PatchRequest

Currently analyzing the leaks regarding conti gang. Found a file with a Mega account. PW is in the file too. I think I should not log into it right? :D

Continued working on my proof-of-concept anticheat. These are the events visible to an anticheat when you use default DLL injection; pretty obvious, I'd say :) github.com/PatchRequest/P…

Just added self-clone to my Mythic agent: spawn new proc + spoofed PPID while original stays alive and running as backup github.com/PatchRequest/K…

Just implemented self-deletion in my Mythic agent while the process keeps running smoothly. Big thanks to @MalDevAcademy for the inspiration 🔥 github.com/PatchRequest/K…

@UK_Daniel_Card In 2025 he did: Jan – CISSP Jan – CCSP March – OSED July – OSWE Oct – OSCE3 Oct – CRTO Sure, just complete all of the "hardest" certs in a month or two while being a Deputy Manager and Red Team Lead at a Big4 company, and while running a blog with 32 pages of articles

@UK_Daniel_Card Saw his profile earlier too. He would have had to buy the certs. He supposedly completed all of them within three years, doing certifications like OSCE3 and CRTO at the same time in two months, right after finishing other certs in another two months, etc. It’s super suspicious.

WHAT THE FUCK

@Salsa12__ Remove PPL should trigger PatchGuard, how did you avoid it?

🚀 PPLReaper Release Windows kernel driver + userland tool to inspect and manipulate Protected Process Light (PPL): • Query PPL • Remove PPL • Assign PPL github.com/S12cybersecuri… ⚠️ The driver must be properly signed or the system must be in Test Mode

@ipurple Patchguard is already detecting this and giving a bsod

Disabling PPL Protection on Windows Processes @s12deff/disabling-ppl-protection-on-windows-processes-0cb77a065939" target="_blank" rel="nofollow noopener">medium.com/@s12deff/disab…

Basic, but I guess effective enough to catch some script kiddies. I added a blacklist of words that should not appear in any running process. I think some cheaters actually get caught in the wild by this lol github.com/PatchRequest/P…

I wanted to consume some ETW providers, but it turned out I needed to be a PPL. So thats a side quest I worked on for now. Not sure how useful this is for protecting the game, but the protection for my own usermode part should be useful for the anti-cheat github.com/PatchRequest/P…

@GuidedHacking This is a better screenshot:

This is how the default settings of the @GuidedHacking injector currently appear in my anti-cheat. You can clearly see the sequence: WriteProcessMemory → DLL image load → new thread inside the newly loaded DLL. github.com/PatchRequest/P…

Still learning and pushing my anticheat forward. Implemented disk vs memory integrity checks to detect module tampering. Starting with the .text section simple but the most important one.

Vibe Coding with AI was the best ever for Bug Bounty. The DevOps is so bad that I love it. While generating tokens, it somehow generates infosec jobs too Find more at: cerast-intelligence.com

We are live! Search our database of over 8 million potentially exposed files by domain 🔍 Explore now: cerast-intelligence.com

Sneak Peek of what’s coming October 1st Be ready | millions of never-before-seen exposed files will become searchable cerast-intelligence.com

Injecting a DLL into every process and overwriting WinAPI functions can easily go wrong. My anti-cheat crashed the PC with the pop-ups :) Is this technique a thing for anti-cheats? I mainly know it from EDR and AV github.com/PatchRequest/O…

I think scoring applications based on ProcAge, ExeAge, and their behavior is a valid approach to determine whether it’s just Task Manager requesting a handle for the billionth time or a Python CreateRemoteThread PoC github.com/PatchRequest/O…

Second detection: when somebody requests a handle to my protected process, I can react to it. github.com/PatchRequest/O…

Started detecting remote thread creation, pretty cool if you ask me :) At first I was confused until I realized my notify routine runs in the process context of the invoker, then it was pretty easy to detect github.com/PatchRequest/O…