klez

1.1K posts

klez banner
klez

klez

@KlezVirus

Adversary Simulation @SpecterOps - Opinions are my own

Italy Katılım Aralık 2014
733 Takip Edilen9.4K Takipçiler
Sabitlenmiş Tweet
klez
klez@KlezVirus·
[RELEASE] Better late than never! Part 3 is out! Fantastic unwind information and where to find them. We went digging through .pdata, RTF Lookups, and a few ntdll internals that probably weren't meant to be touched. BYOUD dropping alongside. Enjoy 😉 klezvirus.github.io/posts/Byoud/
English
2
54
170
13.8K
klez
klez@KlezVirus·
@_MrTiz Nice work, man! ;)
Rocca Priora, Lazio 🇮🇹 English
0
0
0
20
klez
klez@KlezVirus·
[TALK] My latest Black Hat Europe talk is now publicly available. If you can look past the painfully obvious anxiety and a speaker who occasionally sounds like his brain has stopped cooperating, you might find something useful. Who knows? youtube.com/watch?v=tOVcSc…
YouTube video
YouTube
English
5
35
141
11.5K
Octoberfest7
Octoberfest7@Octoberfest73·
Didn’t figure out what was causing this behavior, but landed on dropping the XLL in the %APPDATA%\microsoft\excel\XLSTART folder and then running excel to trigger it. It works and as bonus points it’s even a real adversary TTP cert.gov.ua/article/6285549
Octoberfest7@Octoberfest73

Has anyone played w/ XLL's recently? I'm finding that in up-to-date office double clicking an XLL will open excel but no longer loads/fires the XLL itself. Going into File->Options->Add Ins->Manage I can load the XLL and have it work that way, but not on open anymore

English
4
21
92
10.5K
klez retweetledi
Adam Chester 🏴‍☠️
New blog post is up looking at how LLMs are making local EDR rulesets, YARA rules, and behavioral detections trivial to extract. This post focuses on how simple the harness can be. Buckle up h4xx0rs, the next few months are gonna get interesting! specterops.io/blog/2026/06/2…
English
16
189
619
107.4K
klez retweetledi
S3cur3Th1sSh1t
S3cur3Th1sSh1t@ShitSecure·
In september @MCTTP_Con - we will reveal our latest research about USB Co-Installer and Driver vulnerability exploitation for Privilege Escalation. 🔥🔥Super happy to work together with @KlezVirus on that research! 🫡
S3cur3Th1sSh1t tweet media
English
2
6
27
3.7K
klez retweetledi
Octoberfest7
Octoberfest7@Octoberfest73·
✅Call APIs requiring 5+ args ✅Store return values ✅Chain multiple spoofed calls for sleep obfuscation ✅Zero user code required during execution ✅CET/HSP/Shadow stack compliant Big things coming to the UDRL and Sleepmask Development course...
Octoberfest7 tweet mediaOctoberfest7 tweet media
English
6
23
122
8.8K
klez retweetledi
Alex Veremeyenko
Alex Veremeyenko@alex_verem·
Let me trace the timeline here because nobody's connecting it. Step 1: Scrape the entire internet. Every book, every article, every conversation, every piece of art, every forum post. Do it without asking. Do it without paying. Step 2: Train a model on all of it. Call it "artificial intelligence." Step 3: Go to BlackRock's Infrastructure Summit and announce: "We see a future where intelligence is a utility, like electricity or water, and people buy it from us on a meter." Step 3 is where you sell people's own knowledge back to them. On a meter. They took the collective output of human thought, compressed it into a model, and now they want to charge you by the token to access a version of what you and everyone you know already created. One Reddit user put it perfectly: "They stole all this data from us, the people, our life's work, creativity, art, by devouring the internet and blowing through all copyright laws. Now they want to sell it back to us in the form of a utility." Imagine if someone photocopied every book in the public library, burned the library down, and then opened a subscription service for the copies. That's the metered intelligence business model. And they're pitching it to infrastructure investors as though they invented water.
Vivek Sen@Vivek4real_

SAM ALTMAN: “WE SEE A FUTURE WHERE INTELLIGENCE IS A UTILITY, LIKE ELECTRICITY OR WATER, AND PEOPLE BUY IT FROM US ON A METER.”

