Karkas

@FalconFeedsio Chipsoft != cipsoft

@HaifeiLi a lot ppl might not know that you can disable certain API Calls with registry Keys/GPOs: #blacklist-configuration" target="_blank" rel="nofollow noopener">adobe.com/devnet-docs/ac… HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown\cJavaScriptPerms tBlackList=RSS.addFeed|Util.readFileIntoStream ...and you are safe :)

Fun fact about the Adobe Reader 0day: actually, it's the "AdobeCollabSync.exe" ("C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe") process who communicates to the attacker-controller server, not the "Acrobat.exe". Therefore, if you're hunting the threat with your e.g EDR telemetry, you may want to look at that "AdobeCollabSync.exe" process too. #threatintel

@dcuthbert met him countless times even in the smallest Cons where he held top notch talks and always stopped for questions... true legend. Will never be forgotten

Everyone today is a hacker in a sense but there are very few OG hackers on which shoulders we stand Oh dude, Felix “FX” Lindner you were so much a hackers hacker and you will be missed RIP my friend and thank you

@rebane2001 will it run doom?

i built an entire x86 CPU emulator in CSS (no javascript) you can write programs in C, compile them to x86 machine code with GCC, and run them inside CSS

@5mukx Dood it´s 2026... who cares about userland hooks?

Malware development intermediate: EDR Evasion - A New Technique Using Hardware Breakpoints cymulate.com/blog/blindside…

@eversinc33 @cyb3rops Looks like the boys (colleagues) and I are soldiers now

@cyb3rops nmap bundesbank.de CYBERWAR🔥

The firewall blocks it; headline calls it cyber war Call it: blocked requests, scans, probes, bot traffic

@yarden_shafir Once you reach the level "I´ve forgottn more stuff than the average Junior level Analyst knows" you enter the realm of the true masters

Spent all morning debugging an issue. Eventually found the answer in a blog post. That I wrote. 5 years ago.

@VirtualAllocEx perfectly fine dood!

@techspence Let´s move everything to the cloud, they know how to do security

What’s the cybersecurity equivalent of finding out Santa isn’t real? Having EDR != you are secure Your turn 😆

@d4rksystem @rpargman Awesome Kyle... looking forward to it!

Ever since I was baby I've wanted speak or give a workshop at Defcon.. This year I get to finally make that dream happen. It's on, @rpargman 😎

@yarden_shafir It´s a Kookaburra, in germany we call it "laughing Hans" :D They are quite intelligent birds ;) Kookaburra - Wikipedia

This cute little thing sounds like a witch laughing in a dark forest and has tried to kill me twice so far

Today I improved and rereleased a Project: github.com/Karkas66/Early… The original Code by 0xNinjaCyclone had hardcoded Injection Process Name and static plain Shellcode. I wanted to load dynamic Shellcode from files into a process of my choice. To get rid of plain msfvenom shellcode detections by several AVs I made a basic XOR Encryption of the embedded shellcode. I also made a Visual Studio 2022 Template, ready to compile and run. Did not yet find the problem why not msfvenom shellcode crashes the hosting payload process. So just use msfvenom SC for now. I successfully tested with meterpreter_reverse_tcp

@m4ul3r_0x00 Early Cascade Injection, nice work, thanks

@_RastaMouse it realy is. But learn my lesson: Don´t Update (OTC Wifi Dongle) without backing up the SD Card first

I got one of those dodgy open source game consoles - the R36S. It's actually really neat 😅

@C5pider @Octoberfest73 yeah sure it´s not... did not yet look into the code when writing the comment. Will steal the best ideas anyway! btw, nice Framework @c5pider was hard to get into it, but yet fun to learn

@SOC5444 @Octoberfest73 This is not the same. While both of you wrote a stager, his is focused on creating a secure staging process by validating and verifying the retrieved stage against an MD5 checksum.

Happy to share another open source project- An x64 position-independent shellcode stager that validates the downloaded payload stage prior to execution. Integration with Cobalt Strike out of the box. Check out Secure_Stager here: github.com/Octoberfest7/S…

@d4rksystem @jstrosch loved to see you working!

Thanks a lot @jstrosch for the great conversation and allowing me to demo some malware analysis techniques on your channel! If you missed it, you can find it here. 😎 youtube.com/watch?v=odRgHC…

@kyREcon @OutflankNL yeah... exactly my thoughts man

@SOC5444 @OutflankNL There's nothing novel about it, except from overwriting a different pointer. 🤷

New Blog Alert! 🚨 Introducing Early Cascade Injection, a stealthy process injection technique that targets Windows process creation, avoids cross-process APCs, and evades top-tier EDRs. Learn how it combines Early Bird APC Injection & EDR-Preloading: outflank.nl/blog/2024/10/1…

@d4rksystem @proofpoint Nice, perfect to end this workday with

Thanks @Proofpoint for hosting me on the podcast! I love talking about malware🤓