Gave a guest lecture "Windows Internals Crash Course" at the Ruhr-Universitรคt Bochum today. No novel research, but might be interesting for people getting into started. youtu.be/I_nJltUokE0 Thanks to @mr_phrazer for the invite!
Hacked together an IDA Pro MCP server in a few hours tonight! I gave Claude a simple crackme, but forgot to remove the source code from my project folder and in the end it cheated to find the solution๐คฆโโ๏ธ
Variable renaming and retyping is implemented though, so that might be
Success! Claude 3.7 with my IDA Pro MCP server managed to solve the crackme that was previously failing๐ฆพ
The trick was adding a convert_number tool and stress to always use it for conversions. It took ~7 minutes to run and the cost was $1.85. Also includes an analysis report.
๐จ Want to hook the application entry point from DllMain with just a pointer swap? ๐จ You can replace the RtlUserThreadStart pointer in the CONTEXT on the stack. #redteam#security#redteamtips
Wrote a little tool to generate a proxy for DLL hijacking. ASM stubs are often used for this purpose, but with some trickery you can use forwards with absolute paths! github.com/mrexodia/perfeโฆ#infosec#redteam#Memes
๐ฅ TitanHide has been updated to support the latest VMProtect 3.9.4 changes!
The service name is now used as the device name as well, so the check for \\.\TitanHide will fail if you name the service differently ๐ง
๐จ Want to quickly find the ntdll base without checking the module name? ๐จ You can use the location of the LoaderLock to know which range is the right one. #redteam#security#redteamtips