Diego Capriotti

519 posts

Diego Capriotti

@naksyn

Network Boogeyman

The heap Katılım Haziran 2014

273 Takip Edilen1.1K Takipçiler

Sabitlenmiş Tweet

Diego Capriotti@naksyn·22 Ağu

My @x33fcon talk has been published! youtube.com/watch?v=_TEnBL… If you prefer reading, here's the blogpost: naksyn.com/edr%20evasion/… Thanks to all the hard-worker x33fcon organizers for such an awesome conference, definitely my best conf experience to date.

YouTube

S3cur3Th1sSh1t@ShitSecure

Injection techniques and python Malware by @naksyn at @x33fcon 🔥 youtube.com/watch?v=_TEnBL…

English

11K

Diego Capriotti@naksyn·21 Şub

I don't think we'll see this for sum-zero game type of jobs (like offense or defense) the pace increased for both players and who is slowing down loses. Different story for jobs without an "enemy" like food provision, where I currently believe we'll get to 0 working days pretty fast.

English

Rasta Mouse@_RastaMouse·19 Şub

If AI is so productive, why are we not just working 1-2 day weeks?

English

Diego Capriotti@naksyn·27 Oca

@magicswordio @Octoberfest73 it's a remix of an old song: github.com/med0x2e/SigFlip

English

MagicSword@magicswordio·23 Oca

Great question! This isn’t TrueSight-specific. The hash-changing trick works on any validly signed driver by modifying PE fields that aren’t covered by Authenticode (checksum + cert padding). The signature stays valid, but the hash changes. TrueSight is just the driver attackers are abusing most right now.

English

3.4K

MagicSword@magicswordio·23 Oca

Attackers don’t need stolen certificates. They only need 8 bytes. By flipping 4 bytes in the PE checksum and 4 in the certificate padding, they generate 2⁶⁴ unique driver hashes while keeping Microsoft’s digital signature valid. Why it matters: - Those 8 bytes sit outside the region Windows verifies. - Every variant looks “signed and trusted.” - Hash-based blocking becomes useless overnight. That’s how TrueSightKiller evolved into 2,500+ signed variants. All trusted by Windows, all capable of killing EDRs in seconds. Check out: magicsword.io/blog/truesight…

English

172

826

73.9K

Diego Capriotti@naksyn·18 Eyl

@_RastaMouse Try this jacquelin.potier.free.fr/winapioverride…

English

Rasta Mouse@_RastaMouse·16 Eyl

Anybody used rohitab API Monitor on Windows 11? Doesn't seem to work for me.

English

4.5K

Diego Capriotti retweetledi

Percy Liang@percyliang·19 Haz

Wrapped up Stanford CS336 (Language Models from Scratch), taught with an amazing team @tatsu_hashimoto @marcelroed @neilbband @rckpudi. Researchers are becoming detached from the technical details of how LMs work. In CS336, we try to fix that by having students build everything:

English

574

4.9K

677.3K

Diego Capriotti@naksyn·22 Şub

@0xTriboulet I'm waiting for it to be rebranded as Qpilot

English

Steve S.@0xTriboulet·20 Şub

Wait until they put Copilot in it 💀

Satya Nadella@satyanadella

A couple reflections on the quantum computing breakthrough we just announced... Most of us grew up learning there are three main types of matter that matter: solid, liquid, and gas. Today, that changed. After a nearly 20 year pursuit, we’ve created an entirely new state of matter, unlocked by a new class of materials, topoconductors, that enable a fundamental leap in computing. It powers Majorana 1, the first quantum processing unit built on a topological core. We believe this breakthrough will allow us to create a truly meaningful quantum computer not in decades, as some have predicted, but in years. The qubits created with topoconductors are faster, more reliable, and smaller. They are 1/100th of a millimeter, meaning we now have a clear path to a million-qubit processor. Imagine a chip that can fit in the palm of your hand yet is capable of solving problems that even all the computers on Earth today combined could not! Sometimes researchers have to work on things for decades to make progress possible. It takes patience and persistence to have big impact in the world. And I am glad we get the opportunity to do just that at Microsoft. This is our focus: When productivity rises, economies grow faster, benefiting every sector and every corner of the globe. It’s not about hyping tech; it’s about building technology that truly serves the world.

