Twitter | Pretraživanje | |
MaN0ks
programming, windows , kernel, rev engg, exploitation and everything in between
473
Tweetovi
1.034
Pratim
230
Osobe koje vas prate
Tweetovi
MaN0ks proslijedio/la je tweet
t1g4x 26. sij
Learn Reversing/Bin Exploitation: Practice: Great content about it: Learn x64 Assembly(MASM): Thanks guys <3
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
Alex Ionescu 16. sij
If you’re tired of hearing about crypto32, elliptic curves, and other CVE-2020-0601 shenanigans, have a read over our new blog post on Windows’ Intel CET implementation in the face of SetThreadContext and NtContinue. Come for the exploit mitigation, stay for the XState Internals.
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
Nettitude Labs 12. pro
Learn how to exploit Symantec Endpoint Protection on all versions of Windows (CVE-2019-12750). Part 2 of this series by delves into a more advanced method of exploitation!
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
spotless 8. pro
Some notes after exploring the Interrupt Descriptor Table in Windows Kernel
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
Chris Jackson 8. stu
If you missed my Windows Security Internals talk (or just want to relive the memories) it's available online!
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
Carl Schou / vm 8. stu
Second part of my kernel hacking mini-series: "Bypassing kernel function pointer integrity checks"
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
matt rat 23. lis
GET EXCITED: MSVC + AddressSanitizer exists now!
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
Can Bölük 20. lis
Just published my latest project "ByePg", exposing an entirely new attack surface to PatchGuard/NT and bringing 's InfinityHook back:
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
Matt Graeber 15. lis
Assessing the Effectiveness of a New Security Data Source: Windows Defender Exploit Guard and were wizards at assessing and deploying this in the env! Event fields thoroughly documented here:
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
Matt Graeber 11. lis
If you're able to ingest ETW events, Microsoft-Windows-Kernel-Audit-API-Calls Event ID 5 captures _all_ requested process handles (including PsOpenProcess return code). Sysmon event ID 10 only captures process handles that were actually granted.
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
Matt Graeber 10. lis
Security Descriptor Auditing Methodology: Investigating Event Log Security In this post, I establish my process for identifying access rights, determining default security, consideration of abuse implications, audit automation, and SACL research. Enjoy!
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
Jonny Johnson 9. lis
Recently I have been working on mapping Window API calls to event IDs within Sysmon. Today I am releasing this project and a blog to talk about this more! Project: Blog:
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
Bruce Sherwin 3. lis
It’s about time... first device ships with the Microsoft hypervisor on by default! And on ARM64!
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
Alexander Knorr 2. lis
Understanding and Defending Against Access Token Theft: Finding Alternatives to winlogon.exe via
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
Matt Hand 18. ruj
Releasing a new tool to aide in Sysmon evasion, Shhmon () with an associated blog post including defensive recommendations
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
Roberto Rodriguez 19. ruj
Happy to release the Threat Hunting with ETW events and  series! Part I: 🏄‍♀️🏄‍♂️ Installing SilkETW to consume events via the event log locally is out! Next, Shipping events to 😱 Thank you ⚔️
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
LinuxSecuritySummit 19. ruj
The Linux Security Summit North America 2019 videos are published!
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
Jonny Johnson 16. ruj
In June members of the team introduced a new attack called: Process Reimaging. Today I am releasing a blog on how to detect this behavior inside of an environment! Thank you to for his POC code.
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
Florian Roth 28. kol
SysmonX Open source drop-in compatible version of Sysmon by Repo Slides
Reply Retweet Označi sa "sviđa mi se"
MaN0ks proslijedio/la je tweet
0xAX 28. kol
Common Systems Programming Optimizations & Tricks -
Reply Retweet Označi sa "sviđa mi se"