Shawn Hooper (he/him) π¨π¦
Infosec, dark music, dark fashion, Atari, cats, and intrested in much more.
he/him
Posting a mixture of infosec stuff, phishing mails, music, cats and whatever else comes to my mind.
Sentry23
- 274 Followers
- 674 Following
- 1.2K Posts
Mike ShewardRE: https://live.acarsdrama.com/@acarsdrama/116708457056507627
βNew AI driven flight route optimization software working well so far,β declares airline
Thomas Leroy π£πββ¬Here's a crossover/tribute between two of my favorite games on Atari ST and Amiga that I made several years ago π
#Dune #CaptainBlood #CryoInteractive #EreInformatique #Exxos #RetroGaming #AtariST #Amiga #DOSGaming #SciFi #PixelArt
[object Object]@GossiTheDog mythos has found at least one critical vulnerability: the infosec industry is utterly vulnerable to hype, and extremely unlikely to examine the origins or methodology behind vulnerability disclosures that authorities (regardless of their poor reputation) claim are earth-shatteringly critical
luna aria ielenia 
Marcus Hutchins 
My thoughts on Microsoft's threat to prosecute researchers for dropping zero day exploits
Microsoft Wants To Throw Researcher In Jail
Rairii 
Nina KalininaThis demo^w intro is wow <3
https://hellmood.111mb.de//wake_up_16b_writeup.html
https://hellmood.111mb.de//wake_up_16b_writeup.html
hi everyone
given one #bitlocker #0day is already out there, here's my own bitlocker 0day, I added it to my repo listing bitlocker attacks.
Introducing "ram leak": https://github.com/Wack0/bitlocker-attacks#ram-leak
As we all know, the boot environment allows booting from a ramdisk. This involves loading a file from disk into RAM, as expected.
However, "file" and "disk" can be arbitrarily chosen, and "disk" being a BitLocker encrypted partition is a supported scenario. Using another trick (same one used with bitpixie earlier) it's possible to get the keys derived without going through the legacy integrity validation checks too if relevant.
You can see where this is going. It's possible to leak any file from a bitlocker encrypted OS partition into RAM as long as you can get the keys derived (ie, TPM-only scenario).
The catch is that booting into the NT kernel marks that memory area as free so it could get overwritten there, but there are other ways to dump the memory area, and a PoC is included with my preferred method (it's only a PoC so just displays a hexdump of the first sector of the file)
The video shows successful exploitation in my test VM, it has secure boot enabled (you can tell because VMware shows an efi shell option on the boot menu when secure boot is disabled).
#infosec #windows
given one #bitlocker #0day is already out there, here's my own bitlocker 0day, I added it to my repo listing bitlocker attacks.
Introducing "ram leak": https://github.com/Wack0/bitlocker-attacks#ram-leak
As we all know, the boot environment allows booting from a ramdisk. This involves loading a file from disk into RAM, as expected.
However, "file" and "disk" can be arbitrarily chosen, and "disk" being a BitLocker encrypted partition is a supported scenario. Using another trick (same one used with bitpixie earlier) it's possible to get the keys derived without going through the legacy integrity validation checks too if relevant.
You can see where this is going. It's possible to leak any file from a bitlocker encrypted OS partition into RAM as long as you can get the keys derived (ie, TPM-only scenario).
The catch is that booting into the NT kernel marks that memory area as free so it could get overwritten there, but there are other ways to dump the memory area, and a PoC is included with my preferred method (it's only a PoC so just displays a hexdump of the first sector of the file)
The video shows successful exploitation in my test VM, it has secure boot enabled (you can tell because VMware shows an efi shell option on the boot menu when secure boot is disabled).
#infosec #windows
NetBlocks