@joehowwolf profile picture
William Burgess @joehowwolf

Ex-theoretical physicist, currently terrible hacker and wannabe security researcher. Views are, regrettably, my own. Likes = bookmarks

Joined September 2014
  • Tweets 2,042
  • Following 4,005
  • Followers 2,278
46 Photos and videos
Pinned Tweet
William Burgess@joehowwolf
30 Jun 2022
Ever wanted to make your sketchy sys calls look squeaky clean? I wrote a blog demonstrating a PoC which calls NtOpenProcess to grab a handle to lsass with an arbitrary/spoofed call stack: labs.withsecure.com/blog/spo… PoC: github.com/countercept/CallS…

9
233
594
William Burgess retweeted
quarkslab@quarkslab
7 Sep 2023
Did you know that Windows processes fundamental to Operating System security run in Isolated User Mode and can not be debugged ? Well that's true except when it isn't. Here @fdfalcon provides a step by step guide to do it blog.quarkslab.com/debugging… #Windows #ReverseEngineering
Debugging vmsp.exe in VTL1 with nested virtualization and binary patching. The Way of The Cracker

ALT Debugging vmsp.exe in VTL1 with nested virtualization and binary patching. The Way of The Cracker

3
172
423
64,349
William Burgess retweeted
Thomas Bloom@thomasfbloom
May 20
An internal OpenAI model has disproved one of the most well-known Erdős problems: the unit distance problem. This is, without doubt, the most impressive achievement of AI in mathematics so far. openai.com/index/model-dispr…

An OpenAI model has disproved a central conjecture in discrete geometry

An OpenAI model solved the 80-year-old unit distance problem, disproving a major conjecture in discrete geometry and marking a milestone in AI-driven mathematics.

openai.com
9
54
337
27,576
William Burgess retweeted
Arsenal
@Arsenal
May 19
This belongs to all of us.
3:09
6,881
109,557
321,017
12,151,081
[BLOG] Playing in the (Tradecraft) Garden of Beacon: Finding Eden - cobaltstrike.com/blog/playin…

Playing in the (Tradecraft) Garden of Beacon: Finding Eden

Using Raphael Mudge’s Crystal Palace, Cobalt Strike can rapidly combine different capabilities to create novel loaders. This blog explains how we have open sourced Eden Loader to demonstrate the...

cobaltstrike.com
1
10
35
3,008
William Burgess retweeted
Neil Zeghidour
@neilzegh
Jan 20
Me defending my O(n^3) solution to the coding interviewer.
0:11
413
4,940
48,971
3,977,075
William Burgess retweeted
Nicolas Krassas
@Dinosn
Jan 18
PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion resecurity.com/blog/article/…

Resecurity | PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion

resecurity.com
1
26
102
7,454
William Burgess retweeted
Sean Heelan@seanhn
Jan 18
Blog post: On the Coming Industrialisation of Exploit Generation with LLMs sean.heelan.io/2026/01/18/on… TL;DR: I ran an experiment with GPT-5.2 and Opus 4.5 based agents to generate exploits for a zeroday QuickJS bug. They're pretty good at it. Code: github.com/SeanHeelan/anamne…
29
233
1,100
230,038
William Burgess retweeted
Connor McGarr@33y0re
Jan 19
[New @originhq blog POC] No PPL? No problem! SecurityTrace, an undocumented ETW feature, restricts some AutoLogger traces to PPL only — yet we found this current design still allows non-PPL processes to consume from Threat-Intelligence as admin only! originhq.com/blog/securitytr…

