Pat_H retweetledi
The latest instalment of our VR Development Programme training material is available on GitHub now – learn the basics of reverse engineering!
github.com/interruptlabs/…
English
Pat_H
211 posts
Pat_H
@pathtofile
Dad, researcher, and infosec psudo-specialist, posts and thoughts are my own. He/Him. @[email protected]
Australia Katılım Ekim 2018
269 Takip Edilen461 Takipçiler
Pat_H retweetledi
BITS & BOPS IS OUT NOW! 🎶
🎮 Over 20 original rhythm mini-games!
🎵 Catchy music!
⚡ Snappy gameplay!
✨ Gorgeous 2D animation!
PLAY IT NOW ON STEAM! 💕
English
Pat_H retweetledi
12 months ago I presented a 3 hour course on attacking and defending Microsoft IIS servers to a packed room at BSides Canberra, today the 30+ hour version went live on @XintraOrg !
inversecos@inversecos
New XINTRA course‼️ Advanced IIS Post Exploitation, Detection & Evasion Modern APT groups are actively weaponizing ToolShell and fileless IIS tradecraft to compromise Exchange, SharePoint, ASP workloads. If your detection and response capabilities lag exposure, this course bridges the gap with: - Memory dump analysis (Windbg) - Deserialisation exploits & detections - ViewState attacks - .NET Reflection - Deobfuscation techniques Syllabus and preview videos here👇 xintra.org/courses/9-adva… @XintraOrg
English
Pat_H retweetledi
A while back I was curious about the access check that occurs when someone tries to consume from the Threat-Intelligence ETW provider. I decided to write a short blog on the topic.
jonny-johnson.medium.com/peeling-back-t…
English
Pat_H retweetledi
Pat_H retweetledi
Normalize Conference Talks To Also Include Talks About Failed Projects and Failed Research
Tell us stories of the journey and the struggles. None of us are perfect and We should stop admitting that we all haven't completely screwed up research.
English
Pat_H retweetledi
Some personal news: I will be joining @Meta's security team (focusing on WhatsApp) starting next week. This is a big life change, I'm also moving to London permanently.
I took this opportunity to reflect on the state of threat intel: blog.kwiatkowski.fr/threat-intel-t…
LMK if it resonates!
English
Pat_H retweetledi
Heading to #OBTS v7? There are still spots open in iVerify researcher @Helthydriver's workshop on iOS threat hunting.
Special Bonus: On day 3 of this training you will analyze an actual Pegasus case & learn the skills to dissect the Malware on your own.
objectivebythesea.org/v7/trainings.h…
English
Pat_H retweetledi
It’s wonderful to see what @XenoKovah and his collaborators have built for the community. I always recommend OST2 for my new hires and other juniors, or just anyone trying to get started on a new topic. The courses are excellent. It’s an honor to sponsor the Windows Security Path
OpenSecurityTraining2@OpenSecTraining
Thanks to Winsider Seminars & Solutions (@yarden_shafir & @aionescu) for Sponsoring #OST2 at the Gold🥇 level! Learn more about them here: windows-internals.com
English
Extremely grateful to everyone who shared the knowledge I needed to bootstrap this research, including @Helthydriver, @citizenlab, and others without twitter handles. I've only just started, but I hope sharing what I've done so far encourages others to also investigate further /4
English
As discussed in the blog, while I don't think logs could serve as the only basis for a security system, I've discovered enough logging events about small, disparate parts of an attack that might serve as an early-warning system to encourage a more forensic investigation. 3/4
English
Getting back into research and blogging after a long break, I decided to learn something new and investigate how to create realtime malware detections on iOS using Unified Logging and Lockdown Services: blog.tofile.dev/2024/10/24/ios…
English
Pat_H retweetledi
I'll be running a free 3 hour training session at @BSidesCbr teaching people how to defend IIS servers by learning how to attack them.
I'll be posting recommended host setups closer to the event so be sure to give me a follow.
cfp.bsidescbr.com.au/bsides-canberr…
English
Pat_H retweetledi
Thanks @Bsides_BNE for letting me talk about why “Kernel ETW is the best ETW”.
It’s not everyday that you get to talk about scripting a decompiler after watching a keynote from the mother of decompilers…
English
Pat_H retweetledi
Pat_H retweetledi
I published a step by step guide on using Windows event logs to hunt for malware trying to steal sensitive data from browsers e.g. cookies, passwords etc. security.googleblog.com/2024/04/detect… #DFIR Hope it's useful!
English
Pat_H retweetledi
Another week, another SSLVPN RCE - this time, it's CVE-2024-3400 in Palo Alto's GlobalProtect.
But, we've seen no public analysis 🙁 so, allow us..
labs.watchtowr.com/palo-alto-putt…
English
Pat_H retweetledi
I would be *shocked* if this code was only used for this attack... There is so much reusable kit in both the shell script and the injected payload that I think it's reasonable to assume that they have also been used elsewhere.
blasty@bl4sty
xz bd engineer 1: bro, we need a way to probe the address space to make sure we never SEGV sshd xz bd engineer 2: we'll just do a pselect syscall with empty fd sets, a timeout of 1 nanosecond and the addr we want to probe is passed as the sigmask pointer, EFAULT means unmapped
English
Pat_H retweetledi
I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-concept exploit for the RCE. The payloads are signed with an ED448 key, so I patched my own key into the backdoor for testing. :-)
github.com/amlweems/xzbot
English