5pider

3K posts

5pider banner
5pider

5pider

@C5pider

research & developer @InfinityXCurve

Katılım Nisan 2019
119 Takip Edilen33.8K Takipçiler
Sabitlenmiş Tweet
5pider
5pider@C5pider·
Havoc Professional Finally Released! 🕸️🕷️ Since our last blog post introducing the Havoc Professional framework and the Kaine-Kit, we've been refining the framework behind the scenes while also welcoming @avx128 as a new member of our team. This blog post covers the numerous features included in the initial release of Havoc Professional. I'm excited to finally share the work my team and I have put in over the past year. This is just the beginning of what we have planned. infinitycurve.org/blog/release
English
29
68
314
36.9K
5pider
5pider@C5pider·
@Vsimpro trying out move me? 🕺🕺💃💃👯. Recover from that lil bro
English
1
0
1
18
vs1m
vs1m@Vsimpro·
@C5pider thank you :3 🕺🕺🕺
English
1
0
1
44
vs1m
vs1m@Vsimpro·
✍️ **NEW BLOG:** Malware can be stopped by taking down infrastructure. What if the Defenders could not rely on this technique❔ I investigated how Nostr's censorship resistant model could be used as robust comms for Malware. Read more about it here: vs1m.pro/posts/nostril/
English
2
0
6
764
5pider
5pider@C5pider·
@rad9800 the first two pictures look nothing like u
English
2
0
2
1.2K
Rad
Rad@rad9800·
N many years after working in cyber ...
Rad tweet media
English
2
0
15
2.9K
5pider
5pider@C5pider·
@eversinc33 great work sven! As I told u we need more vm/compiler related blog posts. Hope to see more from u 😼
English
1
0
11
1.4K
eversinc33 🤍🔪⋆。˚ ⋆
eversinc33 🤍🔪⋆。˚ ⋆@eversinc33·
When practicing on a VM crackme recently, I created a devirtualizer which lifts the virtual machine to LLVM to defeat the protection. LLVM-based devirtualisation is a lot of fun and I wrote down my experience and lessons learned on my blog: eversinc33.com/2026/05/07/llv…
English
18
101
502
34.1K
Kuba Gretzky
Kuba Gretzky@mrgretzky·
Super proud and excited to be joining this year's extraordinary line-up at @x33fcon! This time, I will be showing a new phishing technique that involves downgrading FIDO MFA to less secure, phishable fallbacks. See you in June! 🦜🏴‍☠️
Kuba Gretzky tweet media
English
2
5
40
2K
Joe Desimone
Joe Desimone@dez_·
New adventure: wrapped week one at Microsoft Security! Working alongside @dwizzzleMSFT, who I plan to annoy with a backlog of questions. Excited to work on AI and security at planet scale 🤓
Joe Desimone tweet media
Joe Desimone@dez_

After 10 years at Elastic/Endgame, today is my last day. Incredibly proud of what this small but mighty team has built. Working alongside our community of users has been one of the most rewarding parts of the journey. On to a very exciting new adventure soon, stayed tuned!

English
12
0
102
8.5K
J⩜⃝mie Williams
J⩜⃝mie Williams@jamieantisocial·
one wrong turn in Paris and you will feel bad about every item of clothing & jewelry that you own.
English
5
0
31
2.6K
Jonathan Peters
Jonathan Peters@cod3nym·
I wrote some of the rules that caught this #PhantomCLR campaign. They are not campaign-specific, they focus on common techniques used by a wide range of threat actors. If you are interested in how defenders can take advantage of code reuse to build better detections, and just how much code is shared across actors, I will be speaking at #Area41 in Zürich this June. I will be looking into code reuse across the .NET malware ecosystem and show some practical detection approaches. This will be my first public talk :) You can check out the conference here: area41.io
Jonathan Peters tweet media
Nextron Research ⚡️@nextronresearch

#PhantomCLR shows again why generic detections matter in modern attacks. By targeting commonly reused functionality across different threat actors, we can detect and cover new variants from day one. In this case, the sample was already covered by multiple of our generic rules targeting: encryption routines, dynamic function resolving, shellcode allocation, and typical obfuscation indicators. Two of these rules are more than three years old and still provided coverage for this and similar variants before they were even observed publicly.