English

963

Diego Capriotti@naksyn·20 Şub

@HackingLZ @FuzzySec You mean this? eversinc33.com/posts/gpu-malw… by @eversinc33

English

Justin Elze@HackingLZ·18 Şub

@FuzzySec I swear there was a PoC for this somewhere

English

780

b33f | 🇺🇦✊@FuzzySec·18 Şub

I want to zoom in on this question a little bit. It is indeed possible to perform general purpose computation on GPU/integrated graphics. All frameworks like OpenGL, Direct3d, Vulcan and CUDA support this through shaders. From an attacker compat perspective OpenGL is the most attractive (bindings are native). You can easily implement something like RC4 in GLSL for example .. 👀

etherret🐾@witchof0x20

@vxunderground I wonder if you could push obfuscated payloads and deobfs them on the GPU, skipping over heuristics that might usually catch that sort of thing

English

4.5K

Diego Capriotti@naksyn·19 Şub

@NullMode_ Got an APC Smart-UPS 1500VA rack mounted since 2 years. Quite happy with it. Make sure to choose an UPS that is capable of pure sine wave output

English

Luke Rogerson@NullMode_·18 Şub

Anyone got a UPS at home? Any recommendations?

English

1.7K

Diego Capriotti retweetledi

Adam Chester 🏴‍☠️@_xpn_·15 Şub

MS research on AI Impact on Critical Thinking… the results will shock you! microsoft.com/en-us/research…

English

10.7K

Diego Capriotti@naksyn·15 Şub

When you need to put the cat out of the sack to vendors and clients you'd better share what you found otherwise imposters will do before you stealing your credit. It all boils down to knowing when to share to vendors and clients and getting credit publicly when it's not an internal technique anymore. I see it as a simple risk-management scenario.

English

146

Justin Elze@HackingLZ·15 Şub

We have a similar approach as @0xBoku get some mileage and share. Between explaining how things work to client blue teams and EDR vendors actively REing things it’s not a secret for that long. It’s also lost a lot lately that red teams are building/built off each others research from both public and private sharing.

English

1.3K

Tim MalcomVetter@malcomvetter·15 Şub

It’s so silly watching hype over red team tools built for a new technique. Is 15 minutes of internet fame still worth blowing (all your R&D time for) your technique and arming real bad guys who have zero dev skills? If your kit is amazing, I challenge you to publish it mostly complete, so only those who can understand it can complete it and use it, helping all the little orgs out there who don’t need to be squashed by mediocre adversaries with few skills and big consulting funded toolkits.

English

12K

Diego Capriotti@naksyn·12 Şub

This is because future budgets are largely driven by "historical spending" and not by efficiency. No one ever wanted to judge other Departments' spending thus making enemies and risking careers. Historical spending is a "solution" that avoids human weaknesses and democratizes inefficiency making it the norm. Spreading inefficiency over a certain threshold makes it unattributable. So vast that no one will pay for it. Genius game going on for decades everywhere

English

Diego Capriotti@naksyn·26 Oca

@TrustedSec @GuhnooPlusLinux Great blogpost and thanks for the shout-out!

English

357

TrustedSec@TrustedSec·23 Oca

Who says #Python Malware is out of style? In our new #blog,@GuhnooPlusLinux revisits an old technique he believes is a prime candidate to host #malware payloads—Python for Windows. Read it now! hubs.la/Q033Jvyq0

English

206

34.7K

Diego Capriotti@naksyn·25 Oca

@Ab4y98 Glad you liked the presentation! Indeed Python is still underrated IMHO.

English

Daniel Abay@Ab4y98·25 Oca

@naksyn Just watched youtube.com/watch?v=_TEnBL… TBH, I really didn't know that Python has so much power in terms of "Red Teaming Evasion" because all the learning material out there is based on C/C++. And it's really nice to see someone take Python to the next level.

