I have seen lot of stupid things lately concerning CS, EDR's and Windows drivers. I wrote a, not so bad I guess, long blog post explaining how to build a windows driver, why EDR's need them, and how EDR's work, might be helpful 🤪

@hakluke Real!

@rvrsh3ll Thanks mate ✌🏻✌🏻

@pr3izh3r Thanks dude I appreciate 😃

@SIMKRA202 Thank you!

@never_unsealed Of course but my point is that you can limit the things you trust. The probability that someone exploits a hypervisor vuln is much lower than a pentester running psexec exe on your system ✌🏻

@DaahtK Your welcome my man ✌🏻

can be found here and you will also find advanced ways of detecting PsExec.exe on your network in the blog post directly 🔥

RT @Wietze: 🚀 Today I'm launching ArgFuscator: an open-source platform documenting command-line obfuscation tricks AND letting you generate…

@Wietze Excellent!!

See you there 😎

@techspence But I'd say who cares ahah! As long as you can do your stuff, use PowerShell it doesn't matter!! I'm just using Python because I have learned that way :P

This dude omgggggg 🔥@SinSinology

@_RastaMouse Isn't the first call used to retrieve the size of the buffer and the second one to actually get the info? I believe I had the same thing a while back

@SkelSec @_RastaMouse Internet remembers ahah but yeah, manipulating credentials is so overrated nowadays considering you can just run task as someone else 😴

@Ox00000000 👀🔥

RT @_zblurx: New module on #NetExec : wam Dump #Entra access tokens from Windows Token Broker Cache, and make your way to Entra 🚀 Thanks @…

@staatsgeheim Yeah makes sens! Thanks for the information tho!

@staatsgeheim Wtffffff, and do you obtain a full priv system token or a restricted one ?