VB2019 paper: Rich Headers: leveraging this mysterious artifact of the PE format
#windows_internals
#pe_format
#reverse_engineering
#reversing
@ZwLowLevel
Virusbulletin
Virus Bulletin :: VB2019 paper: Rich Headers: leveraging this mysterious artifact of the PE format
Ever since the release of Visual Studio 97 SP3, Microsoft has placed an undocumented chunk of data between the DOS and PE headers of every native Portable Executable (PE) binary produced by its linker without any possibility to opt out. The data contains…
BreakFAST - Kerberos FAST Armoring Abuse
Proof of concept for Kerberos Armoring abuse.
Proof of concept for Kerberos Armoring abuse.
#offensive_tool
#active_directory
#ad
#kerberos
@ZwLowLevel
https://github.com/monsieurPale/BreakFAST
The Typeframe PX-88 Portable Computing System
The Typeframe PX-88 is an integrated system that has been perfectly arranged to guarantee a superior outcome for the operator. Leave it to Typeframe to integrate these critical elements into one commanding machine.
#hardware
@ZwLowLevel
https://www.typeframe.net/
The Typeframe PX-88 is an integrated system that has been perfectly arranged to guarantee a superior outcome for the operator. Leave it to Typeframe to integrate these critical elements into one commanding machine.
#hardware
@ZwLowLevel
https://www.typeframe.net/
www.typeframe.net
A collection of open-source hardware and software for building writerdecks/cyberdecks.
How we got hit by Shai-Hulud: A complete post-mortem
We had been compromised by
We had been compromised by
Shai-Hulud 2.0, a sophisticated npm supply chain worm that compromised over 500 packages, affected 25,000+ repositories, and spread across the JavaScript ecosystem. We weren't alone: PostHog, Zapier, AsyncAPI, Postman, and ENS were among those hit.#malware_analysis
#malware_spreading
#supply_chain
@ZwLowLevel
https://trigger.dev/blog/shai-hulud-postmortem
trigger.dev
How we got hit by Shai-Hulud: A complete post-mortem | Trigger.dev
On November 25th, one of our engineers was compromised by the Shai-Hulud npm supply chain worm. Here's what happened, how we responded, and what we've changed.
AV/EDR Killer
AV/EDR Killer by exploiting Signed Microsoft driver.
AV/EDR Killer by exploiting Signed Microsoft driver.
#offensive_tool
@ZwLowLevel
https://github.com/SaadAhla/Killer
💯 We're starting another new week. I hope everyone achieves their goals.
SuperTinyKernel (STK)
Minimalistic C/C++ thread scheduling kernel for Embedded Systems - SuperTinyKernel (STK).
Minimalistic C/C++ thread scheduling kernel for Embedded Systems - SuperTinyKernel (STK).
#ring0
#ring_0
@ZwLowLevel
https://github.com/dmitrykos/stk
GitHub
GitHub - dmitrykos/stk: Minimalistic C++ thread scheduling kernel for Embedded systems - SuperTinyKernel (STK). Supports ARM Cortex…
Minimalistic C++ thread scheduling kernel for Embedded systems - SuperTinyKernel (STK). Supports ARM Cortex-M and RISC-V MCUs with debugging possibility on conventional x86. Compiles with GCC. Come...
SheepCrypter - Ghostly Hollowing Crypter
Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum stealth.
Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum stealth.
#malwaredev
#maldev
#malware_development
@ZwLowLevel
https://github.com/TheDarkMythos/SheepCrypter
GitHub
GitHub - TheDarkMythos/SheepCrypter: Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and…
Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum stealth. - TheDarkMythos/SheepCrypter
Low Level CO 🇨🇴
EP20 Windows Under the Hood: Kernel Design, EDR, and the Transition to VBS with Pavel Yosifovich #windows_internals #windows_kernel @ZwLowLevel
Behind the Binary EP20: Windows Under the Hood: Kernel Design, EDRs, and the Shift to VBS with Pavel Yosifovich
Googlecloudcommunity
Behind the Binary EP20: Windows Under the Hood: Kernel Design, EDRs, and the Shift to VBS with Pavel Yosifovich | Community
In this episode, we get a unique look at the history of Windows through the eyes of one of its leading experts, Pavel Yosifovich. We delve into his fascinating origin story, including the "fluke" that led him to become the author of the legendary Windows…