Olivia
Online
Cr0Eax
@dotcrx
reverse engineer.
Joined November 2018
202 Following
322 Followers
155 Posts
It was a great opportunity to give a talk with @kai6u at #SOCON2026 !
Thank you all we had the chance to talk with, and @SpecterOps for having us.
The slides from our session have been uploaded here for anyone interested.
https://t.co/3N24yFuCim
#flareon12 Annual report🫡
RemoteMonologue - A Windows credential harvesting attack that leverages the Interactive User RunAs key and coerces NTLM authentications via DCOM. Remotely compromise users without moving laterally or touching LSASS.
Hope you enjoy the blog & tool drop 🤟
https://t.co/ch9WuSP6bm
Wow, we can't believe you remembered the 2-weekiversary of the 4.11 release! Let's cut the cake and celebrate the novel Sleepmask, a novel process injection technique, new prepend reflective loader with new evasive options, asynchronous BOFs, and more!
https://t.co/h6ly1wxWp0
As promised... this is Loki Command & Control! 🧙♂️🔮🪄
Thanks to @d_tranman for his work done on the project and everyone else on the team for making this release happen!
https://t.co/fR44ukK1Y2
🚀 New Blog & PoC: Abusing IDispatch for COM Object Access & PPL Injection
Leveraging STDFONT via IDispatch to inject into PPL processes & access LSASS. Inspired by James Forshaw's research!
🔍 Blog: https://t.co/TKdtwuj509
💻 Code: https://t.co/tlppakaLPO
RedEDR: Collect Windows telemetry for Malware Development https://t.co/HwJseshxyX #redteam
flare-on 11 write up is out on my company's blog:
https://t.co/86Ucnx3vx6
I wrote an article about known attacks on Elliptic Curve Cryptography, check it out! https://t.co/hFAatykkxo
In our search for new forensic artifacts at @ExaTrack, we sometimes deep dive into Windows Internals.
This one is about COM and interacting with remote objects using a custom python LRPC Client.
STUBborn: Activate and call DCOM objects without proxy: https://t.co/FKPocJRN2Z
#flareon11 For task 9, massive thanks to the hero who wrote Python bindings for the Time-Travel Debugger (https://t.co/O6ifl1PfUX). Being able to record a process execution once and then arbitrarily navigating it (reading regs/memory along the way) really feels like a superpower.
Here is my light session presentation about MS OneDrive EoP vulnerability that we found and successfully exploited with my friend and colleague Denis (@dotcrx)!
https://t.co/xWRGSDd8ud
Xen!
Namely in regards to the chapter "Nihilanth."
In this build are functional versions of C4A1Y and C4A1Z that were seen in the Half-Life: Source VMF sources and were also accidentally released (as BSPs) in the 2013 updates to Half-Life: Source.
Outrageous technique: barely legal use of x86 CPU instruction enables you to catch and 𝗰𝗮𝗻𝗰𝗲𝗹 impeding pagefault before it actually happens.
③: catch PAGE_GUARD or invalid access
⓪: do previously illegal reads at high IRQL, safely
#vpgatherqq #vpscatterqq scatter/gather
New blog!
I hate you COM – Pitfalls of COM object activation!
Addressing few issues in .NET unmanaged apis when used in offensive coding
https://t.co/KKpAlkM4fh
It seems amazing to me that MS have spent years talking about this feature and have not fixed well known public bypasses. My similar Kerberos trick probably works https://t.co/mzhtPBR94D as does https://t.co/C9uFogNE4B if you accept a prompt :)
Thank you for challenges! 💕#flareon11
#flareon11 challenge 9 - serpentine was one of the best challenges I've ever seen. Up there with break, evil, anode, wizardcult, help, missing, golf, Suspicious Floppy Disk, FLAVA, and you_are_very_good_at_this.
Working on some NetExec modules I realized that on Windows you can get a list of recently modified files looking at the %appdata%\Roaming\Microsoft\Windows\Recent folder. New NXC module coming soon 👀
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers
✨
⭐
💫