𝙁 𝙀 𝙇 𝙄 𝙓 𝙈

With some guidance from @DebugPrivilege I've found a way to easily dump clear text implants even while they sleep. Bad day for sleep obfuscation 💤 blog.felixm.pw/rude_awakening…

Yesterday I finally finished part II of my anti rootkit evasion series, where I showcase some detections for driver "stomping", attack flawed implementations of my anti-rootkit, hide system threads via the PspCidTable and detect that as well. Enjoy! eversinc33.com/posts/anti-ant…

Introducing Havoc Professional: A Lethal Presence We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth! infinitycurve.org/blog/introduct…

Ever tried VSS tracing? I’ve been using it to troubleshoot Volume Shadow Copy issues. It’s super useful but not widely known, so I wrote a quick blog post about it. medium.com/@Debugger/trou…

Really cool work in this blog. My answer to the Time Travel Debugging problem attached. Using timers (Ekko) for sleep, add an additional one to check if the TTDRecordCPI.dll is loaded; if so force the process to crash so implant is never unmasked during the trace.

This evening @DebugPrivilege walked me through some case studies from the WinDBG section of his debugging fundamentals repo. Defiantly check it out and bookmark it! github.com/DebugPrivilege…

How it feels opening IDA

I just finished writing the final part of my anti-anti-rootkit series, where I do a slight twist on the .data ptr hijacking IPC method, to create a "threadless" rootkit, concluding the trilogy :) Enjoy. eversinc33.com/posts/anti-ant…

It doesnt have to be RISC-V :) Wrote a little MIPS I VM (based on a playstation emulator I started writing years ago) that can execute MIPS compiled modules without the need for allocating additional executable memory

WatchMojo Presents: Top 5 APT 🤡 Moments of 2024 All that effort for initial access just to use sam save and vssadmin 💀 volexity.com/blog/2024/11/2…

The (Anti-)EDR Compendium EDR functionality and bypasses in 2024, with focus on undetected shellcode loader. blog.deeb.ch/posts/how-edr-…

Top 1% red teamer POV

How many of you are down the bottom?💀

Really cool write-up about North Korean actors abusing malicious NPM packages by my friend @0xpoppaea stacklok.com/blog/north-kor…

POV: You pushed C-00000291*.sys on Friday and see a meeting with HR and Legal on Monday

CrowdStrike legal team are gonna be pulling out all the tricks to dodge the incoming lawsuits

Great talk about MacOS logic bugs by my friend Max!

#Maldev - Packer Development is going strong in a #workshop at #x33fcon being taught by @ShitSecure and @eversinc33 - #redteam #blueteam

Just got linked this really awesome blog by @_vanvleet about Detection Data Models. This should be a valuable read for my Detection Engineering friends out there: medium.com/@vanvleet/impr…