From our headquarters underneath the Vatican, happy Halloween!
Today we release the first edition of our new publication Black Mass.
Special thanks to our Editor in Chief
@h313n_0f_t0r
for all of her hard work.
My former employer
@Optiv
went through a round of layoffs.
Among those laid off was a friend who is currently on FMLA getting treatment for terminal cancer.
🧵
Happy Friday!
For the long weekend, enjoy a
#cobaltstrike
BOF that will zero, then delete your beacon's executable on exit!
Use at your own risk and out of good practice build/extract the shellcode yourself 😌
Not only would I recommend against working there, I would strongly recommend against doing business with a company being run into the ground by sycophants and soulless executives.
If you would like to support Joey and his family, here is a gofundme:
WIP Reflective loader.
Did some tinkering based on a tweet from
@NinjaParanoid
and added a weird feature I'm happy about:
Modules in import table will first be checked against the LdrpHashTable to see if they already loaded.
XOR encoding, etc. Enjoy ymmv.
CVE-2021-44852 An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (o...
Happy to release another
#cobaltstrike
BOF!
Work in progress to add more stuff from the Job API, but felt like releasing now.
Tl;dr: enforce process' memory, cpu, and network resources.
@Newsreading1
@chompie1337
The best thing I ever did was just sit down with a copy of Windows Internals and read until I found smth cool and just tinkered w/ the apis that had to do w/ the subj like this proj came from my C++ tinkering
@zodiacon
Windows 10 System Programming is 🔥
@aahmad097
@AnnaViolet20
You mean to tell me that I shouldn't be able to send a POST request without auth to a perimeter device and just execute commands?
Smh, where's the sense of trust in our community these days?
@1njection
Yo, I've got an N-Click 0-day RCE in bash.
First you click on "terminal"
Then you type curl with my exploit code and | /bin/sh
I'll be here waiting for my CVE.
Create suspended process.
Copy Peb, VadRoot, and DirBase from lsass eprocess into suspended eprocess.
Dump suspended proc.
I'm not responsible for your bsod.
@cybersecstu
Python.
Because sometimes I'm too lazy for awk, sed, and grep, but I can sure as hell whip up a horrid script to parse something and never show anyone how 😂
@_Kudaes_
Nice post!
Fibers are really awesome.
I wrote about a different way to achieve more or less the same thing at by modifying the fiber data structure in the TEB
Tiny update: needed to resolve exports of reflectively loaded dlls and added a constructor to receive the loaded module's base address and resolve from EAT.
I never graduated HS or Uni, and got my first job because I worked my ass off for my OSCP and OSCE.
This is a woefully stupid take from dollar store John McAfee.
@_mmpte_software
is set to be a billionaire by the year 2035. This isn’t because of his Windows kernel knowledge or novel research he’s published.
It’s because he’s cracked the GenZ attention code. Here’s how he did it, a 🧵:
@yarden_shafir
Buy both versions of Windows Internals. Pick a random chapter, read it until you understand enough to start writing code relevant to the chapter.
Rinse. Repeat.
For people looking for a conspiracy, the replacement language for C++, Rust, is compromised by a cabal of woke tards that are doing strange things.
It's possible this could be a plot to move mission-critical code to Rust. It's the only other language Linux is allowing, other
I'm so fucking proud of my brother.
Went from bolting in car seats at a factory 3y ago to moving into his second IT job as a newly minted sysadmin.
Hard work pays off. God damn I love this industry. I'm not crying. Okay maybe just a bit.
@carrot_c4k3
He has a conspiracy theory about how a woke cabal of rust programmers made this happen to convert more people to rust.
Zach is an absolute clown.