Mastodawn

S4ntiagoP Apr 7, 2024

Got some free time and added a requested feature to NoConsolation.
Now binaries are automatically encrypted and stored in memory, so they don't need to be sent each time. Have fun! https://github.com/fortra/No-Consolation/commit/1a138b8fa57b5616ae358240787b05276019ad05

add support for storing binaries in memory · fortra/No-Consolation@1a138b8

sending the binary over the wire each time is no longer needed

GitHub

S4ntiagoP Apr 30, 2023

🔥 Big update!
Nanodump now supports the PPLMedic exploit!

https://github.com/fortra/nanodump

Also, several improvement where made to the SSP module, which should be a lot easier to use now

Needless to say, all the credit goes to @itm4n for his amazing work and research.

GitHub - fortra/nanodump: The swiss army knife of LSASS dumping

The swiss army knife of LSASS dumping. Contribute to fortra/nanodump development by creating an account on GitHub.

GitHub

S4ntiagoP Mar 17, 2023

Clément Labro Mar 17, 2023

"Bypassing PPL in Userland (again)"

Over the past 6 months, I worked on a new Userland exploit for injecting unsigned code in a PPL. In this new blog post, I discuss my methodology and all the issues I had to solve to achieve this result.

https://blog.scrt.ch/2023/03/17/bypassing-ppl-in-userland-again/

Bypassing PPL in Userland (again) – Sec Team Blog

Show thread

S4ntiagoP Mar 17, 2023

@itm4n omfg, fantastic work man!

S4ntiagoP Mar 3, 2023

I just published my Implementation of call stack spoofing using hardware breakpoints :)
Works for syscalls and APIs, supports x64, x86 and WoW64.
https://www.coresecurity.com/blog/hardware-call-stack

It comes with a robust x64 stack unwinding Implementation, supporting all opcodes, as well as some interesting edge cases.
Gives you total control over the stack layout.
https://github.com/fortra/hw-call-stack

Hardware Call Stack | Core Security Blog

Read about a unique implementation of call stack spoofing, which defenders have started to leverage valid call stacks to detect malicious behavior.