Fotios Ailianos

MICROSOFT OPEN-SOURCED THEIR ENTIRE SENTINEL SECURITY TOOLKIT most teams building on azure figure out threat detection the hard way trial and error, custom KQL, dashboards built from nothing, playbooks written by hand nobody told them it was already done the sentinel github repo has: ▫️ 1000+ pre-built threat detection rules ▫️ hunting queries for active threat investigation ▫️ automated response playbooks ▫️ security workbooks + dashboards ▫️ data connectors for 100s of sources the hard part was already done https://t.co/VHbH2pIRRe

Chat, I've done it. I've managed to get Windows Sockets (Winsock) functionality working by communicating directly with AFD (Ancillary Function Driver for WinSock) by IO control codes AND used it with HTTPS by using SSPI (Microsoft Security Support Provider Interface). By doing this, this completely eliminates the need for WININET or WINHTTP for malware payloads. It also removes the weird telemetry and ETW stuff present in Winsocks, WININET, and WINHTTP. My code is still in a debug state at the moment, but I'll eventually release a non-fucked-up version (no SYSCALLs, no position independence) so people can look at it, study it, or review it. Currently this is only supports GET requests for simple pages (not even file downloads...). However, I'm having so much fun with this I think I am going to expand on it to do the following: - HTTPS authentication - HTTPS upload - HTTPS download - ??? I'll make it all open source, non-crazy, in a format people can copy pasta and have fun with it. I'll also probably make a fork where it's the crazy schizo version. I hope all my malware development friends, reverse engineer friends, and anime friends, look at it and appreciate it. This is some of my favorite code I've written and I think it has a lot of applicability to Red team engagement. Conversely, it also offers insight to defenders on detecting this sort of functionality.