Dinosaur

@7uckzero

HajiMi Wo~ North South Green Bean...

Hong Kong, China

Joined February 2025

123 Following

6 Followers

6 Posts

Dinosaur @7uckzero

4 months ago

@TwoSevenOneT My friend told me that this technique already appeared around 2014. Regardless, it is still worth researching, as EDR solutions tend to closely monitor the SERVICE_CONFIG_FAILURE_ACTIONS flag. https://t.co/zhFTNSZLVV

279

Dinosaur @7uckzero

4 months ago

@Octoberfest73 I also implemented a POC that can achieve calls without NtContinue and optimized the call stack.I would appreciate your feedback on this project. https://t.co/JF73yVZOD4

236

Dinosaur @7uckzero

4 months ago

This is a sleep obfuscation proof of concept based on Ekko-SleepObf, which completely bypasses the detection of Hunt-Sleep-Beacon (HSB) https://t.co/JF73yVZOD4

Dinosaur @7uckzero

5 months ago

This is a proof-of-concept (PoC) for shellcode injection. It acquires a handle to the target process using only the PROCESS_CREATE_THREAD access right. Credit: https://t.co/ihAhfanSb2 This PoC is based on this work and has been further expanded. https://t.co/5hvsnhUGhF

188

Dinosaur @7uckzero

5 months ago

@dis0rder_0x00 This reminds me of ContextOnly's blog post, and I think you can take a look at this. The two techniques can be combined to finally obtain a handle that only uses the "PROCESS_CREATE_THREAD" tag https://t.co/BLH0Dnc1WH

164

Dinosaur @7uckzero

5 months ago

@deceptiq_ His design is quite confusing. 😇 After using MAN, DAT cannot be used and MAN cannot be deleted. I also do not have a registry switch to specify whether to use MAN or DATA...

Dinosaur

@7uckzero

Last Seen Users on Sotwe

Trends for you

Most Popular Users