Because I have no life, I decided to spend my morning pulling older versions of the default driver block list and updated github.com/jsecurity101/M… accordingly.

There is also now a centralized driversipolicy.xml that will be updated with every new default block list, so that…

What are some good conferences people would suggest submitting to for defensive based research? A lot of conferences I’ve submitted to seem to accept a lot more offensive / AI based talks…

Decided to create a repo on tracking the default driver block list based on OS build.

github.com/jsecurity101/M…

Happy Friday! I have gotten a lot of questions around ETW Patching as of late. I decided to write a blog on understanding ETW Patching, check it out!

jsecurity101.medium.com/understanding-…

I wrote a script to identify every TAKEOVER and ELEVATE attack in Misconfiguration Manager that can be run with Read-only Analyst privileges or higher in SCCM. Please share with your IT admins, defenders, clients, assessors, and friends in infosec!
posts.specterops.io/rooting-out-ri…

It's a 'finish 1 of the 10 half written blogs' I've had sitting around for a while kind of night.

Shout out to Andrea Allievi for building SkTool. The easiest way to find out what Hypervisor / secure kernel features are enabled on a system

Awesome to see the “final” release 🤣 of this research with Megan. But will this post be the last?! 🤪

Please give Megan a follow! She is a fantastic purple teamer and deserves all the credit for this post and the research behind it 🦾💜

Dear InfoSec community. Stop your click clackin on your keyboards and take a moment to wish my BOY Andrew a very happy birthday.

Appreciate the heck out of this dude. Will never forget when I was in college and he told me to download DetectionLab and pick a technique from…

GIANT merge to Nemesis just published
If you've ever struggled to install Nemesis, we've made it 10x easier by getting rid of nemesis-cli and using Helm for k8s management instead
Check out the new setup guide for instructions on how to install: github.com/SpecterOps/Nem…

One thing I really like about PowerParse's Get-TTPs module is that instead of looking for specific APIs within the Imports table, it looks for them within the strings. This helps see not only APIs called within the Imports table but also in situations where the malware leverages…

Happy Easter.

Christus vincit, Christus regnat, Christus imperat.

No matter how many times I try to escape it, I always find myself looking into some filesystem.

Quick poll. Reasoning for answer not need so even quicker with Yes and No. 😄

#cyber security

Do individual contributors in #cyber security have acces to enough time to learn more and improve their #knowledge ?

Failure will always lead to growth if you let it.

Amazing work @4nr3w6S and Charlie Clark!