Gabriel Landau (@GabrielLandau) / X

Gabriel Landau

1,427 posts

Gabriel Landau

@GabrielLandau

gabriellandau.github.io

Maryland, USA

Joined November 2009

Pinned
Gabriel Landau
@GabrielLandau
Feb 19
Step right up! 📢 We’re serving up a Windows kernel exploit that never goes stale. 🍿 Forget patches, this forever-day is popping off and it's here to stay. Grab a bucket and watch the show! elastic.co/security-labs/…
12K
Gabriel Landau
@GabrielLandau
Oct 25, 2018
Brand new Win10 laptop. Attempt to install Chrome. Almost get owned with my very first action. Why is this still happening in 2018, @bing? Please explain.
00:00
Gabriel Landau
@GabrielLandau
Jun 15, 2021
Evade AV by deleting your payload before running it. Introducing Process Ghosting 👻:
What you need to know about Process Ghosting, a new executable image tampering attack
From elastic.co
Gabriel Landau
@GabrielLandau
Feb 2, 2022
Antivirus getting in your way? Put it in a sandbox, and go about your day. elastic.github.io/security-resea…
Gabriel Landau
@GabrielLandau
Jul 11, 2024
Introducing a new Windows vulnerability class: False File Immutability. 👉 Bonus: a kernel exploit to load unsigned drivers.
Introducing a New Vulnerability Class: False File Immutability — Elastic Security Labs
From elastic.co
71K
Gabriel Landau
@GabrielLandau
Aug 28, 2023
Forget vulnerable drivers - Admin is all you need Article 👉 elastic.co/security-labs/… 👇 Demo - enable sound 🔊
00:00
97K
Gabriel Landau
@GabrielLandau
Sep 29, 2023
Watch me drop some still-unpatched Windows exploits at BlackHat: ✅ Bypass LSASS RunAsPPL ✅ Modify kernel memory 💥 Zero vulnerable drivers Article: tiny.cc/FVDX Article #2: tiny.cc/KillingPPLFault Code: github.com/gabriellandau/… Talk: 👇 youtu.be/5xteW8Tm410
78K
Gabriel Landau
@GabrielLandau
Jan 11, 2024
Friendly reminder that these 476-day kernel and PPL exploits still work on fully-patched 23H2. Happy January pwnage! #NotASecurityBoundary
Gabriel Landau
@GabrielLandau
Sep 29, 2023
Watch me drop some still-unpatched Windows exploits at BlackHat: ✅ Bypass LSASS RunAsPPL ✅ Modify kernel memory 💥 Zero vulnerable drivers Article: tiny.cc/FVDX Article #2: tiny.cc/KillingPPLFault Code: github.com/gabriellandau/… Talk: 👇 youtu.be/5xteW8Tm410
44K
Gabriel Landau
@GabrielLandau
Dec 3, 2021
Microsoft won't fix this Windows LPE, but I'll show you how to detect and block it:
Detecting and blocking unknown KnownDlls
From elastic.co
Gabriel Landau
@GabrielLandau
Oct 12, 2022
The reports of PPLdump's death are greatly exaggerated. Just BYOVDLL - ntdll in this case 😉
Clément Labro
@itm4n
Jul 24, 2022
The July 2022 update of Windows 10/11 killed PPLdump 💀😢 Find out how in this blog post... 👉 itm4n.github.io/the-end-of-ppl…
Gabriel Landau
@GabrielLandau
May 11, 2023
Thanks to everyone who attended my Black Hat Asia talk! You can find the slides here:
drive.google.com
AS-23-Landau-PPLdump-Is-Dead-Long-Live-PPLdump.pdf.pdf
34K
Gabriel Landau
@GabrielLandau
Jun 30, 2024
Thanks to everyone who attended my @reconmtl and @BlueHatIL talks! The exploit and slides are here: github.com/gabriellandau/… If you took any photos during either of the talks, please share them here. Also, please don't hesitate to stop me to say hi!
30K
Gabriel Landau
@GabrielLandau
Jun 17, 2024
Sure it's off 😉
25K
Gabriel Landau
@GabrielLandau
Jul 16, 2024
> Elastic has pushed the defensive industry forward with their anomalous call stack detection logic that is a formidable challenge for modern red team operations. Thanks for the shout-out! We have plans to make your jobs even harder. 🙂
Cobalt Strike 4.10: Through the BeaconGate - Cobalt Strike
From cobaltstrike.com
12K