more advanced method of exploitation! labs.nettitude.com/blog/cve-2019-…
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
spotless
@spotheplanet
|
8. pro |
|
Some notes after exploring the Interrupt Descriptor Table in Windows Kernel ired.team/miscellaneous-…
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
Chris Jackson
@appcompatguy
|
8. stu |
|
If you missed my Windows Security Internals talk (or just want to relive the memories) it's available online!
myignite.techcommunity.microsoft.com/sessions/81692…
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
Carl Schou / vm
@vm_call
|
8. stu |
|
Second part of my kernel hacking mini-series: "Bypassing kernel function pointer integrity checks" vmcall.blog/nt/2019/11/06/…
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
matt rat
@__mcgov__
|
23. lis |
|
GET EXCITED: MSVC + AddressSanitizer exists now!
devblogs.microsoft.com/cppblog/addres…
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
Can Bölük
@_can1357
|
20. lis |
|
Just published my latest project "ByePg", exposing an entirely new attack surface to PatchGuard/NT and bringing @nickeverdox's InfinityHook back: blog.can.ac/2019/10/19/bye…
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
Matt Graeber
@mattifestation
|
15. lis |
|
Assessing the Effectiveness of a New Security Data Source: Windows Defender Exploit Guard
medium.com/palantir/asses…
@duff22b and @cryps1s were wizards at assessing and deploying this in the @PalantirTech env! Event fields thoroughly documented here: github.com/palantir/explo…
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
Matt Graeber
@mattifestation
|
11. lis |
|
If you're able to ingest ETW events, Microsoft-Windows-Kernel-Audit-API-Calls Event ID 5 captures _all_ requested process handles (including PsOpenProcess return code). Sysmon event ID 10 only captures process handles that were actually granted. twitter.com/mattifestation…
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
Matt Graeber
@mattifestation
|
10. lis |
|
Security Descriptor Auditing Methodology: Investigating Event Log Security
posts.specterops.io/security-descr…
In this post, I establish my process for identifying access rights, determining default security, consideration of abuse implications, audit automation, and SACL research. Enjoy!
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
Jonny Johnson
@jsecurity101
|
9. lis |
|
Recently I have been working on mapping Window API calls to event IDs within Sysmon. Today I am releasing this project and a blog to talk about this more! #DetectionEngineering
Project: github.com/jsecurity101/W…
Blog: posts.specterops.io/uncovering-the…
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
Bruce Sherwin
@Bruc3rVis0r
|
3. lis |
|
It’s about time... first device ships with the Microsoft hypervisor on by default! And on ARM64!
techcommunity.microsoft.com/t5/Virtualizat…
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
Alexander Knorr
@opexxx
|
2. lis |
|
Understanding and Defending Against Access Token Theft: Finding Alternatives to winlogon.exe nzzl.us/iQvUZFS via @nuzzel
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
Matt Hand
@matterpreter
|
18. ruj |
|
Releasing a new tool to aide in Sysmon evasion, Shhmon (github.com/matterpreter/S…) with an associated blog post including defensive recommendations posts.specterops.io/shhmon-silenci…
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
Roberto Rodriguez
@Cyb3rWard0g
|
19. ruj |
|
Happy to release the Threat Hunting with ETW events and @THE_HELK series! Part I: 🏄♀️🏄♂️ Installing SilkETW to consume events via the event log locally is out! Next, Shipping events to @THE_HELK 😱 Thank you @FuzzySec ⚔️ #ThreatHunting medium.com/threat-hunters…
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
LinuxSecuritySummit
@LinuxSecSummit
|
19. ruj |
|
The Linux Security Summit North America 2019 videos are published! youtube.com/playlist?list=…
#linuxsecuritysummit
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
Jonny Johnson
@jsecurity101
|
16. ruj |
|
In June members of the @McAfee_Labs team introduced a new attack called: Process Reimaging. Today I am releasing a blog on how to detect this behavior inside of an environment! Thank you to @djhohnstein for his POC code. posts.specterops.io/you-can-run-bu…
#Detection #ThreatHuntiung
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
Florian Roth
@cyb3rops
|
28. kol |
|
SysmonX
Open source drop-in compatible version of Sysmon
by @marcosd4h
Repo
github.com/marcosd4h/sysm…
Slides
github.com/marcosd4h/sysm… pic.twitter.com/YP7XBHYMBK
|
||
|
|
||
| MaN0ks proslijedio/la je tweet | ||
|
0xAX
@0xAX
|
28. kol |
|
Common Systems Programming Optimizations & Tricks - paulcavallaro.com/blog/common-sy…
|
||
|
|
||