@CaptMeelo profile picture
Meelo @CaptMeelo

Lifelong learner.

Joined June 2018
  • Tweets 1,002
  • Following 216
  • Followers 2,718
12 Photos and videos
Pinned Tweet
Meelo@CaptMeelo
14 Nov 2022
Here's the tool that I demoed during my #SANSHackFest talk. Let's make it better by filing any issues you identified and submitting PRs. #redteam #maldev github.com/capt-meelo/laZzzy

GitHub - capt-meelo/laZzzy: laZzzy is a shellcode loader, developed using different open-source...

laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques. - capt-meelo/laZzzy

github.com
7
76
166
CUPS RCE (@evilsocket), driver vulns (@vinopaljiri), NamelessC2 release (@trickster012), liveness detection bypass (@CaptMeelo), and more! blog.badsectorlabs.com/last-…

Last Week in Security (LWiS) - 2024-09-30

CUPS RCE (@evilsocket), driver vulns (@vinopaljiri), NamelessC2 release (@trickster012), liveness detection bypass (@CaptMeelo), Windows LPE (@ricnar456), and more!

blog.badsectorlabs.com
1
8
27
2,144
Meelo retweeted
S4ntiagoP@s4ntiago_p
7 Nov 2023
🔥 New blogpost 🔥 Running PEs inline without a console. You now can, for example, run PowerShell in CobaltStrike and obtain its output without spawning any process (including conhost.exe) coresecurity.com/core-labs/a…

14
174
446
71,927
Meelo retweeted
Alice Climent@AliceCliment
18 Jul 2023
Finally done! My latest article introduce the basics of Windows kernel drivers/internals and how to find and exploit process killer drivers using LOLDrivers 🤓 I hope you'll enjoy it! alice.climent-pommeret.red/p…

17
214
506
77,526
Meelo retweeted
secret club@the_secret_club
7 Jun 2023
Abusing undocumented features to spoof PE section headers by @x86matthew secret.club/2023/06/05/spoof…

Abusing undocumented features to spoof PE section headers

Introduction Some time ago, I accidentally came across some interesting behaviour in PE files while debugging an unrelated project. I noticed that setting the SectionAlignment value in the NT header...

secret.club
3
80
256
54,003
Meelo retweeted
S4ntiagoP@s4ntiago_p
3 Mar 2023
I just published my implementation of call stack spoofing using hardware breakpoints 😁 Works for syscalls and APIs, supports x64, x86 and WoW64. coresecurity.com/blog/hardwa…

4
84
189
22,111
Meelo retweeted
mr.d0x
@mrd0x
26 Feb 2023
For the past couple of months @NUL0x4C and I have been working on a module-based malware dev training course that covers various techniques in-depth. Its emphasis is on simplifying complex concepts & evasion. Every module contains highly commented custom code. Stay tuned!
36
150
719
205,736
Meelo retweeted
sn🥶vvcr💥sh@snovvcrash
14 Feb 2023
[BLOG 📝] Some notes on how to automate the generation of Position Independent Shellcodes (without msfvenom windows/x64/exec) from object files in memory (by @NinjaParanoid) to be used in Threadless Process Injection (by @_EthicalChaos_) ⬇️ snovvcrash.rocks/2023/02/14/…

3
67
188
15,037
Meelo retweeted
William Burgess@joehowwolf
13 Feb 2023
My first blog at CS - Dynamically spoofing call stacks with timers: cobaltstrike.com/blog/behind… PoC: github.com/Cobalt-Strike/Cal…

Behind the Mask: Spoofing Call Stacks Dynamically with Timers | Cobalt Strike Blog

This blog introduces a PoC technique for spoofing call stacks using timers.

cobaltstrike.com
3
123
320
48,295
Finally revamped my original @hashcat rule OneRuleToRuleThemAll. The new and improved OneRuleToRuleThemStill has ~5% reduced rules with 0% performance drop against multiple breach datasets. Link is in the blog. Happy cracking! in.security/2023/01/10/oneru… #pentest #redteam

