HulkGoSmash

My Windows reverse engineering and exploit research workflow has been: 1. Pick a binary to research like tcpip.sys 2. Use https://t.co/fOxBB6tEsN to automate seeing existing binary versions, download, and generate diffs from them 3. Load the resulting .binexport's and .bindiff into an LLM and ask it to analyze 4. Look up the build number of previous Windows version that old binary existed in from https://t.co/U788ndiJbj such as 26100.8328 and create a VM from it 5. Write code and test, working backwards from LLM analysis

Have you noticed that those deep-dive stories about complex Windows malware have pretty much vanished, especially in recent years? It feels like the era of "blockbuster" Windows malware has just gone silent, and this blog post tries to give some answers why. https://t.co/sFsf3uPm5o

If you’re an IT admin and you’ve never had your internal environment pentested and can’t afford one right now, do this instead: 1. Run Locksmith - fix anything that’s a High risk 2. Run ADeleginator - make sure everyone, authenticated users, domain users and domain computers doesn’t have any unsafe permissions 3. Run ScriptSentry - check for credentials in logon scripts 4. Run PingCastle - check the control paths section. It’s like bloodhound. Look for non-admins that have control paths If you do this, your environment will be much better when you’re done fixing everything.

🧬 DLLHijackHunter — Automated DLL Hijacking Discovery & Exploitation Validation Not just detection — real execution proof. • Finds hijack paths (services, tasks, COM, UAC bypass) • Filters false positives (ACL + KnownDLL + API sets) • Canary DLL → confirms actual execution • Scores findings by exploitability From misconfig → confirmed privesc path 🔗 https://t.co/au6AkI8PSW #RedTeam #WindowsSecurity #PrivEsc

https://t.co/SU99mCoOAw ArgusMonitor is a german app people install to check their CPU temperature. its kernel driver has 47 commands that give you full access to physical memory, every hardware port, PCI devices, and CPU registers the driver "encrypts" these commands but you choose the key. set it to zeros. no encryption. it doesn't check who's asking microsoft signed. no blocklist. no CVE