HoangSpecial

@timmisiak look at rsp for example is great. The stack window is there but most the time I want to scroll further and beyond alongside with a more intuitive understanding of where I am in the stack is the only reason I am still on windbg :(. Thanks again for the great product!

@timmisiak Thanks for the reply Tim! I appreciate it. One last suggestion (and maybe I am a coconut and haven't figure it out yet) but the ability to view memory as other forms (Pointer and Symbol to be specific) would be godsend. The ability to scroll &

@timmisiak big fan of windbgx. Everything is much better and more fluid. However, just a feedback and it is that hotkey-only new windows suck. I had to ask tons of people after googling resulting in nothing useful (it was ctrl + shift + m). Would love a more intuitive way!

@layle_ctf @ColtonSkees On top of that, what DB implemented is more than many other manufacturers does to secure their signed drivers. Go get some CVEs and clout there instead where the source is not open to the public unlike CE (github.com/cheat-engine/c…).

@layle_ctf @ColtonSkees Because DB and CE's job is to provide hackers with a hacking tool. Not adding more and more security on top of already existing ones. Plus, it is open source. So this will require DB to: 1. wild goose chase on an open source software to keep you happy. 2. everyone signs their own

Did you ever want to load dbk64.sys yourself and abuse the fact that it's a signed driver? Maybe call the builtin kernel read/write (and many more!) routines because you don't have a driver signing certificate? You can do that now! Check it out ;) GitHub: github.com/ioncodes/ceload

@layle_ctf But why tho? DarkByte wrote one of the greatest tool that every game hacker relies on and give it out for free. Why wouldn't you honor his wishes to keep things safe?

@leoloobeek Next time Leo, I promise

A little hurt that LeoSpecial wasn't a part of FireEye's internal toolset... github.com/hoangprod/LeoS… cc:@SpecialHoang

@GossiTheDog @byt3bl33d3r @TalBeerySec @cyb3rops @anthomsec Shhhhhh 🤫

Got your special tool, Andrew 😸 #FireEye #RedTeam

Are there any Write-What-Where primitive left in W10 x64 1909? Seem like Gh?4 RGNOBJ is the only one intact and I'm not even sure if that is usable as a primitive. @msftsecurity, give back my GDI objects!

New COM post (and PoC) just published. This one journeys into COM server development, building a component for offensive use cases that can then be loaded with registration-free COM. Feedback welcome. adapt-and-attack.com/2020/05/12/bui…

During a recent long-term red team op, we bypassed CloudFlare to obtain a foothold on a subsidiary. AD forest exploitation followed, which allowed for compromising the parent company. This post focuses on bypassing CloudFlare WAF. aon.com/cyber-solution…

@vysecurity When your opponent is a kernel level anticheat that disregards usability, privacy, stability, and compatibility, Modern EDR Solutions (TM) looks cute in comparison.

Yesterday’s game hackers are today’s Red Team Operators.

@james0x40 nice! is this with sandbox escape as well?

@n4r1B Amazing work. Loves the attention to detail and how far you go into each of WD's module and structure =)

First part of a research on Windows Defender main driver - WdFilter n4r1b.netlify.com/en/posts/2020/…

@BillDemirkapi Similarly, I also happen to get to use forced exception through pointer destruction which is another nice trick to pair up with VEH. AGAIN, sorry for necroing this haha.

@BillDemirkapi Sorry for replying to something a year back, was scrolling through my Twitter and realized I never replied, my fault. I think you know this by now that a lot of games do anticheat do use DR register as a way to stop debuggers from placing hwbp but your comment is correct =).

Ever want to hook functions stealthily? Check out my new blog! Vectored Exception Handling Hooking! @fsx30/vectored-exception-handling-hooking-via-forced-exception-f888754549c6" target="_blank" rel="nofollow noopener">medium.com/@fsx30/vectore…

@leoloobeek @bohops @Oddvarmoe @xenosCR @ConsciousHacker @curi0usJack @CyberWarship @EranShimony @PhilipTsukerman @mrgretzky I wish i was 10

@SpecialHoang @bohops @Oddvarmoe @xenosCR @ConsciousHacker @curi0usJack @CyberWarship @EranShimony @PhilipTsukerman @mrgretzky @SpecialHoang is half my age, twice the knowledge 😁

I need to do more of these. Here is my first #FF of the year: @leoloobeek @Oddvarmoe @xenosCR @ConsciousHacker @curi0usJack @CyberWarship @EranShimony @PhilipTsukerman @mrgretzky

@leoloobeek @bohops @Oddvarmoe @xenosCR @ConsciousHacker @curi0usJack @CyberWarship @EranShimony @PhilipTsukerman @mrgretzky One of the smartest hacker I know. The man, the legend, leoloobeek

@bohops @Oddvarmoe @xenosCR @ConsciousHacker @curi0usJack @CyberWarship @EranShimony @PhilipTsukerman @mrgretzky Wow appreciate this! I'm humbled to be included in a list with all these smart people

@jasc22 @TomahawkApt69 @NCCGroupInfosec @leoloobeek If you can show me the code. It have a custom cmd that you can use, just ends with &. This should let you execute anything in cmd as admin. Sorry for the late reply, holiday and travel. Do let me know if you need more help we can hit up DM.

@SpecialHoang @TomahawkApt69 @NCCGroupInfosec @leoloobeek Hey @SpecialHoang, thanks for an excellent finding. I tested this on 1803 and am able to add a regular user to the local admin group but not able to add a new user. I modified the code to add a new user and tested it but that did not work either. Appreciate your thoughts on this.

Thanks to @NCCGroupInfosec for releasing their write up on CVE-2019-1405 and CVE-2019-1322. I figured it is time for me to learn some COM stuff so I whip up a PoC. Source: github.com/apt69/COMahawk . Video: vimeo.com/373051209 Thanks to @leoloobeek and @TomahawkApt69

@vm_call This was always a known thing in project's file is it not? Just give a quick look around project file and solution file before opening.