Andre Marques

@ichitake9 Will check that, but I am pretty sure that you're right... I even remember patching this code after awhile that it has been posted but can't remember what exactly I have modified. Anyway, thanks for noting and reporting. Will change that on the blog.

@Pawp81 @ZHacker13 @l33ksss These days the offensive community is so acid about release of tools and information that I have become relutant of posting anything... A shame, because I think even some "incorrect" information can lead us to discover the "correct" one together, as it happened with AMSI for me.

@ZHacker13 @l33ksss I don't think author of that blog is correct. AMSI doesn't look for strings: docs.microsoft.com/en-us/windows/… microsoft.com/security/blog/…

@Pawp81 @ZHacker13 @l33ksss Yes, I was wrong in many assumptions in that post. But I guess it is not completely useless and has served it's purpose of disseminating on how to circumvent that and execute your scripts. Which is why I had released it to public first place.. to help people.

New post. Coding a powershell bind shell that bypass that troublesome Windows Firewall pop-up when binding tcp sockets! No need for Local admin either. 0x00-0x00.github.io/research/2019/…

You can now find in the @blackarchlinux repository: - JSParser by @NahamSec - Shellpop by @_zc00l - arsenic by @hdeinc Thanks those devs for their amazing tools! Happy hacking! #BugBounty #Hacking #BlackArch

@JaneScott_ Coding this one! 0x00-0x00.github.io/research/2019/…

@_zc00l Wheeee, another C++! What were you doing with it?

Hey hackers! 🤗 I'm trying to see something. 🚧🔨👷🏻‍♀️💻 What is the language of the most recent script/program/exploit you wrote or used IN PRACTICE? Not talking your favorite one, or the best one: just the LAST one you used, on the ground, at the coalface. Please RT for reach!

Now that it's no longer a 0day, check my post about "Coding a reliable CVE-2019-0841 bypass" to craft a LPE exploit that works for all versions of Microsoft Edge in Windows 10. 0x00-0x00.github.io/research/2019/…

@_RastaMouse Yes, my VMWare Workstation 14 freezes when I plug any USB to my host. Tried to downgrade, nothing changed. Now I move to VirtualBox when I need USB for VMs...

Anybody else finding VMware Workstation quite buggy on 1903? Particularly copying files from host to guest.

Amazing talk. Must watch!

Awesome work, as usual!

@nikhil_mitt @SecurityTube Oh yes!! Looking forward for it!

You asked, we did! After months of hard work, super glad to finish Attacking and Defending Active Directory :D A video course and live lab at PentesterAcademy @SecurityTube Registrations open soon!

Pwning computers with Telegram Bot API. This is a post where I describe my experience developing a fun weekend-project that I named "Telepreter". 0x00-0x00.github.io/tools/2018/12/…

@_xpn_ @byt3bl33d3r Hmmm, so it is still viable by patching AMSI before loading assemblies. Thanks for testing it already!

@byt3bl33d3r So it passes the argument from Assembly.Load into AMSI to allow Defender (other AVs also available) to scan. Assembly.Load still works fine, but if AMSI picks up malware, an exception is thrown back to .NET

Quickly playing around with the .NET AMSI port (Early Release) and it looks like it is possible to bypass the added protections in similar ways to its Powershell counterpart youtu.be/avjPW_ea6QQ

@chryzsh @Cneelis Oh yes, how could I forget that one. Just installed GoLand in my developing VM.

Finally! Time to change strategy. C++ is going to be "the way"?

New blog post: "Oh no! AMSI blocked the AMSI Bypass! What Now?" It teaches how to circumvent this and posterior AMSI blocks to our AMSI bypass script. 0x00-0x00.github.io/research/2018/…

New Release: Magic Unicorn 3.5.1 - adds AMSI_BYPASS mode which uses the technique described here: 0x00-0x00.github.io/research/2018/… to disable AMSI as part of the payload in Unicorn. Also added new features (print_decoded and more). github.com/trustedsec/uni… #TrustedSec

Check my latest blog post about recovering domain credentials from WPA2 Enterprise on a compromised workstation! 0x00-0x00.github.io/research/2018/…

Explicando y bypasseando protecciones de PowerShell con técnicas de @yair_omer @_zc00l y @_RastaMouse hackplayers.com/2018/11/powers…