Joined November 2019
- Tweets 51
- Following 191
- Followers 269
- Likes 151
2 Photos and videos
Pinned Tweet
13 Jun 2023
Thank you @reconmtl for this wonderful conference, what a way to discover Canada!
Following up my talk, here are the slides & tool from the demo: github.com/MathildeVenault/T…
Blogpost on @CrowdStrike's blog coming up soon!
2
18
43
13,512
Excited to return to @reconmtl in less than a month!
This time, we’ll be peeling back the layers of the ClickOnce technology and exploring a few things that probably weren’t meant to be seen 👀
Détails & schedule to come: cfp.recon.cx/recon-2026/talk…
53
Mathilde Venault retweeted
5 Jun 2025
I often am asked for pointers on building a VM for malware analysis. I wrote a 40 page chapter on this in my book Evasive Malware. You can download this chapter from the book on my blog for free here:
evasivemalware.com/EvasiveMa…
Thanks @nostarch for allowing me to give it away 🤓
2
53
258
16,405
Mathilde Venault retweeted
29 May 2025
Looks like @BlueHatIL talks are online now, so here’s my talk for anyone who wanted to learn about the latest episode of KASLR and couldn’t make it: youtu.be/Dk2rLO2LC6I
10
83
300
48,014
Mathilde Venault retweeted
9 May 2025
FYI if you’re willing to link with ntdll or dynamically resolve it there’s a ton of APIs that return TEB/PEB or leave them in one of the registers.
(Don’t believe official return values. MSDN is a liar!)
7 May 2025
Daax, being the traditional memesteroni he is, shared a cool proof-of-concept which demonstrates how to get a pointer to the Process Environment Block without using the GS and/or FS register.
Look at the full thread. It's interesting.
3
36
273
29,671
Mathilde Venault retweeted
22 Apr 2025
WinDbg doesn’t have to win the battle!🧠💥
Join @MathildeVenault at SINCON 2025 for a hands-on reverse engineering workshop that helps you make sense of the Windows debugger.
📅22-23 May 2025 | 📍voco Orchard, SG
🎟️Pass: event.cybersecuritysg.com/39…
#SINCON2025 #WindowsDebugging
2
1
238
Mathilde Venault retweeted
17 Apr 2025
Upcoming public training: clearseclabs.com/#portfolio
1
1
181
11 Apr 2025
Really excited to give a talk at SINCON this year!
I'll be presenting my tool github.com/CrowdStrike/drawm…, that helps making the most of WinDbg in a minimum amount of time
11 Apr 2025
Join @MathildeVenault at SINCON 2025 to discover how DrawMeATree helps reverse engineers visualise & decode complex systems faster.
📅22-23 May 2025 | 📍voco Orchard, SG
🎟️Pass: event.cybersecuritysg.com/39…
#SINCON2025
3
15
3,286
Mathilde Venault retweeted
26 Mar 2025
Save the date - @Blackhoodie_RE is partnering with
@offensive_con this year to bring a BlackHoodie training to Berlin! Students will learn how to place compiler backdoors in innocent code. Mark your calendars for May 15th! Registration opens tomorrow, space is very limited ☺️
14
24
12,216
Mathilde Venault retweeted
5 Mar 2025
I’m not saying you definitely have to go to @BlueHatIL this year, I’m just letting you know it’s free, by the beach and I’ll be there dropping kernel pointers to anyone who asks nicely
3
22
105
15,689
Mathilde Venault retweeted
12 Feb 2025
#CVE-2025-21419 2025-Feb Windows Setup Files Cleanup Windows Setup Files Cleanup Elevation of Privilege
#ghidriff uncovering arbitrary delete vulnerabilities 👀 🔍
Patch introduced new function DeleteFileEx_MSRC. Not your typical function name... 🧐
A patch diffing 🧵...
2
10
26
2,755
Mathilde Venault retweeted
3 Feb 2025
Today I’m sharing a blog post on the implementation of kernel mode shadow stacks on Windows! This post covers actively debugging the Secure Kernel and also outlines why VTL 1 is relied on to help maintain the integrity of the supervisor shadow stacks! connormcgarr.github.io/km-sh…
10
153
495
52,972
23 Sep 2024
So glad to have been part of 44con this year!
5
262
Mathilde Venault retweeted
14 Sep 2024
There’s a brand new conference which means you get another chance to take my Windows Internals class, this time in the US 😄
RE//verse, February 2025, Orlando Florida
13 Sep 2024
Uncover how GRU bootkits and PLA supply chain implants work in Yarden Shafir’s @yarden_shafir Windows Internals course. re-verse.io/windows-24/
14
54
16,495
31 Jul 2024
I'm happy to share that I'll be giving a workshop at @44CON about WinDbg, where I'll introduce a tool I've developed to make debugging much easier. Time to tame the Windows debugger together!
44con.com/44con-2024-talks-a…
1
8
42
5,502
Mathilde Venault retweeted
25 Jul 2024
In my new blog for @_CPResearch_ I propose a new injection technique, using the Thread Name API - check it out! 💙
25 Jul 2024
In this blog we introduce Thread-Name Calling - A new process injection technique using Thread Name. We also discuss various scenarios in which this not widely-known API can be used for offense.
research.checkpoint.com/2024…
19
170
638
93,583
Mathilde Venault retweeted
3 Jun 2024
Recently I was writing up a blog about Secure Kernel and NT working together to initialize Kernel CFG. I realized there were a lot of concepts in SK I was unfamiliar with. Because of this I wrote a post on one of those topics - Secure Image Objects. Enjoy! connormcgarr.github.io/secur…
11
102
279
29,823
Mathilde Venault retweeted
14 May 2024
Thanks to everyone who attended my talk! @offensive_con was an incredible experience. Couldn't make it? Don't worry- here are my slides! Recommend them to anyone wanting to learn more about Secure Boot's third-party risks.
nbviewer.org/github/microsof…
9 Apr 2024
Ecstatic to share that my talk was accepted to Offensive Con. Excited to have an excuse to visit the city I was born in. Hope to see you there!
3
15
72
28,272
Mathilde Venault retweeted
27 Mar 2024
Anyone who uses WinDbg a lot should learn to use Symbol Builder (by @wmessmer).
Using it here to define a function signature and combining it with FileSystem module to write log all IOCTL requests to a file.
2
19
137
26,985