Pinned
This new book has finally arrived. Thank's to @nostarch as well as @billpollock for making it happen as well as @Lee_Holmes as my tech reviewer.
James Forshaw
6,573 posts
James Forshaw
@tiraniddo
Security researcher in Google Project Zero. Author of Attacking Network Protocols. Tweets are my own etc. Mastodon: @[email protected]
- My book's finally here, just in time for Xmas. Thanks to @billpollock and @nostarch for all their time and effort as well as my friend @k8em0 for doing the forward. Hope anyone who's bought it are seeing final copies arriving. And it's a dog on the cover BTW 🙂
- My next book is finally in early-access at @nostarch, with the goal for release at the end of 2023. More details are available at nostarch.com/windows-securi…
- "Can you still relay authentication in a Windows domain if NTLM is disabled?", I asked myself. "Perhaps I should research that" I said. Here's a blog post about what I found out.
- Opened a fun bug (or is it backdoor?) in a "hidden" COM server which adds a certain Mr DeYoung as an Administrator to your computer with no password. bugs.chromium.org/p/project-zero….
- Published part 1 of a short series on AppLocker internals, no bypasses, just how the technology actually works on Windows 10 1909 and maybe some silly tricks along the way. tyranidslair.blogspot.com/2019/11/the-in…
- Finally I can release details about my most serious RCG bug. RCE/EoP in LSASS via CredSSP. Reachable through RDP or WinRM if configured correctly. Will try and put together a blog about it at some point😁bugs.chromium.org/p/project-zero…
- This only took me 4 years to write :-) Abusing default Windows Kernel Debugging settings to bypass the login screen. tyranidslair.blogspot.co.uk/2017/03/gettin…
- Just because you get access denied accessing a folder, it doesn't mean you can't get access. A quick look at bypassing the security on the WindowsApps folder. tiraniddo.dev/2024/06/workin…
- Written a quick blog post about abusing Kerberos to locally bypass UAC. Unclear if this technique has been documented before, but at the very least I describe why it works :) tiraniddo.dev/2022/03/bypass…
- Written a new blog in my Windows Exploitation Tricks series, how to spoof the named pipe client PID. googleprojectzero.blogspot.com/2019/09/window…
- I try an avoid this hellsite, but I did a quick dive into sudo in Windows and here are my initial findings. tiraniddo.dev/2024/02/sudo-o… The main take away is, writing Rust won't save you from logical bugs :)
