Red Team | Offensive Tool Dev | 2x Course Author @ Zero-Point Security
Joined February 2022
- Tweets 1,222
- Following 189
- Followers 8,745
- Likes 3,942
115 Photos and videos
Pinned Tweet
After over a year of work my second course with @_ZeroPointSec is now available! In it students will apply low level windows tradecraft in the writing of Cobalt Strike’s UDRL and Sleepmask components. To celebrate, the BOF course is 25% off thru Jan 12th!
zeropointsecurity.co.uk/cour…
3
49
188
16,907
Octoberfest7 retweeted
Jun 11
We are releasing Tracebit @x33fcon - a POC sensor aiming to fingerprint implants in memory
using only lowlevel runtime telemetry.
No signatures, no scanning. Only pagefaults.
github.com/threathunters-io/…
3
30
119
9,834
Octoberfest7 retweeted
Jun 10
Cobalt Strike 4.13 is live! Say "Hello World" to our Beacon Interpreter for native C scripting - plus an LLVM Beacon, smoother docking UX, sharper payload management and more. Read about all the new features in the release blog!
cobaltstrike.com/blog/cobalt…
3
35
94
11,138
Octoberfest7 retweeted
As yall may have realized, I disappeared from the community for a little while we fight the most difficult fight of our life. My wife Angela was diagnosed with stage 3 cancer. We need all the help we can get, please consider supporting our fight. givesendgo.com/anchors-for-a…
10
37
98
18,784
Octoberfest7 retweeted
Jun 9
CS 4.13 is right around the corner, so I've been having a play with the new Beacon Interpreter. This script will stomp a PICO over a module, with unwind data, for post-ex.
7
16
110
7,091
Honestly, what is this ? I got a response from @github support team. So here after legal Security Research and PoC's is not allowed on GitHub ?
I'm Completely got disappointment by @github and @Microsoft @MsftSecIntel .
In what ways i distribute and share malware. Can anyone tell me if there is a mistake from my side, did i share 0 days, vulnerabilities, direct binaries or full exploit chain that harm users ? NONE ?
is posting Legal source codes and tools that are made of public PoCs are wrong ? there are thousand of full chain real expoits that bypasses EDRs, C2s that evades security solutions, phishing kits that bypasses MFA of Microsoft out there in @github , if that is legal then why cant this simple publically made poc can't be in the github ?
I have replied regarding my statements, please don't disappoint younger legal windows security researchers like this. I have some little hope on @github @Microsoft @MsftSecIntel .
I have a little hope. So Please don't make me loose on @github & @Microsoft & @MsftSecIntel .
Ticket ID: #4440743
Will be waiting for your kind response. Thank you.
x.com/5mukx/status/206182709…
#github #microsoft #security #research
Hey @martinwoodward
My GitHub account was flagged without any prior notice. I'm a college student and have been an active open-source contributor for over 4 years. I've released multiple security research projects and even contributed to Microsoft's open source editor.
My repositories help security researchers test and strengthen defensive systems through authorized work. Today I was releasing updates to a new tool when the flag occurred. I've already submitted a reinstatement request (Ticket #4440743).
So I kindly request you to help and resolve this issue.
Thank you
21
45
199
43,949
✅Call APIs requiring 5 args
✅Store return values
✅Chain multiple spoofed calls for sleep obfuscation
✅Zero user code required during execution
✅CET/HSP/Shadow stack compliant
Big things coming to the UDRL and Sleepmask Development course...
5
18
110
7,525
Excited to share the first release of Aether, a memory forensics and threat hunting tool I've been building! written in Zig ⚡
heck out the full write-up on the internals and approach here:
0xsp.com/security research…
3
21
40
5,117
> Published a tool for Security Researchers.
> Added features & Fixed 10 IoCs and major bugs.
> Pushed it to my repo
> Got shadow banned on github.
This is how security researchers are treated. We’re very disappointed @github. Kindly fix the issue.
Token id: #4440743
#issue
As promised Rustypacker has released today.
A native Rust shellcode packer with a GUI
Repo:- github.com/Whitecat18/RustyP…
What did I bring to the table :-
- Indirect syscalls for memory allocation and protection by default.
- AES-256-CBC, XOR, UUID-encoded shellcode encryption.
- Six self-injection paths through callback APIs.
- Fiber switch self injection.
- Three remote-process injection.
- Anti-debuging Techniques.
