Kurosh Dabbagh

I've released Puzzle, a research project on deploying malware in monitored environments by abusing Windows minifilters functionality. It includes several utilities and PoCs to interact with minifilters and explore static and runtime analysis evasion 👐 https://t.co/8zWv1g8n79

Any good reading material on Windows Cache Manager, Memory Manager or I/O handling in general from the kernel's perspective?

A small rant: The State of Art in Red Team is whatever you want to believe https://t.co/ZihtNl8WEF

Available now at: https://t.co/CbRiCletuR

Hi! I just published a technical deep dive into a complex and fun N-day vulnerability that allows to get RCE in a very popular e-commerce platform. Check it out! https://t.co/DaZX3R6ob4

Tangled is a social engineering platform that weaponizes calendar event processing in Outlook and Gmail to deliver spoofed meeting invites that are automatically added to a user's calendar without interaction. https://t.co/vz4ulB2SL3 Technical breakdown: https://t.co/0Z0LH8hjdM

[RELEASE] As promised, I’m releasing the first blog post in a series. It covers the gaps still present in current stack-based telemetry and how Moonwalking can be extended to evade detection logic and reach “on-exec” memory encryption. Enjoy ;) https://t.co/4Yf28y7cT4

I just released MFTool, an NTFS parser that builds an in-memory map of a volume, allowing you to: - Read any file without opening a handle - Get the contents of locked/deleted files (registry hives, pagefile.sys, etc) - Perform fast, in-memory searches across the entire disk 🔗👇