Just a guy that talks at conferences sometimes
Joined July 2019
- Tweets 59
- Following 84
- Followers 325
- Likes 25
14 Photos and videos
May 10
If you're attending #BSidesMelb2026 this weekend, there's still a handful of tickets available for my Friday training session "Attacking and Defending Microsoft IIS" bsidesmelbourne.com/2026-tra… Come and learn how to write and detect web shells, there's something for everyone
1
54
Apr 18
A slightly scary commit, on the plus side, my .NET profiler is a million times easier to extend now
55
Apr 14
If you're attending #BSidesMelb2026 and have an interest in IIS security, I'll be running training the day before bsidesmelbourne.com/2026-tra…
Come and learn how to write and detect web shells, there's something for everyone
1
48
Apr 1
Has anyone managed to exploit any of the SharePoint ToolPane CVE's on a freshly installed server? I'm testing out a CVE-2025-49704 payload generated with YSo.NET against 16.0.10417.20018 in my lab and whilst the auth bypass works, the payloads fail to deserialise
1
1
408
Apr 3
Success! After hours of debugging, I found that removing runat="server" from the outer most element of the CVE-2025-49704 payload generated by YSoNet fixed it. Every in the wild sample I've seen has this field set so I'm pretty confused now. @irsdl any idea why this might be?
1
1
279
Jan 23
I’ve recently done a deep dive into how IIS view state machine keys are generated and how they are used to decrypt view state messages. I’ve written up my findings in a new blog post and developed an application to assist with the decryption of view states
zeroed.tech/blog/decrypting-…
7
14
1,295
28 Nov 2025
Not the response I want when I resort to AI to debug some mutual TLS issues
104
25 Oct 2025
I've recently been experimenting with using .NET profilers to hook .NET functions under IIS and decided to write up a blog post while it was fresh in my mind zeroed.tech/blog/hooking-net…
1
31
104
9,844
Zeroed retweeted
21 Oct 2025
TOLLBOOTH: What's yours, IIS mine elastic.co/security-labs/tol…
3
7
2,278
14 Oct 2025
12 months ago I presented a 3 hour course on attacking and defending Microsoft IIS servers to a packed room at BSides Canberra, today the 30 hour version went live on @XintraOrg !
14 Oct 2025
New XINTRA course‼️
Advanced IIS Post Exploitation, Detection & Evasion
Modern APT groups are actively weaponizing ToolShell and fileless IIS tradecraft to compromise Exchange, SharePoint, ASP workloads.
If your detection and response capabilities lag exposure, this course bridges the gap with:
- Memory dump analysis (Windbg)
- Deserialisation exploits & detections
- ViewState attacks
- .NET Reflection
- Deobfuscation techniques
Syllabus and preview videos here👇
xintra.org/courses/9-advance…
@XintraOrg
3
15
1,735
7 Jul 2025
Not a bad read, I think they may be overanalysing a compiled webshell and its a shame they didn't get a memory dump but its great to see more companies talking about this stuff
github.com/RedDrip7/NightEag…
3
321
28 Apr 2025
For years I've seen adversaries using the "unsafe" keyword in their JScript eval shells and assumed it was required to eval complex statements (i.e code), but after trying to work out what it actually does for some training I'm working on I found it does nothing! Its unreferenced
1
1
262
28 Apr 2025
After a bit more digging it look like its referenced in Microsoft.JScript, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
but not Microsoft.JScript, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
The later of which is used by my IIS
1
193
1 Nov 2024
It put my life on hold for a month and I'm very sleep deprived but thanks for the great CTF @HuntressLabs @_JohnHammond @HuskyHacksMK @_BensonBoy23 @sudo_Rem @IzzyBoopFPV @Kaspertame #HuntressCTF
1
2
8
632
28 Sep 2024
Thank you to everyone who attended my training session and a massive thanks to @BSidesCbr for providing me the opportunity to run it. The slides and any code we used can be found here zeroed.tech/blog/bsides-2024…
I'd love any feedback on the session
4
16
1,999
22 Sep 2024
For those planing to attend my "Attacking and Defending Microsoft IIS" training session at @BSidesCbr next week, checkout the following post for the list of recommended software to have reaady to go zeroed.tech/blog/bsides-2024…
See you all Friday
1
10
44
5,705
21 Sep 2024
Defender seems interested in my upcoming BSides Canberra training on Attacking and Defending Microsoft IIS Training
7
723
18 Aug 2024
I'll be running a free 3 hour training session at @BSidesCbr teaching people how to defend IIS servers by learning how to attack them.
I'll be posting recommended host setups closer to the event so be sure to give me a follow.
cfp.bsidescbr.com.au/bsides-…
4
7
546
21 Jul 2024
How much do you know about IIS Machine Keys and View State? Are you confident you could not only identify an exploited host but also remediate it? If not, check out my new blog post which covers exploitation, detection and remediation
zeroed.tech/blog/viewstate-t…
41
111
19,793