Nathan Blondel

@slowerzs

Joined July 2020

118Following

802Followers

Think HVCI and kCET mean the end of kernel code execution? I wrote a blogpost exploring an alternative way to execute a kernel payload! :) blog.slowerzs.net/posts/keyjumpe…

117

280

157

39.0K

Nathan Blondel@slowerzs · Dec 5

Ever wondered how CryptProtectMemory with the CRYPTPROTECTMEMORY_SAME_PROCESS flag worked, or if encrypted blobs could be decrypted without code injection ? I wrote a blogpost about it: blog.slowerzs.net/posts/cryptdec…

150

11.0K

Nathan Blondel@slowerzs · May 23, 2024

I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver. blog.slowerzs.net/posts/pplsyste…

245

607

332

49.0K

Nathan Blondel@slowerzs · Jan 31, 2024

I recently released ThievingFox, a collection of post-exploitation tools to gather credentials from various password managers and Windows utilities. You can find my blogpost about it: blog.slowerzs.net/posts/thieving… And the Github repo of the tool: github.com/Slowerzs/Thiev…

slowerzs's tweet card. Contribute to Slowerzs/ThievingFox development by creating an account on GitHub.

129

305

170

32.0K