English
1
1
6
935
5pider
5pider@C5pider·
Would highly recommend to check out Felix’s work, he has build something really impressive for a while and glad to see his project finally online. If you are a blue teamer that needs a tool with up to date malware techniques especially detection engineering then check this out :D
𝙁 𝙀 𝙇 𝙄 𝙓 𝙈@felixm_pw

Introducing Combat Theater, a malware technique emulator built for blue teams, detection engineers and security researchers to perform testing and detection validation quickly and easily. Check out the introduction blog to learn more! combat.theater/blogs/introduc…

English
1
9
145
26.4K
5pider
5pider@C5pider·
@_RastaMouse @nosequeponerrie I believe he is asking regarding adding additional support for extensions development via the stardust template instead of using Crystal Palace.
English
0
0
0
314
Rasta Mouse
Rasta Mouse@_RastaMouse·
@nosequeponerrie @C5pider I don't really know what this means. Startdust is a template for writing PIC. CrystalC2's agent is already PIC. What "native compatibility" is there to implement?
English
1
0
0
443
Rasta Mouse
Rasta Mouse@_RastaMouse·
Adding the Crystal Palace YARA generator to CrystalC2. The feedback loop between modifying the .spec, clicking 'build' in the client, and seeing the new rules is super-fast.
Rasta Mouse tweet media
English
2
8
81
12.2K
kapla
kapla@LorenzoMeacci·
Thanks to @Octoberfest73, who spotted a mistake I made in my blog (which led to a never-ending rabbit hole of false assumptions about timer stacks xD), I was able to implement the InsomniacUnwinding technique in a full sleepmask based on Ekko by @C5pider github.com/kapla0011/Inso…
kapla@LorenzoMeacci

New research: InsomniacUnwinding "Call stack spoofing is mandatory for sleep masking" No, it's not. Surgical UNWIND_INFO preservation: ~250 bytes vs ~6KB .rdata. Signatures encrypted, stack intact, no spoofing. Github: github.com/kapla0011/Inso… Blog: lorenzomeacci.com/unwind-data-ca…

English
2
13
53
5K
5pider
5pider@C5pider·
@layle_ctf this is honestly really impressive and cool!
English
1
0
2
756
Layle
Layle@layle_ctf·
Alright here are the new backends for: - C++ - IDA Pro - Binary Ninja Ever dealt with a platform/architecture that didn't have a plugin for your favorite diassembler? You can generate one from a chipi spec now! Links in the comments, works as of chipi 0.8.0!
Layle tweet mediaLayle tweet mediaLayle tweet mediaLayle tweet media
Layle@layle_ctf

Huge update since this: - Decoupled DSL from Rust (soon backends for other languages!) - TOML support - Grouping of instructions via const generics / templates For emulators: - LUT and jump table generation for dispatch - Handler stub generation for interpreters

English
6
21
234
17.4K
Gavin K
Gavin K@atomiczsec·
firewall_rule - a BOF to add, remove, or query Windows Firewall rules via the COM API (INetFwPolicy2) In highly monitored environments, just spawning process will create alerts. This tool is useful for helping pivot inside networks without that process creation find it here: github.com/atomiczsec/Adr…
Gavin K tweet media
English
2
18
99
7.8K
5pider
5pider@C5pider·
I believe this method of execution will be much more relevant in the upcoming years especially as it triggers much less telemetry compared to other means such as Beacon Object File execution and or other dynamic code execution methods.
English
1
2
20
2.3K
5pider
5pider@C5pider·
Another small demonstration video is online! In this demonstration we are going to cover the vm-filesystem project which utilizes the Firebeam Virtual Machine to interact with the target filesystem and monkey patch python methods which the File Browser uses to interact with the agent. YouTube and Github Link below🔗
5pider tweet media
English
3
24
150
11.8K

Keşfet

@Vsimpro @rad9800 @eversinc33 @mrgretzky @x33fcon @dez_ @dwizzzleMSFT @jamieantisocial