William Burgess
@joehowwolfEx-theoretical physicist, currently terrible hacker and wannabe security researcher. Views are, regrettably, my own. Likes = bookmarks
Similar User
@tifkin_
@matterpreter
@zodiacon
@cobbr_io
@OutflankNL
@its_a_feature_
@mariuszbit
@passthehashbrwn
@djhohnstein
@retBandit
@jsecurity101
@_CobaltStrike
@StanHacked
@0xcsandker
@the_bit_diddler
Ever wanted to make your sketchy sys calls look squeaky clean? I wrote a blog demonstrating a PoC which calls NtOpenProcess to grab a handle to lsass with an arbitrary/spoofed call stack: labs.withsecure.com/blog/spoofing-… PoC: github.com/countercept/Ca…
New blog: Get details on recent changes, upcoming plans for #CobaltStrike R&D, and our strategy for increased communication. cobaltstrike.com/blog/cobalt-st…
New CS Blog - Revisiting the UDRL Part 3: cobaltstrike.com/blog/revisitin… If you like the idea of loading a custom c2 channel in your UDRL then this blog may be of interest 👀
The video just went live for my recent @BlueHatIL talk about a new Windows vulnerability class, including an exploit for kernel code execution 👇 youtube.com/watch?v=1LvOFU…
When I was a sec consultant, one of my favourite days was when a new CS dropped and there were plenty of goodies to play with. A lot of effort went into this release and there is a looot of cool stuff to hack around with
collection of kCTF exploits. not just exploit source, but documentation about the bug and documentation about how the exploit works. very cool stuff, and some really creative people out there
I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver. blog.slowerzs.net/posts/pplsyste…
This will be siiiiick, now want a recon ticket
Are you tired of being stuck in userland? Come to @reconmtl where I'll show you how to fast-talk your way into the Windows kernel. Coffee and exploits provided. Come for the pwnage. Stay for the knowledge. cfp.recon.cx/recon2024/talk…
Today, we're disclosing an overlooked, wide-impact bug/attack vector affecting the Windows/COM ecosystem, dubbed #MonikerLink. In Outlook, the bug's impact is far and wide: from leaking NTLM creds to RCE. The same issue may exist in other software, too. research.checkpoint.com/2024/the-risks…
super hot technique for preventing EDR dll loaded into the process from Marcus Hutchins (malwaretech): malwaretech.com/2024/02/bypass… just tested it successfully ;)
Working on a pretty scary project. I combined @C5pider Stardust and @joehowwolf recent work LLVM obfuscation work. ENDLESS_WALTZ produces unique PIC .bin's each time it's ran (== unique agents each compile...) L is normal Stardust, M+R are the same code but different runs of EW
Have you ever wanted to mutate Beacon Object Files? @joehowwolf and I have created a mutator kit that allows you to easily mutate Cobalt Strike sleep masks or BOFs in general. cobaltstrike.com/blog/introduci…
New CS blog: Introducing the Mutator Kit - Creating Object File Monstrosities with Sleep Mask and LLVM cobaltstrike.com/blog/introduci…
Sick work!
I'm exited to release GraphStrike, a project I completed during my internship at @RedSiege Route all of your Cobalt Strike HTTPS traffic through graph.microsoft.com. Tool: github.com/RedSiege/Graph… Dev blog: redsiege.com/blog/2024/01/g… #redteam #infosec #Malware #Microsoft
“A thin, thin brew - a man might drink himself into a dropsy before the stuff raised his spirits even half a degree.” Jack Aubrey on American coffee
Very nice work!
LLVM-Yx-CallObfuscator: An LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time. github.com/janoglezcampos…
We also have a (draft) pull request in the queue for a @metasploit exploit module against Ivanti Connect Secure (CVE-2023-46805 and CVE-2024-21887): github.com/rapid7/metaspl…
This is very cool
In this follow up from his article in May, @SBousseaden digs deeper into call stacks! See how Elastic Security 8.11 further increases efficacy against in-memory threats: go.es.io/47vnlPZ
And then he bought Twitter and created here a problem with the ads that is very much worse than the already bad (or maybe better say very bad?) problem with the ads on YouTube. Congrats, fantastic work. 👏👏👏 Fuck @elonmusk
I have posted the slides for the #BlackHat talk @chompie1337 and I gave yesterday -> Close encounters of the advanced persistent kind: Leveraging rootkits for post-exploitation github.com/FuzzySecurity/…
New Cobalt Strike blog by @HenriNurmi - Simplifying BOF Development: Debug, Test, and Save Your B(e)acon cobaltstrike.com/blog/simplifyi… All in VS BOF template available in latest Arsenal kit release!
United States Trends
- 1. Georgia 255 B posts
- 2. #MMA2024 224 B posts
- 3. Bob Bryar 15,5 B posts
- 4. Haynes King 12,1 B posts
- 5. 8 OTs 2.303 posts
- 6. sohee 29 B posts
- 7. Kirby 26,4 B posts
- 8. ATEEZ SHINES AT MMA 30 B posts
- 9. #GoDawgs 12,5 B posts
- 10. Nebraska 17,9 B posts
- 11. Trudeau 166 B posts
- 12. youngji 52,9 B posts
- 13. Iowa 26,3 B posts
- 14. GA Tech 4.238 posts
- 15. Athens 10,9 B posts
- 16. 8th OT 1.062 posts
- 17. Carson Beck 4.737 posts
- 18. GOT7 164 B posts
- 19. #Mafiathon2 1.209 posts
- 20. Brent Key 2.095 posts
Who to follow
-
Lee Chagolla-Christensen
@tifkin_ -
Matt Hand
@matterpreter -
Pavel Yosifovich
@zodiacon -
Ryan Cobb
@cobbr_io -
Outflank
@OutflankNL -
Cody Thomas
@its_a_feature_ -
mgeeky | Mariusz Banach
@mariuszbit -
Josh
@passthehashbrwn -
Dwight Hohnstein
@djhohnstein -
Chris Thompson
@retBandit -
Jonny Johnson
@jsecurity101 -
Cobalt Strike
@_CobaltStrike -
Stan Hegt
@StanHacked -
Carsten
@0xcsandker -
sinusoid
@the_bit_diddler
Something went wrong.
Something went wrong.