Check Your Privilege: The Curious Case of ETW's SecurityTrace Flag | Origin

By Connor McGarr on 2026-01-19

originhq.com
4
82
174
21,918
William Burgess retweeted
Connor McGarr@33y0re
Jan 16
Want to consume Microsoft-Windows-Threat-Intelligence but Antimalware-PPL getting you down? No problem! I will post a blog & POC soon - but this allows you to consume Threat-Intelligence without PPL _and_ w/o any kernel patching/driver loading gymnastics! Only need admin!
0:27
5
39
211
23,815
William Burgess retweeted
Cobalt Strike@_CobaltStrike
24 Nov 2025
Cobalt Strike 4.12 is LIVE, complete with a new look for the GUI! Additionally, we're introducing: - A REST API - User Defined Command and Control (UDC2) - New process injection options - New UAC bypasses - and more! Check out the release blog for details. ow.ly/RSmE50Xx1OS
4
29
91
45,408
A looot in this but if (like me) you’re a fan of custom egress channels ala extc2 this will be of particular interest 👀
Cobalt Strike@_CobaltStrike
24 Nov 2025
Cobalt Strike 4.12 is LIVE, complete with a new look for the GUI! Additionally, we're introducing: - A REST API - User Defined Command and Control (UDC2) - New process injection options - New UAC bypasses - and more! Check out the release blog for details. ow.ly/RSmE50Xx1OS
1
4
564
William Burgess retweeted
Cobalt Strike@_CobaltStrike
15 Sep 2025
New Blog: Based on his talk at Black Hat, @0xTriboulet discusses integrating Windows AI/ML APIs into Cobalt Strike’s workflows and presents proof-of-concept implementations for AI-augmented post-exploitation capabilities in Cobalt Strike. ow.ly/8hSO50WWTSW
2
30
62
13,588
William Burgess retweeted
Tijme Gommers@tijme
5 Sep 2025
Exciting times. I'm publishing Dittobytes today after presenting it at @OrangeCon_nl ! Dittobytes is a true metamorphic cross-compiler aimed at evasion. Use Dittobytes to compile your malware. Each compilation produces unique, functional shellcode. github.com/tijme/dittobytes
0:06
11
98
257
27,760
I will be presenting at Beacon conf next week on “Linkers and Loaders: Experiments with Crystal Palace”. If you enjoy filthy PIC tradecraft it may be of interest! eventbrite.co.uk/e/beacon-25…

Beacon %

The fourth year of Beacon: London's home of hackers, hunters and EDR dodgers.

eventbrite.co.uk
3
14
48
11,512
William Burgess retweeted
Connor McGarr@33y0re
30 Jul 2025
I am excited for us to finally share our fully user-mode detection agent research preview! Intel Processor Trace, Last Branch Record, thread scheduler and PMU telemetry all from user-mode, using the latest Windows features!
Origin
@originhq
30 Jul 2025
Announcing our whitepaper on the future of endpoint security. preludesecurity.com/runtime-…
3
27
121
15,080
William Burgess retweeted
Rasta Mouse@_RastaMouse
26 Jul 2025
Published a small collection of PIC loaders for Cobalt Strike, based on my experiments with Crystal Palace. github.com/rasta-mouse/Cryst…

GitHub - rasta-mouse/Crystal-Loaders: A small collection of Crystal Palace PIC loaders designed for...

A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike - rasta-mouse/Crystal-Loaders

github.com
2
66
225
13,822
William Burgess retweeted
TrustedSec
@TrustedSec
1 Jul 2025
Chrome Remote Desktop can offer red teamers a subtle way to bypass restrictions—if they know how to use it. In this blog, @Oddvarmoe reveals a practical guide to repurposing Chrome Remote Desktop on red team operations. Read it now! trustedsec.com/blog/abusing-…

Abusing Chrome Remote Desktop on Red Team Operations: A Practical…

trustedsec.com
82
231
29,215
William Burgess retweeted
Matt Ehrnschwender@M_alphaaa
30 May 2025
I'm finally releasing a project that I've been working on for a little while now. Here's Boflink, a linker for Beacon Object Files. github.com/MEhrn00/boflink Supporting blog post about it. blog.cybershenanigans.space/…

GitHub - MEhrn00/boflink: Linker for Beacon Object Files

Linker for Beacon Object Files. Contribute to MEhrn00/boflink development by creating an account on GitHub.

github.com
6
64
203
19,465
William Burgess retweeted
Rasta Mouse@_RastaMouse
8 Jun 2025
[BLOG] Integrating Tradecraft Garden PIC loaders into Cobalt Strike rastamouse.me/harvesting-the…
1
37
126
9,265
[BLOG] Dynamically Instrumenting Beacon with BeaconGate - For All Your Call Stack Spoofing Needs! cobaltstrike.com/blog/instru…

Dynamically Instrumenting Beacon With BeaconGate | Cobalt Strike

See how to instrument Beacon via BeaconGate and walk through return address spoofing, indirect syscalls, and a call stack spoofing technique, Draugr.

cobaltstrike.com
4
52
112
12,133
Load more