| Tweets |
|
namazso
@namazso
|
Jan 27 |
|
a single ret won't work (reliably) for spoofing because the caller allocated stack space could be trashed, and that's where your proposed solution would place the return address
anyways, to filter out everything reliably they'd need some sort of symbolic execution.
|
||
|
|
||
| namazso retweeted | ||
|
Carl Schou / vm
@vm_call
|
Jan 6 |
|
BattlEye has for the past year been detecting unknown cheats using memory heuristics combined with a method known as stack walking:
vmcall.blog/battleye-stack…
|
||
|
|
||
|
namazso
@namazso
|
Dec 5 |
|
#nc3ctf2019 vm looking 👌 pic.twitter.com/NaKJrTuflP
|
||
|
|
||
| namazso retweeted | ||
|
Sek
@LifeInASek
|
Nov 12 |
|
NO! WHAT HAPPENED!?
I been following HamsterFragment for about 2 years now and then this happens!? This is the only image where the girl is finally smiling because she finally died(?).
Anyone know what happened to this artist? Are they okay? Or were they truly on their death bed? pic.twitter.com/NUlJWdFDgb
|
||
|
|
||
| namazso retweeted | ||
|
WebFreak
@WebFreak001
|
Oct 4 |
|
OwO what's this? Did you say you use Linux? voiced by @EiScreamu pic.twitter.com/LwXBeEDUb3
|
||
|
|
||
| namazso retweeted | ||
|
🐸
@Palasemple
|
Sep 5 |
|
everybody gangsta till the touhou danmaku machine turns on
twitter.com/rikk_kun/statu… pic.twitter.com/JER7mb0PSz
|
||
|
|
||
| namazso retweeted | ||
|
thaddeus e. grugq
@thegrugq
|
Sep 2 |
|
Search engines are as useless now as Altavista used to be. I know exactly what I’m looking for I put in the keywords. In quotes. And the domain.
Results are something recent with one keyword. Not even the correct domain.
Why doesn’t google have “2005 mode”? When it worked.
|
||
|
|
||
|
namazso
@namazso
|
Sep 9 |
|
semi-related, but various popular packers use rdtsc for timing things to detect debuggers, so disabling it would've broke backwards compatibility
|
||
|
|
||
|
namazso
@namazso
|
Sep 6 |
|
It's quite annoying that getting twitter API keys just for using twitter as yourself with it requires adding a phone no and filling out pointlessly minimum character count limited fields atleast 3 or so times.. pic.twitter.com/9vHj2WIoD5
|
||
|
|
||
|
namazso
@namazso
|
Sep 6 |
|
going semi-type-1 when runtime is neither hacky nor simple but does work. I'm not sure how I should call this though, type 1.5? On the other hand, have you tried MmAllocateIndependentPages yet?
|
||
|
|
||
|
namazso
@namazso
|
Aug 29 |
|
I think you misunderstood, in this case VMware Workstation uses the Windows hypervisor instead of its own one to provide VMs (atleast that's how I understood it)
|
||
|
|
||
|
namazso
@namazso
|
Jul 31 |
|
What happened to uxtheme patching? Well, apparently Windows feature updates did. Not anymore: github.com/namazso/Secure…
|
||
|
|
||
|
namazso
@namazso
|
Jul 31 |
|
You can easily patch signtool to do exactly that 😉
|
||
|
|
||
| namazso retweeted | ||
|
Kody
@KodyKinzie
|
Jul 2 |
|
We made a video about launching fireworks over Wi-Fi for the 4th of July only to find out @YouTube gave us a strike because we teach about hacking, so we can't upload it.
YouTube now bans: "Instructional hacking and phishing: Showing users how to bypass secure computer systems"
|
||
|
|
||
|
namazso
@namazso
|
Jul 1 |
|
Hm, maybe you could do what hypervisors before EPT used to do with copying, monitoring writes and spoofing to a shadow page table for each normal page table, except with two for each, one um executable, one km executable. Should be faster than rebuilding EPT every new CR3
|
||
|
|
||
|
namazso
@namazso
|
Jul 1 |
|
I think a way could be just making LSTAR point at invalid address, and exiting on all interrupts. Then MTF-ing over all the kernelmode code until we get back to usermode again. This is probably even slower than your proposed solution, since that's almost how hvs worked before EPT
|
||
|
|
||