Security engineer and researcher | Elliot on Security
Joined February 2021
- Tweets 66
- Following 40
- Followers 3,464
- Likes 79
6 Photos and videos
11 Jul 2024
Calling all experts in Windows internals and low-level systems architecture! 'The Root of DllMain Problems' (or 'DllMain Rules Rewritten') is now in preparation for its final publication! Feedback and sign-offs from the community are greatly appreciated.
github.com/ElliotKillick/win…
2
57
187
12,876
7 Jul 2024
To all my infosec friends, if your blog doesn't yet have an email newsletter for your subscribers... well now you can have one set up in no time at virtually no cost - all open source. You're welcome.
github.com/ElliotKillick/rss…
6
16
1,950
7 Jul 2024
Today, I'm releasing a new project that automates sending email newsletter notifications for new content on your blog: rss2newsletter! In just 300 lines of code, it easily replaces any overpriced and bloated proprietary solution that charges you per-contact. See link in bio 🔗
1
1
4
771
7 Jul 2024
Today, I'm releasing a new project that automates sending email newsletter notifications for new content on your blog: rss2newsletter! In 300 lines of code, it easily replaces any overpriced and bloated proprietary solution that charges you per-contact
github.com/ElliotKillick/rss…
3
569
2 May 2024
I just released a new tool for searching Microsoft Developer Blogs in bulk and fully local. Really helpful for finding information on that one Windows internals component
github.com/ElliotKillick/ms-…
4
9
1,449
30 Apr 2024
A comprehensive analysis of all the internal Windows 10 loader states? Done - Have a look at that and a high-level analysis of how a library load works under the parallel loader
github.com/ElliotKillick/win…
7
29
1,951
29 Apr 2024
Reverse engineering the Windows 10 parallel loader is challenging but interesting work. I recently fully reversed the pivotal LdrpDrainWorkQueue function and I'm just now working on LdrpLoadDllInternal plus others
github.com/ElliotKillick/win…
14
51
4,302
25 Apr 2024
DllMain Rules Rewritten are Microsoft's infamous DllMain Rules - rewritten. After countless spent hours researching and reverse engineering the new and old Windows loaders, they are now complete.
github.com/ElliotKillick/win…
44
108
10,427
21 Mar 2024
I just spent the last few months of my life reverse engineering the Windows 10 parallel loader and figuring out how it does concurrency. Updates have now been published!
github.com/ElliotKillick/win…
2
47
160
11,557
11 Dec 2023
Thrilled to unveil the "Windows vs Linux Loader Architecture" project! The FIRST side-by-side comparison ever done unraveling the similarities and differences of this core component between operating systems. Check out the new repo!
github.com/ElliotKillick/win…
1
37
93
8,550
6 Dec 2023
What is Loader Lock? 🤔 Going BEYOND undocumented, we delve into the heart of the modern Windows loader investigating some internals for the first time and demystifying Loader Lock. 🔒 Check out the research article
elliotonsecurity.com/what-is…
1
26
53
7,240
31 Oct 2023
The full and open source code used in "Perfect DLL Hijacking" has now been released on GitHub: LdrLockLiberator
github.com/ElliotKillick/Ldr…
4
128
335
32,347
19 Oct 2023
Perfect DLL Hijacking: It's now possible with the latest in security research. Building on previous insights from @NetSPI, we reverse engineer the Windows library loader to disable the infamous Loader Lock and achieve ShellExecute straight from DllMain. 🔍 Link in bio 🔗
ALT Unlocking Loader Lock
14
287
803
119,074
3 Aug 2023
Creating Windows hacking labs has gotten a lot easier with this new tool I've developed: It's a reverse engineering of Microsoft's hidden downloading API - fully automated to always grab the most up-to-date Windows ISO so you never have to do it again! 🚀 github.com/ElliotKillick/Mid…
3
74
242
21,328
30 Jul 2023
🚀 Want to level up your Windows reverse engineering skills fast? Check out this newly published #lolbin RE methodology post! Uncover undiscovered lolbins in Windows right now! Link in bio 🔗
3
71
363
41,028
11 Jul 2023
Hey I'm back but now with a new #informationsecurity blog (elliotonsecurity.com), never before seen zero day exploits, and lots of new offensive security techniques & tools for you (also more new lolbins)! Expect all this and more in what's to come next...
2
10
1,105
Elliot retweeted
22 Oct 2021
Update to LOLBAS today. Merged a lot of PRs. Thanks! lolbas-project.github.io
New:
Aspnet_Compiler.exe,Certoc.exe,Cmdl32.exe,FltMC.exe,IMEWDBLD.exe,OfflineScannerShell.exe,OneDriveStandaloneUpdater.exe,PrintBrm.exe,SettingSyncHost.exe,Stordiag.exe,WorkFolders.exe,Procdump.exe
2
111
281
17 Oct 2021
I found out "C:\Windows\System32\WorkFolders.exe" (signed by MS) can be used to run arbitrary executables in the current working directory with the name control.exe. It's like a new rundll32.exe #lolbin but for EXEs!
9
625
1,678