- NtDelayExecution sleep evasion with placement control.
- Domain pinning evasion.
- Output formats: EXE, DLL, DLL Sideload (Sideload or Proxy with auto-generated .def for unhandled
exports).
- Builds for x86_64-pc-windows-msvc and x86_64-pc-windows-gnu.
- DllMain stays a NO-OP. Payload rides four COM-friendly exports: Run, DllRegisterServer,
DllGetClassObject, DllUnregisterServer.
- crt-static link. No runtime DLL footprint.
- XOR-obfuscated NT API names embedded in the binary.
- Generated target/ auto-cleaned after each successful build.
#redteam #malwaredev #rust #offsec #infosec #windbg
31
68
422
57,702
May 28
Hearing people's stories with MSRC re: they report a bug, MSFT says "doesn't meet the bar for servicing", and then they patch it without any credit/payout, makes me wonder if a VP/suit somewhere hasn't been getting a bonus for "cost saving measures" tied to not paying out cases
May 28
Chat, I don't want to be that guy, but I think Microsoft has really pissed off security researchers and we're approaching the tipping point.
This Eclipse guy has really rocked the boat for Microsoft.
3
8
117
5,120
Octoberfest7 retweeted
May 28
Chat, I don't want to be that guy, but I think Microsoft has really pissed off security researchers and we're approaching the tipping point.
This Eclipse guy has really rocked the boat for Microsoft.
118
515
4,332
164,065
Seeing decent amounts of discussion along the lines of “you trust your compiler output, trust AI the same” and about how having a “human in the loop” is like SO last year. Either a massive psyop by the Machine Spirit or people have lost their goddamn minds.
4
6
39
2,200
This is some really nice work. A deep dive into what legitimate Windows network traffic looks like and how Impacket differs. Lots of goodness for both red and blue. Nice job @abdo_mhanni!
May 1
@Octoberfest73 I remember you once posted a quirk of impacket that could be used as an ioc so I thought you’d like this list of 50 impacket IOCs😄 github.com/ThatTotallyRealMy…
1
17
113
12,438
Apr 23
Here is my BOF POC (emphasis on POC...) of this research. As the README states it's not an operationally-ready tool, but it was neat research and I figure the code might be useful for someone else. Thanks to @lildylannn and his colleague for their work! github.com/Octoberfest7/DSCo…
Apr 16
I just dropped some research: DSCourier and would love for your opinion and to check it out!!
It’s a novel post-exploitation technique abusing WinGet’s COM API to execute code through Microsoft-signed binaries.
GitHub: github.com/DylanDavis1/DSCou…
Blog: dylansec.com/DSCourier/
2
27
124
21,303
Octoberfest7 retweeted
Apr 18
hi, it's an awesome blog about
Advanced Module Stomping kuwaitist.github.io/posts/As…
1
43
140
9,615
Apr 18
👀 Claude go brrrrr
Apr 16
I just dropped some research: DSCourier and would love for your opinion and to check it out!!
It’s a novel post-exploitation technique abusing WinGet’s COM API to execute code through Microsoft-signed binaries.
GitHub: github.com/DylanDavis1/DSCou…
Blog: dylansec.com/DSCourier/
1
18
210
26,614
Octoberfest7 retweeted
Apr 16
I just dropped some research: DSCourier and would love for your opinion and to check it out!!
It’s a novel post-exploitation technique abusing WinGet’s COM API to execute code through Microsoft-signed binaries.
GitHub: github.com/DylanDavis1/DSCou…
Blog: dylansec.com/DSCourier/
4
103
356
69,903
Apr 13
Had some fun making this credential dumper BOF implementing the Silent Harvest mechanism from @haider_kabibo . Thanks to him as well as @R0h1rr1m for his SilentNimvest implementation of the research!
github.com/Octoberfest7/Sile…
3
27
114
5,619
Apr 13
Original SilentHarvest blog: sud0ru.ghost.io/silent-harve…
SilentNimvest: github.com/frkngksl/SilentNi…
3
19
1,235
Octoberfest7 retweeted
Mar 16
[RELEASE] Better late than never! Part 3 is out! Fantastic unwind information and where to find them. We went digging through .pdata, RTF Lookups, and a few ntdll internals that probably weren't meant to be touched. BYOUD dropping alongside. Enjoy 😉
klezvirus.github.io/posts/By…
2
54
167
13,329