Python (ab)user / Security / Windows internals / @ExaTrack
Joined June 2012
- Tweets 473
- Following 532
- Followers 1,118
- Likes 1,156
9 Photos and videos
Pinned Tweet
8 Jan 2016
I am sharing my Windows-specific #Python codebase: github.com/hakril/PythonForW….
It even has a documentation ! hakril.github.io/PythonForWi…
53
89
Clement Rouault retweeted
Jun 9
Une neuvième rump ! Ivan nous détaillera une vulnérabilité dans OnlyOffice lors de sa présentation « OnlyLeak »
3
5
318
Clement Rouault retweeted
Jun 8
Une huitième rump ! "Boot me if you can" : une présentation sur l'attaque de chaines de confiance par Damien
5
5
410
Clement Rouault retweeted
Jun 2
Une septième rump ! @N1aKan nous racontera le déroulement du takedown du ransomware Hive dans sa rump "Histoires de PJ : Hive ransomware" !
3
10
471
Clement Rouault retweeted
Jun 1
Une sixième rump ! "Borne 2 Shell", présentation d'une attaque 0-click sur une borne de recharge de véhicule par b.
3
5
566
Clement Rouault retweeted
May 29
Une cinquième rump ! zadig (@prng1337) avec sa rump "TLS revisité par Nintendo" viendra nous présenter un bug trouvé sur la Nintendo Switch 2
7
11
1,284
Clement Rouault retweeted
May 28
Une quatrième rump ! @hakril revient pour cette édition de BeeRumP nous présenter de la vulnérabilité Windows avec sa rump "Retour vers le TAPI"
1
6
8
768
Clement Rouault retweeted
May 26
Une deuxième rump acceptée ! Un peu d'attaque hardware avec das (@_gquere) : "Temu EMFI: hardware hacking on a budget"
3
4
632
Clement Rouault retweeted
May 22
Pour notre première rump acceptée, @angel_killah nous parlera de reverse de jeu d'arcade dans sa rump "A practical example of how arcade games cheat you"
6
11
1,274
Apr 1
We are releasing a new method to collect the SRUM Windows forensic artifacts : github.com/ExaTrack/SrumQuer…
@ExaTrack, we have discovered a new method to retrieve the database via a srumapi!SruQueryStatsEx.
Thus, we share this method that we used for 2 years in our tools.
4
8
1,441
Clement Rouault retweeted
16 Oct 2025
Discover a new linux backdoor hidden for 10 YEARS in a critical HTTP server, waiting for a "magic packet" to wake up.
Undocumented TTP. Full report: blog.exatrack.com/Butoflex%2… #Malware #ThreatHunting #Cybersecurity @ExaTrack @LoginSecurite
1
12
19
1,349
Clement Rouault retweeted
19 May 2025
🚀 Take your malware analysis skills to the next level with Exalyze
Discover our unique capabilities to compare malware code with our entire database, identifying similar samples and uncovering hidden connections.
👉 exalyze.io
@Exalyze_io
13
11
989
Clement Rouault retweeted
6 May 2025
🚨 WARNING: A fake domain—cff-explorer[.]com—has been registered to distribute malware. It currently appears as the top Google result when searching for "CFF Explorer". The only legitimate domain is ntcore.com.
1
8
10
1,776
Clement Rouault retweeted
15 Feb 2025
"A calculator app? Anyone could make that."
Not true.
A calculator should show you the result of the mathematical expression you entered. That's much, much harder than it sounds.
What I'm about to tell you is the greatest calculator app development story ever told.
567
4,000
33,076
4,524,132
Clement Rouault retweeted
13 Feb 2025
For the first time, our training "Bug Hunting in Hypervisors" is open to the public at @reconmtl !
Designed for security researchers,we will dive into VM escapes, hypervisor attack surfaces, and real-world exploitation.
More info: recon.cx/2025/trainingBugHun…
5
22
7,244
Clement Rouault retweeted
26 Jan 2025
The second part of my #WinDbg deep-dive into the #Windows #bootloader is up: Get ready for a decades-old registry structure, unique sorting algorithms, and lots of corner cases. The result is a modern Rust replacement for Mark Russinovich's LoadOrder tool: colinfinck.de/posts/nt-load-…
41
140
9,220
Clement Rouault retweeted
12 Jan 2025
Yes, PDF runs DOOM! th0mas.nl/downloads/doom.pdf
(PDFium only for now)
16
201
1,769
79,355
7 Jan 2025
I wanted to know how WMI Win32_OperatingSystem.Caption get the correct Version number (ex: "Microsoft Windows 11 Pro").
Turns out it's a DLL export: winbrand!BrandingLoadString.
And there is a patent for that : patentimages.storage.googlea…
2
227
3 YEARS of stealth! We uncovered new tactics used by the perfctl malware, including a userland rootkit & an SSH backdoor (a single SPACE in /etc/passwd!). More insights: blog.exatrack.com/Perfctl-us… #cybersecurity #threat_hunting #linux #infosec #perfctl #rootkit #ssh #exatrack
5
7
709
Clement Rouault retweeted
22 Nov 2024
After 6 years, I made a blog thingy again.
This time about MmScrubMemory. An innocuous looking function that has bitten my ass several times in the last several years. And if you're developing a hypervisor, it might've bitten yours, too.
wbenny.github.io/2024-11-21-…
4
27
96
10,040