Dankitani

Good morning! Just published a blog post diving into Windows Kernel Pool internals: basics, memory allocation functions, internal structures, and how Segment Heap, LFH, and VS work. r0keb.github.io/posts/Windows-…

As promised, the research on CVE-2023-28252 is already published with its PoC and the detailed explanation of the reversing that we did with my friend @solidclt. github.com/fortra/CVE-202…

@reverseame @uclm_es Thanks for the welcome! A pleasure to be part of the group!! :)

We forgot to announce that three weeks ago we had a new member in the group! Better late than never. This time it's @dankitan, a recent PhD from @uclm_es who works on IoT malware research, among other issues related to system security. Welcome aboard, Javier! 👋👋

Are you interested in learning reverse engineering in 2023? I've spent the this year studying RE, and I want to share all the resources that helped me along the way in the following tweets. Trust me, you won't be disappointed! 🧵 #infosec

Do you sit at a computer for longer than 6 hours a day? You’re destroying your body if so. Here’s the setup you need to protect yourself from posture problems and crippling long-term injuries: 🧵

My new paper for @MBThreatIntel: "#JSSLoader - the #shellcode edition" : malwarebytes.com/blog/threat-in… // #FIN7

"A practical guide to bypassing userland API Hooking" #redteam #infosec #pentest perspectiverisk.com/a-practical-gu…

Shielder - Reversing embedded device bootloader (U-Boot) - Part 2 : shielder.com/blog/2022/03/r… Part 1 : shielder.com/blog/2022/03/r…

Pwning a Cisco RV340 with a 4 bug chain exploit: blog.relyze.com/2022/04/pwning…

Insane amount of good quality resources 👏 github.com/FULLSHADE/Wind…

[Red Team] "Advanced Process Injection Techniques" Workshop is now LIVE ! Workshop Outline : PE Basics APC injection Module Stomping Process Hollowing Process Doppelgänging Transacted Hollowing Process Herpaderping Process Ghosting Code Repo : github.com/RedTeamOperati…

Windows internals resources that I have collected in around an year #infosec Win32 programming with code examples: installsetupconfig.com/win32programmi… Notes for Windows API programming; caiorss.github.io/C-Cpp-Notes/Wi… Windows undocumented functions' docs: undoc.airesoft.co.uk

@shade_nyc Good luck!!! I'm pretty sure you're going to do great! You have plenty of knowledge and experience, so stay calm and go for it!

New blog series: Intro to Embedded RE Part 1: Tools and Series Overview voidstarsec.com/blog//2022/01/… The next post releases on Friday, I'm looking forward to sharing this work with the community!

Investigadores encuentran múltiples puertas traseras en el popular dispositivo VoIP fabricado por el fabricante alemán Auerswald ↘️CVE-2021-40859 -> CVSS 9.8 ↘️CVE-2021-40856 ↘️CVE-2021-40857 blog.redteam-pentesting.de/2021/inside-a-… 🔁Actualizaciones firmware disponibles: auerswald.de/en/start/news/…

Process injection via the KernelCallBackTable involves replacing original callback function by custom payload so that whenever the function is invoked, payload will be triggered. In this case the fnCOPYDATA callback function has been used. C# code snippet: gist.github.com/sbasu7241/5dd8…

Finally, we've released my last investigation on the recent attacks of #andariel #apt group. It covers the previous work done by @kaspersky @Malwarebytes and @KrCERT . Where we study the code reuse and evolution of #TigerRAT #TigerDownloader. Enjoy :) #malware

Finally got around to adding training material from my #defcon 29 workshop "Modern Malware Analysis for Threat Hunters". 👉 github.com/jstrosch/malwa…

I will also giveaway 1 copy to a random person who retweetd this . 400 followers to go 🌟🌟🌟🌟🌟🌟🌟 #BugBounty

Giveaway time! I will send 3 copies of my hacking workshop done at @THREAT_CON. That's +12 hours of content 🔥 ✅ Like 🔁 RT the post ✅ Follow 👉🏿 Giveaway ends at reaching 20k Followers 🌟