ioan

16 posts

ioan banner
ioan

ioan

@_i04n

Offensive Security | OSCP | CRTO | BSc

United Kingdom Katılım Ocak 2014
211 Takip Edilen35 Takipçiler
ioan retweetledi
Bad Sector Labs
Bad Sector Labs@badsectorlabs·
Nothing beats the feeling when someone is inspired by your work and builds off it to release something even cooler. These slides have me hyped for the talk recording!
Print3M@Print3M_

I’m sharing my slides from @x33fcon 2026. Inside ~15 examples of abusing traitorware to execute your payload via trusted & signed binaries (e.g. VLC Player, SublimeText) and how to find more of them. Recording will be published soon. github.com/Print3M/MyTalk…

English
1
9
48
5.2K
ioan retweetledi
Masahiro Kawada
Masahiro Kawada@kawakatz·
Burp SuiteのRCE的なやつ〜 諸々含めて大変優しくしていただき、大感謝☺️ Burp Suite Professional: browser-powered crawl can write attacker-controlled files through file input handling hackerone.com/reports/3712279
日本語
11
40
301
26.9K
ioan retweetledi
Synacktiv
Synacktiv@Synacktiv·
🇵🇱 At #x33fcon, our experts unveiled new offensive DCOM techniques, including a COMouflage variant enabling arbitrary executable execution and a fileless lateral movement method based on .NET deserialisation. DCOMIllusionist is now available: 🔗github.com/synacktiv/DCOM…
Synacktiv tweet media
English
2
50
158
11.1K
ioan
ioan@_i04n·
@TwoSevenOneT Credit where credit is due ^ I can’t find the original post
English
0
0
0
34
ioan
ioan@_i04n·
@TwoSevenOneT EDRUnChoker - registers a permanent WMI subscription with a 5-second timer that runs an embedded VBScript (fileless) deleting any MSFT_NetQosPolicySettingData policies targeting known security products or aggressive app-path throttles. github.com/sbousseaden/ED…
English
2
0
2
355
Two Seven One Three
Two Seven One Three@TwoSevenOneT·
New #redteam tool for blocking EDRs: EDRChoker Instead of fully blocking the EDR agents' connections to their server, we can throttle their bandwidth so they consistently time out when sending data, which is effectively the same as blocking but avoids triggering "block" or "drop" packet events #pentest #cybersecurity Github: TwoSevenOneT/EDRChoker
Two Seven One Three tweet mediaTwo Seven One Three tweet mediaTwo Seven One Three tweet media
English
24
180
758
116.2K
ioan retweetledi
BlackSnufkin
BlackSnufkin@BlackSnufkin42·
shipping v5 of LitterBox after way too many late nights real EDR in the loop now. drop an agent on your VM, fire payloads at it, alerts land back with full call stacks. Elastic Defend + Fibratus work. new UI + better performance — notes in the release. github.com/BlackSnufkin/L…
English
4
66
261
15.6K
ioan retweetledi
Patchi/fyi
Patchi/fyi@PatchRequest·
EDR has the attention span of a toddler. If it doesn't see the exact pattern it was trained on (sleep, allocate, inject, sleep), it just moves on. Anything else between your calls and it forgets you exist. So I built a library that does exactly that patchi.fyi/blog/busywork-…
English
2
48
208
10.5K
ioan
ioan@_i04n·
For anyone interested in this kind of thing: This talk covers the core concepts behind bytecode-interpreted loaders: why they matter in the current EDR landscape, how they work under the hood, and what they actually buy you versus what they cost. youtu.be/SGSa5tE8AIg
YouTube video
YouTube
English
0
0
1
11
ioan retweetledi
Devon Kerr
Devon Kerr@_devonkerr_·
This capability works crazy well when applied to deployed malware and data theft operations, EDR vendors. Wink wink nudge nudge.
Two Seven One Three@TwoSevenOneT

New #redteam tool for blocking EDRs: EDRChoker Instead of fully blocking the EDR agents' connections to their server, we can throttle their bandwidth so they consistently time out when sending data, which is effectively the same as blocking but avoids triggering "block" or "drop" packet events #pentest #cybersecurity Github: TwoSevenOneT/EDRChoker

English
0
9
87
15.4K
IRIS C2
IRIS C2@C2IRIS·
What’s the wildest real life C2 comms channel you’ve ever encountered/used?
English
20
2
53
10.8K