eversinc33 🤍🔪⋆。˚ ⋆
@eversinc33
computers be computin | http://helloskiddie.club
I just finished writing the final part of my anti-anti-rootkit series, where I do a slight twist on the .data ptr hijacking IPC method, to create a "threadless" rootkit, concluding the trilogy :) Enjoy. eversinc33.com/posts/anti-ant…
I'm happy to finally release NovaHypervisor! NovaHypervisor is a defensive hypervisor with the goal of protecting AV/EDR vendors and crucial kernel structures that are currently uncovered by VBS and PatchGuard. Full explanation below 1/6. github.com/Idov31/NovaHyp…
huntress.com/blog/inside-bl… Wild intrusion & great analysis 👀
Sunday project: Running a virtual machine in an OpenCL kernel/shader to execute arbitrary code on the GPU. API calls and host memory R/W still has to trap into the CPU of course, but a fun exercise in GPU malware :3
goated 🙏😔
we are building an anticheat we will teach you how to build each feature and then how to bypass it
With some guidance from @DebugPrivilege I've found a way to easily dump clear text implants even while they sleep. Bad day for sleep obfuscation 💤 blog.felixm.pw/rude_awakening…
If you update WinDbg today (1.2504.15001.0), you might notice another icon in the View tab of the ribbon, one called "Parallel Stacks". While incredibly useful in its own right, this isn't just a parallel stacks view. It's the introduction of graph visualization for extensions!
If I had a penny for each time I get ducked by Nt/ZwAllocateVirtualMemory writing the rounded up page size into the RegionSize variable, which I then use later thinking it still had the original value, I could probably buy myself a copy of Windows Internals 🤮
Is there any example/PoC for malware using the BitTorrent protocol e.g. for P2P-C2?