Joined October 2018
- Tweets 361
- Following 1,204
- Followers 337
- Likes 1,090
Photos and videos
Pinned Tweet
12 Dec 2023
My first research and tool are finally out. If you want to deep dive into some CLR internals and understand how we can abuse it to blend-in within its own logic go check it out. Hope you'll enjoy the read.
ipslav.github.io/2023-12-12-…
8
72
183
32,155
Petar Jr. Pranic retweeted
15 Dec 2023
6 months before @porchetta_ind's events unfolded, I paused updating my FOSS tools, questioning their value. To rediscover this and shape future developments, I've opened a private server for ppl to share ideas or even just connect.
Interested? Join! discord.gg/u2AZcuGr
1
10
32
9,503
12 Dec 2023
My first research and tool are finally out. If you want to deep dive into some CLR internals and understand how we can abuse it to blend-in within its own logic go check it out. Hope you'll enjoy the read.
ipslav.github.io/2023-12-12-…
8
72
183
32,155
14 Dec 2023
Thanks everyone for the amazing replies, I'm flabbergasted by them.
I wanted to thanks my friends @Her0_IT, @Void_Sec, @KlezVirus and @naksyn for their support and peer-review on this blogpost.
5
5
512
14 Dec 2023
Also, biggest shoutout of all to @ShielderSec whose sponsored this research and made all of this a reality! Not every company allows you to do that, so if you want to uncover new stuff with us please reach out 🔥
2
221
12 Dec 2023
Huge credits to @MrUn1k0d3r , @_xpn_ , @_ForrestOrr , @daem0nc0re and @d_tranman for their previous researches and PoCs.
2
5
1,146
Petar Jr. Pranic retweeted
1 Dec 2023
🎁 GIVEAWAY TIME! 🎁 - I'm giving away 2 seats for my brand new "Hands-On Kusto Query Language (KQL) for Security Analysts" course!
Please follow @BluRavenSec , Comment, and Repost to participate.
👉 academy.bluraven.io/hands-on…
Two random winners will be announced on 5 December 2023.
#kql #microsoftsentinel #microsoftdefender #microsoftxdr #threathunting #dfir #detectionengineering
46
72
81
17,715
23 Nov 2023
100% accurate
1
317
Petar Jr. Pranic retweeted
18 Nov 2023
Here's Process Stomping injection and how you can use it in a Mockingjay-ish way to load a Beacon on a exe's RWX section using sRDI. Check it out!
Blog: naksyn.com/edr evasion/202…
Tool: github.com/naksyn/ProcessSto…
Thanks to @hasherezade and @monoxgas for their awesome work
3
93
256
36,249
18 Sep 2023
RomHack has ended and it has been amazing. Kudos to @cybersaiyanIT for the awesome conference and an incredible training from @_dirkjan. Special thanks to @APTortellini,@KlezVirus, @naksyn, @trickster012 @Th3Zer0, @suidpit, @ila_marco_, @zi0Black, and @frycos for the great time.
5
5
13
3,447
Petar Jr. Pranic retweeted
17 Sep 2023
And finally our #defcon31 talk is also on YouTube! 😁
youtu.be/_2lH90C2nOM?si=qHlJ…
35
120
16,538
14 Sep 2023
Come say hi 👋
12 Sep 2023
"Never stop learning" - with this in mind, we couldn't have missed such a great opportunity!
If you are attending these amazing training sessions too, make sure to meet our very own teammates: @Th3Zer0, @ipSlav, and @madt1m_, to talk about IT shenanigans!
3
159
Petar Jr. Pranic retweeted
#RomHackTraining started this morning
Dirk-jan Mollema (Azure AD Security) and Silvio Cesare (Code review) teaching our studends right now 🔥🔥🔥
8
27
14,157
More to come in the upcoming weeks
3 Aug 2023
Me and @Her0_IT did a fair bit of research against one of the leading EDRs in the sector. This first post will hopefully be the start of a long saga, documenting all of our findings.
This first part was dated back in 2020:
riccardoancarani.github.io/2…
5
9
2,170
Petar Jr. Pranic retweeted
3 Aug 2023
Ever wondered how to pull a Houdini on #auditd and let linux events vanish into thin air? Dive into our latest blog post by @qtc_de and meet the magic wands ^H^H^H PoCs 'daphne' & 'apollon' 😎 code-white.com/blog/2023-08-…
3
24
49
15,627
Petar Jr. Pranic retweeted
30 May 2023
Check out ScrapingKit by @myexploit2600 and I on @Lares_ Labs, a tool we've been working on for the past week and a half focused on picking up quick wins in windows environments, useful for both #blueteam and #redteam purposes. labs.lares.com/introducing-s…
2
14
41
9,588
Petar Jr. Pranic retweeted
3 May 2023
Introducing ETWHash!
ETWHash is a new method and tool by @lefterispan for consuming SMB events from Event Tracing for Windows (ETW) and extracting NetNTLMv2 hashes for cracking offline.
labs.nettitude.com/blog/etwh…
170
324
47,512
New major roadrecon release is out! This release adds supports for:
- Eligible AAD admin roles (PIM)
- Scoped and custom roles
- Administrative Units
All now in the GUI and readable by any member user in the tenant (yes including eligible roles)😀github.com/dirkjanm/ROADtool…
1
51
164
20,984
Petar Jr. Pranic retweeted
6 Mar 2023
This Thursday March 9th, @MrUn1k0d3r will be presenting "Windows Internals for Red Teams" in the Prelude community discord at 7 PM EST. Drop in, chat, and learn about Windows internals! discord.gg/fZbfdUQM4A #infosec #redteam
1
34
122
24,933
23 Feb 2023
I'll do an educational talk about this tomorrow in Milan. If you don't have a blue team and/or enough maturity you don't need a red team assessment and whoever is selling a red teaming without this requirements it just reducing the value of an actual red team engagement.
14 Jan 2023
Once again everyone doesn't need red teaming. Most of the complaints on here around the topic are people using red teaming in some capacity where they would benefit from other activities instead. That doesn't mean red teaming needs to be changed or modified.
363