Joined November 2015
- Tweets 2,109
- Following 375
- Followers 4,281
- Likes 10,240
222 Photos and videos
Mark retweeted
10 Feb 2025
Check out our latest report covering Ivanti CSA vulnerability with complete root cause analysis, detailed breakdown of ITW exploitation, overview of worldwide targets alongside comprehensive IoCs & detection rules 👇🏻
harfanglab.io/insidethelab/i…
13
27
3,661
Mark retweeted
26 Jan 2025
In case if you wonder what broke #ProcessHollowing on Windows 11 24H2, I have something for you: hshrzd.wordpress.com/2025/01…
4
283
809
54,030
Read “Behind Hacking-Team’s vector-edk“ on Medium: medium.com/@wolfcod/behind-h…
2
6
608
25 Jan 2025
My old keybase is dead, if you want to reach me on keybase use this one.
24 Jan 2025
Verifying myself: I am marklechtik on Keybase.io. 9RMVFje1UmWmrBeffCo6c69DF6sjVQ_FGpMI / keybase.io/marklechtik/sigs/…
2
713
24 Jan 2025
Verifying myself: I am marklechtik on Keybase.io. 9RMVFje1UmWmrBeffCo6c69DF6sjVQ_FGpMI / keybase.io/marklechtik/sigs/…
1
1,129
Mark retweeted
30 Dec 2024
Writing an IDA processor module for the PigletVM
youtu.be/JfPU31HLHrc
1
11
80
6,472
11 Dec 2024
RT @MalwareRE: Frequent freeloader part II: After co-opting the tools and infrastructure of another nation-state threat actor to facilitate…
5
Mark retweeted
11 Dec 2024
Excited to be able to publicly share the research I've been focusing on (and off) for the past several months! ~ lookout.com/threat-intellige…
2
33
127
11,077
Mark retweeted
9 Nov 2024
#FlareOn11 is over, so I published the repository with all my source codes: github.com/hasherezade/flare…. Write-ups coming soon!
7
126
495
35,975
Mark retweeted
12 Nov 2024
tldw;
For #flareon11 challenge #10 by @_marklech_, here's the approach I took:
1. Use UEFI Tool to extract the Shell app from the bios file
2. Use efiXplorer and Lumina to bring it as many symbols as possible
3. Use the angr framework to solve flag #1 and flag #2
4. For flag #3, full RE of the virtual machine
5. Implement a VM disassembler
6. Implement a VM decompiler: bytecode -> x64 assembly -> Hex-Rays decompiler -> C pseudocode
7. For fun, solve flag #1 and flag #2 again but with KLEE (on the decompiled bytecode which is now VM interpreter free and in clean C form)
8. Solve flag #3 with a bit of bruteforce
The most fun part was converting the bytecode back to pseudocode (going through x64 assembly first) and taking the blackbox approach with both angr and KLEE.
All files are online here: github.com/allthingsida/allt… (fully documented IDB, KLEE adapated bytecode, angr driver, and bytecode decompiler via x64asm, etc.).
1
1
27
1,681
Solving (and Pwning) Flare-On Level 10
jro.sg/flareon11/solving10.h…
#flareon11
1
18
75
5,822
Mark retweeted
9 Nov 2024
My solution for the 10-th task: hshrzd.wordpress.com/2024/10… #FlareOn11
2
7
45
6,487
Mark retweeted
9 Nov 2024
Flare-On 11's CatBert CTF challenge walkthrough
youtu.be/B1hE2z5JmLo
#flareon11
3
36
148
10,857
9 Nov 2024
Earlier this year, before leaving Mandiant, I had the opportunity to create Challenge #10 for the #FlareOn11 CTF! Here’s a quick rundown of the challenge. 🧵⬇️
3
8
94
13,696
9 Nov 2024
In crafting my solution, I opted for a straightforward approach. For more advanced techniques, I often look to @allthingsida’s content. This year, he shared his own solution in a fantastic video that you can check here 🎥 :youtu.be/B1hE2z5JmLo?si=OT9E…
1
10
879
9 Nov 2024
I hope you enjoyed tackling this year’s challenge! Looking forward to reading everyone’s solutions and learning from the unique approaches. #flareon11
1
7
971