YouTube

English

Diego Capriotti@naksyn·13 Kas

@_xpn_ watching this video was my greatest regret of 2024

English

108

Adam Chester 🏴‍☠️@_xpn_·13 Kas

That is a long ass way of saying… she’s talking bollocks! Like, proper bollocks! Like… I lost brain cells listening to this level bs (And it actually starts off semi cohesive) 😂

vx-underground@vxunderground

A woman's rant is going semi-viral in political circles on Twitter and Facebook. Some are citing her rant as evidence of potential electoral interference during the 2024 Presidential election. The woman's opening remarks claim she possesses a CCIE (Cisco Certified Internetwork Expert) — a very prestigious certification which is often possessed by truly dedicated people. Currently there are only 45,000 active CCIE holders worldwide. Only 3% of Cisco cert holders attempt it ... and only 26% pass — it has a 74% failure rate. Now it should be stated that no one in our group possesses a CCIE. We do not claim to be network experts, we're just malware nerds. However, despite our lackluster understanding of networking (beyond the computer science basics of the OSI model), we can confidently say this woman does not possess a CCIE and we believe she is lying. Additionally, we would like to note we did indeed watch this entire video. Despite this woman's jargon and clear ... plainly wrong information... we decided to give her a chance to speak her mind and opinion. We do not recommend watching the entire 8 minute video. You will have no benefit from it. At roughly 4 minutes you will see, very clearly, this is not a technical person.

English

2.2K

Diego Capriotti@naksyn·30 Eki

This has been one of my favorites for a while, but now it's time to let it go. Here's my preferred way of getting the KeePass db that we often hunt for: downgrade the executable to version 2.53, use CVE-2023-24055 and wait for the busy admin to trigger the dump of the database. The target can remain clean and you can simply check for the dump creation. KeePass version 2.53 can still open kdbx created with the version 2.57 and if using a proper xml the user will likely notice nothing. Update alerts can also be disabled within the xml. gist.github.com/naksyn/6d5660d…

English

181

18.5K

Diego Capriotti@naksyn·1 Eki

@cr7pt0pl4gu3 This is great! thanx for sharing

English

cryptoplague 🇺🇦@cr7pt0pl4gu3·26 Eyl

ProxyAlloc: evading NtAllocateVirtualMemory detection ft. Elastic Defend & Binary Ninja blog.cryptoplague.net/main/research/…

English

5.1K

Diego Capriotti@naksyn·19 Eyl

@_RastaMouse @_xpn_ fair enough!

English

100

Rasta Mouse@_RastaMouse·19 Eyl

@naksyn @_xpn_ Don't really get lightning often in the UK. Just rain, rain, and more rain, so unless you're telling me water explodes....?

English

133

Adam Chester 🏴‍☠️@_xpn_·18 Eyl

No fucking way!!!! Now walkie-talkies are blowing up!! theguardian.com/world/2024/sep…

English

2.7K

Diego Capriotti@naksyn·19 Eyl

@_RastaMouse @_xpn_ lightnings could still hit trees selectively 😂

English

Rasta Mouse@_RastaMouse·19 Eyl

@_xpn_ That’s it, I’m gonna go live in the woods where things don’t explode.

English

831

Diego Capriotti@naksyn·18 Ağu

@rvrsh3ll @harmj0y Great idea! Oddvar also published something related: trustedsec.com/blog/oh-behave…

English

Steve Borosh@rvrsh3ll·16 Ağu

Idea: Use this on offense selectively or collect the network and process offline to build a picture of the tech stacks in the environment. Need something like @harmj0y's Nemesis to enrich the data. You could even timeline user action and use behavioral analysis for target select.🤔

David das Neves@david_das_neves

[Repo] RetrievIR is an impressive PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices. buff.ly/3yxSlTO #PowerShell #CyberSecurity

English

1.9K

Diego Capriotti@naksyn·5 Ağu

@EricaZelic Grandparents save us from madness

English