OneRuleToRuleThemStill: New and Improved - In.security

tl;dr – You can find the new OneRuleToRuleThemStill on Github. It’s been a few years since Will Hunt created the hashcat rule OneRuleToRuleThemAll.rule, the original blog post of which can be found...

in.security
75
210
18,906
Meelo retweeted
Bobby Cooke
@0xBoku
22 Dec 2022
macOS x64 shellcode that uses an eggHunter to find and decipher the command shell string. Tinkering with macOS x64 shellcoding as I work through the offsec macOS course. Check it out here: packetstormsecurity.com/file…
https://packetstormsecurity.com/files/170322/macOS-x64-Execve-Caesar-Cipher-String-Null-Free-Shellcode.html

ALT https://packetstormsecurity.com/files/170322/macOS-x64-Execve-Caesar-Cipher-String-Null-Free-Shellcode.html

4
45
170
26,347
Meelo@CaptMeelo
12 Dec 2022
Here's a copy of my slides from my #SANSHackFest talk. Sorry it took me awhile to upload it. #maldev #redteam slideshare.net/elvinguitar/d…
35
80
Meelo retweeted
klez
@KlezVirus
9 Dec 2022
[BLOG POST] And as promised, this is a brief article the describing the technique used within SilentMoonwalk. Might be a good weekend read! klezvirus.github.io/RedTeami…

3
116
255
Meelo retweeted
Mr. Rc
@rcx86
3 Feb 2022
Windows internals resources that I have collected in around an year #infosec Win32 programming with code examples: installsetupconfig.com/win32… Notes for Windows API programming; caiorss.github.io/C-Cpp-Note… Windows undocumented functions' docs: undoc.airesoft.co.uk/

9
186
473
Meelo retweeted
vx-underground
@vxunderground
4 Dec 2022
We have published a paper: "About malware writing and how to start" This paper exists to address the questions we frequently encounter. It is an opinionated piece on malware development, the path to success, and some personal anecdotes Check it out here: papers.vx-underground.org/pa…
12
120
452
Meelo retweeted
klez
@KlezVirus
4 Dec 2022
[RELEASE] After a little wait, I'm happy to present SilentMoonwalk, a PoC implementation of a TRUE call stack spoofer, result of a joint research on an original technique developed by namazso, done with my friends @trickster012 and @waldoirc. Enjoy! ;) github.com/klezVirus/SilentM…

GitHub - klezVirus/SilentMoonwalk: PoC Implementation of a fully dynamic call stack spoofer

PoC Implementation of a fully dynamic call stack spoofer - klezVirus/SilentMoonwalk

github.com
14
231
587
Meelo retweeted
Zero-Point Security@_ZeroPointSec
23 Nov 2022
[NEW SHORT COURSE] DevOps for Pentesters training.zeropointsecurity.c…

DevOps for Pentesters

Implement DevOps pipelines to support your offensive operations.

training.zeropointsecurity.co.uk
2
40
165
Meelo retweeted
Binni Shah
@binitamshah
21 Nov 2022
laZzzy : a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques : github.com/capt-meelo/laZzzy credits @CaptMeelo
5
74
260
Meelo retweeted
OrdinalExport@OrdinalExport
17 Nov 2022
Releasing a new tool: Orpheus! Bypasses most Kerberoast Detections (including my own). Blog post and video is up at @TrustedSec! Even used @HackingDave's old alias in the demo. trustedsec.com/blog/the-art-… #infosec #security #kerberoast
21
512
1,409
Meelo retweeted
adr@aaaddress1
16 Nov 2022
my first windows kernel exploit. it's cool to abuse CVE-2021-21551 to unlink the current process from EPROCESS list & hide itself :) github.com/aaaddress1/PR0CES…

3
52
191
Meelo retweeted
Mor Davidovich@dec0ne
15 Nov 2022
Happy to share a new blog post I wrote about how I managed to dump LSASS undetected using a simple MiniDumpWriteDump against some of the most advanced EDRs in the market. "It’s all in the details: The curious case of an LSASS dumper gone undetected" dec0ne.github.io/research/20…

15
233
594
Load more