Patryk Czeczko

18 posts

Patryk Czeczko

@0xPat

Red/purple teamer https://t.co/AhR2vq4vuU

Warsaw, Poland Katılım Şubat 2020

27 Takip Edilen1.3K Takipçiler

Patryk Czeczko@0xPat·24 May

I'm giving 2 talks at @layer_one together with @c0p0x this weekend: layerone.org/schedule/ #purpleteam #malware

English

Patryk Czeczko@0xPat·14 May

x33fcon.com/#!s/malware.md This year during @x33fcon we will code some covert shellcode loader in C++ @c0p0x #redteam #purpleteam #malware #workshop

English

Patryk Czeczko retweetledi

/ˈziːf-kɒn/@x33fcon·27 Nis

Would you like to learn more about Applied #PurpleTeaming? Come and join us, @0xPat and @c0p0x tomorrow at 1500 UTC. Learn more: x33fcon.com/#!w/purple.md Free registration: x33fcon.com/#!webinarregis…

English

Patryk Czeczko@0xPat·26 Mar

Co-trainer @c0p0x

English

Patryk Czeczko@0xPat·25 Mar

x33fcon.com/#!/t/purple.md Check out my Applied Purple Teaming training on @x33fcon

English

Patryk Czeczko@0xPat·16 Mar

0xpat.github.io/Malware_develo… Implementing COFF loader/injector (aka beacon object file)

English

Patryk Czeczko@0xPat·26 Oca

0xpat.github.io/Malware_develo… Some advanced obfuscation techniques for C code

English

113

Patryk Czeczko@0xPat·5 Ağu

0xpat.github.io/Malware_develo… Check out compilation tips, PE overwiew, hiding imports, API hashing and calculating entropy

English

Patryk Czeczko retweetledi

Grzegorz Tworek@0gtweet·12 May

Eliminate huge part of lateral movement scenarios with one command: "reg.exe add HKLM\SYSTEM\CurrentControlSet\Control /v DisableRemoteScmEndpoints /t REG_DWORD /d 1" It will make Service Control Manager deaf to remote management. Everything else works properly.

English

300

976

Patryk Czeczko retweetledi

Andy Robbins@_wald0·12 May

Did you know that LinkedIn has a directory? linkedin.com/directory/peop…

English

111

Patryk Czeczko@0xPat·18 May

0xpat.github.io/Malware_develo… detecting debuggers and other tricks to make dynamic analysis of malware harder

English

Patryk Czeczko@0xPat·9 May

@zz0eyu I think the memory pages are not shared by default, unless there's some interaction going on from other process, like debugger for example.

English

zoemurmure@zz0eyu·3 May

@0xPat I think there's a bug in your third article.

English

Patryk Czeczko@0xPat·1 May

0xpat.github.io/Malware_develo… On detecting VMs, evading sandboxes, bypassing function hooks

English

Patryk Czeczko retweetledi

Vlado Vajdic@vvlado·1 May

Detecting APT29: MITRE EDR evaluations round 2 - Jorrit Folmer - Medium -> not everyone is a winner! @jorritfolmer/detecting-apt29-mitre-edr-evaluations-round-2-a8dcf7a3f486" target="_blank" rel="nofollow noopener">medium.com/@jorritfolmer/…

English

Patryk Czeczko retweetledi

Adam Chester 🏴‍☠️@_xpn_·23 Nis

Well this is awkward 😂 Nice logo tho.

Varonis@varonis

⚠ Our research team discovered a way to exploit Pass-Through Authentication in an #O365 / #Azure environment, login as *any user* and dump credentials. READ: varonis.com/blog/azure-ske… #Office365 #remoteworkforce #infosec #Azure #threatresearch

English

126

Patryk Czeczko retweetledi

Marc Smeets@MarcOverIP·24 Nis

In case you missed it: Im writing a multi part blog on RedELK, @OutflankNL’s open sourced tooling that acts as a red team SIEM and helps with overall improved oversight during red team operations: outflank.nl/blog/2019/02/1… outflank.nl/blog/2020/02/2… outflank.nl/blog/2020/04/0…

English

142

Patryk Czeczko retweetledi

Grzegorz Tworek@0gtweet·24 Nis

Wanted to demonstrate AdjustTokenPrivileges() -> SomePrivilegedCall() sequence, and failed with SetSystemTime(). And now I know: SetSystemTime() tries to adjusts privileges on it's own, not even checking the result, and then calls NtSetSystemTime() syscall. Interesting...

English

Patryk Czeczko@0xPat·14 Nis

0xpat.github.io/Malware_develo… on developing shellcode loader

English

Keşfet

@layer_one @c0p0x @x33fcon @zz0eyu @OutflankNL @elonmusk @BarackObama @taylorswift13