English
3.3K
46.5K
136.3K
5.7M
klez retweetledi
Adam Chester 🏴‍☠️
Everyone losing their minds over the Visual Studio Code payload hitting GitHub. The research was published on @MDSecLabs site in 2023! Red Teams have used this on assessments for ages!! Microsoft knows all of this and didn't bother to fix it!!! IT'S BEEN IN INITIAL-ACCESS FRAMEWORKS FOR YEARS!!!! mdsec.co.uk/2023/08/levera…
English
9
43
173
24.1K
klez retweetledi
Adam Chester 🏴‍☠️
If you came to SOCON, you may have seen the fireside chat on Ouroboros (if you weren't too busy counting my "urm"s 😝). The blog post is now live, detailing how we can use Dev-Tunnels for lateral movement, and allow pivoting from GitHub/Entra ID access. specterops.io/blog/2026/05/0…
English
6
50
187
27.9K
klez retweetledi
Robert Yates
Robert Yates@yates82·
I wrote a thing. if you are interested in obfuscation/de-obfuscation and compilers, but perhaps don't have a tangible experience with it, then i hope this story will be interesting to you and teach a few things along the way (-:
quarkslab@quarkslab

Obfuscation vs The Optimizer: A Battle in LLVM Middle End. @yates82 shows us how the continuous improvement of the LLVM optimizer defeats naive code obfuscation, and how the obfuscator can fight back. An eternal fight in which all victories are ephemeral blog.quarkslab.com/obfuscation-vs…

English
0
21
57
9.1K
klez retweetledi
𝙁 𝙀 𝙇 𝙄 𝙓 𝙈
Introducing Combat Theater, a malware technique emulator built for blue teams, detection engineers and security researchers to perform testing and detection validation quickly and easily. Check out the introduction blog to learn more! combat.theater/blogs/introduc…
English
13
69
280
60.9K
klez retweetledi
Ido Veltzman
Ido Veltzman@Idov31·
After more than a year in the making it is finally out and available here: xintra.org/courses/11-win… :) I will always do open source and publish papers but I've been working for a long time to create a course for people that want structured and in-depth content 1/
inversecos@inversecos

NEW XINTRA COURSE!!!🥳 Windows Kernel: Offensive, Defensive & Reverse Engineering by @Idov31 xintra.org/courses/11-win… Build an EDR and rootkits from scratch while mastering the Windows kernel. Over 70 videos and labs covering: > Build your own EDR (detection + prevention) > Rootkits & offensive tradecraft > Reversing Windows kernel & drivers > Kernel callbacks, ETW, minifilter and more There are preview videos too if you wanna see some snippets of the course content ;) This course is instructed by Ido Veltzman (@Idov31), a senior security researcher specializing in reverse engineering, operating system internals, vulnerability research, and exploit development. His work spans UEFI, hypervisors, kernel, and user mode, where he has developed advanced evasion, persistence, and injection techniques. @XintraOrg

English
7
20
107
13.5K
klez
klez@KlezVirus·
@Idov31 That's a banger! Great job man! 🔥
English
0
0
1
346
Ido Veltzman
Ido Veltzman@Idov31·
A new post (with a new website design) is finally out: idov31.github.io/posts/hypervis…. After two years, I wanted to start posting again and really wanted to share something that contains some technical details about hypervisors, my opinions on utilizing hypervisors for defense and 1/2
English
3
17
61
6.4K
klez
klez@KlezVirus·
@LorenzoMeacci Just read the blog post man, really great work! Keep it up! 🔥🔥🔥
English
1
0
1
704