Evilcry

@[email protected]
163 Followers
40 Following
109 Posts
Just a curious old school reverser #reversing #malware #OSINT #threatintel but expect also science/physics and a bunch of other things...probably
EvilcryFeb 26, 2025
NeodymeFeb 26, 2025

Wrapping up our COM hijacking series! 🎉

In the final part, we discuss a custom IPC protocol, use a registry write to gain SYSTEM privileges, and explore Denial of Service attacks on security products. 💥💻

Don't miss it! https://neodyme.io/en/blog/com_hijacking_4/

The Key to COMpromise - Writing to the Registry (again), Part 4

In this series of blog posts, we cover how we could exploit five reputable security products to gain SYSTEM privileges with COM hijacking. If you've never heard of this, no worries. We introduce all relevant background information, describe our approach to reverse engineering the products' internals, and explain how we finally exploited the vulnerabilities. We hope to shed some light on this undervalued attack surface.

EvilcryDec 13, 2024
James Forshaw Dec 12, 2024
A companion blog to my Bluehat 2024 presentation on OleView.NET is up now. https://googleprojectzero.blogspot.com/2024/12/windows-tooling-updates-oleviewnet.html
Windows Tooling Updates: OleView.NET

Posted by James Forshaw, Google Project Zero This is a short blog post about some recent improvements I've been making to the OleView.NET ...

EvilcryDec 7, 2024
Decrypting CryptProtectMemory without code injection aka extracting key material from kernel via NtSystemDebugControl
Blog: https://blog.slowerzs.net/posts/cryptdecryptmemory/
GitHub: https://github.com/Slowerzs/CryptDecryptMemory
#reverseengineering
Decrypting CryptProtectMemory without code injection

Slowerzs' blog
EvilcryNov 17, 2024
Alexandre BorgesNov 17, 2024

Protecting Signal Keys on Desktop

https://cryptographycaffe.sandboxaq.com/posts/protecting-signal-desktop-keys/

#reverseengineering #crypto #infosec #informationsecurity #cybersecurity

Protecting Signal Keys on Desktop

This blogpost describes our investigation and proof of concept to enhance the security of Signal Messenger key management on desktop.

The Cryptography Caffè ☕
EvilcryNov 13, 2024
dragosrNov 13, 2024
Glitching Tutorial:
https://security.humanativaspa.it/fault-injection-down-the-rabbit-hole/
Fault Injection - Down the Rabbit Hole - hn security

Intro This series of articles describes […]

hn security
EvilcryAug 2, 2024
Brilliant book “Normal Accidents: Living with High Risk Technologies” - a reminder, security goes above and beyond the cyber realm and there is always something to learn from seemingly far away domains - https://www.jstor.org/stable/j.ctt7srgf #security #books
EvilcryDec 17, 2023
The mysterious second parameter to the x86 ENTER instruction https://devblogs.microsoft.com/oldnewthing/20231211-00/?p=109126 #reverseengineering
The mysterious second parameter to the x86 ENTER instruction - The Old New Thing

For an ABI that probably nobody uses.

The Old New Thing
EvilcryDec 13, 2023
clearbluejarDec 13, 2023

Hot off the #ghidriff #patchdiffing press, we have the December Windows 11 22H2 x64 kernel security update KB5033375: https://gist.github.com/clearbluejar/4f0c979c314a80374402545cd1ae45cd 🧐

Side-by-side view here: https://diffpreview.github.io/?4f0c979c314a80374402545cd1ae45cd 👀

Windows 11 22H2 x64 - December 12, 2023 — KB5033375

Windows 11 22H2 x64 - December 12, 2023 — KB5033375 - ntoskrnl.exe.x64.10.0.22621.2792-ntoskrnl.exe.x64.10.0.22621.2861.ghidriff.md

Gist
EvilcrySep 23, 2023
Caitlin CondonSep 22, 2023
As @iagox86 has pointed out for weeks now, the #Juniper RCE headlines on #CVE_2023-36844 and #CVE_2023_36845 consistently miss a pretty important point: All the known exploits land you in a restrictive BSD jail with no meaningful OS access. Rapid7 details one method for breakout in our analysis from early September, but oddly, nobody else seems to be acknowledging the caveat to exploitation (at least with known PoCs): https://attackerkb.com/topics/1PKX0CCXkX/cve-2023-36844/rapid7-analysis
rbowes-r7's assessment of CVE-2023-36844 | AttackerKB

The work done by watchTowr and later VulnCheck is super cool, and outlines different great ways to exploit the vulnerability (we based the Rapid7 Analysis on w…

AttackerKB
EvilcrySep 23, 2023
Reverse your first VM-obfuscated code https://negromarco.it/post/reverse-your-first-vm-obfuscated-code #reverseengineering
Reverse your first VM-obfuscated code · Marco Negro

Reverse your first VM-obfuscated code