Tijme Gommers
@tijme.bsky.social
Offensive Security at ABN AMRO Bank 🏦. Red Teaming, Malware Development & Reverse Engineering 🐙. Cyber Cyber Cyber ⚡️.
Built something super satisfying — truly and tiny position independent code, cross-compiled from any OS to any OS. 😎
April 9, 2025 at 7:34 PM
Built something super satisfying — truly and tiny position independent code, cross-compiled from any OS to any OS. 😎
“The primary goal of this campaign is to facilitate unauthorized ATM withdrawals from the victims’ bank accounts. This was achieved by relaying the near field communication (NFC) data from the victims’ physical payment cards, via their compromised Android smartphones.” 🔥
#BREAKING #ESETresearch NFC Android malware impersonates banking app in 🇵🇱 Poland. #NGate malware impersonates a banking verification application to steal NFC data and PIN from victims’ physical payment card. x.com/LukasStefanko
🧵1/3
🧵1/3
February 8, 2025 at 8:55 PM
“The primary goal of this campaign is to facilitate unauthorized ATM withdrawals from the victims’ bank accounts. This was achieved by relaying the near field communication (NFC) data from the victims’ physical payment cards, via their compromised Android smartphones.” 🔥
Reposted by Tijme Gommers
New blog post on the abuse of the IDispatch COM interface to get unexpected objects loaded into a process. Demoed by using this to get arbitrary code execution in a PPL process. googleprojectzero.blogspot.com/2025/01/wind...
Windows Bug Class: Accessing Trapped COM Objects with IDispatch
Posted by James Forshaw, Google Project Zero Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy ...
googleprojectzero.blogspot.com
January 30, 2025 at 6:37 PM
New blog post on the abuse of the IDispatch COM interface to get unexpected objects loaded into a process. Demoed by using this to get arbitrary code execution in a PPL process. googleprojectzero.blogspot.com/2025/01/wind...
This is going to be amazing!
🛠️ Malware that sleeps, works, and never stays! 😴
Learn how Kong Loader uses sleep masks to make malware invisible in memory throughout its execution, offering a new level of stealth and evasion
Join @tijme.bsky.social at #NullconGoa2025
👉 nullcon.net/goa-2025/spe...
#kongloader #shellcode
Learn how Kong Loader uses sleep masks to make malware invisible in memory throughout its execution, offering a new level of stealth and evasion
Join @tijme.bsky.social at #NullconGoa2025
👉 nullcon.net/goa-2025/spe...
#kongloader #shellcode
Nullcon Security Conference & Training
Nullcon is Asia’s largest international security conference, where key stakeholders from the industry, delegates from the government company representatives, COOs and hackers come together to talk abo...
nullcon.net
December 26, 2024 at 6:18 PM
This is going to be amazing!
I will be presenting at NULLCON Goa 2025! 🇮🇳
The hidden ART of rolling shellcode decryption. A dive into a new shellcode loading technique!
The hidden ART of rolling shellcode decryption. A dive into a new shellcode loading technique!
December 10, 2024 at 8:04 PM
I will be presenting at NULLCON Goa 2025! 🇮🇳
The hidden ART of rolling shellcode decryption. A dive into a new shellcode loading technique!
The hidden ART of rolling shellcode decryption. A dive into a new shellcode loading technique!
Reposted by Tijme Gommers
Today, AmberWolf released two blog posts and our tool "NachoVPN" to target vulnerabilities in major VPNs, including CVE-2024-29014 (SonicWall NetExtender SYSTEM RCE) and CVE-2024-5921 (Palo Alto GlobalProtect RCE and Priv Esc), after our SANS HackFest presentation.🧵
November 26, 2024 at 11:17 AM
Today, AmberWolf released two blog posts and our tool "NachoVPN" to target vulnerabilities in major VPNs, including CVE-2024-29014 (SonicWall NetExtender SYSTEM RCE) and CVE-2024-5921 (Palo Alto GlobalProtect RCE and Priv Esc), after our SANS HackFest presentation.🧵
Our @BSidesLondon Ivanti & Pulse Secure VPN kernel exploitation talk is live! The presentation is about shared research of my colleague Alex and me.
CVE-2023-38043, CVE-2023-35080 & CVE-2023-38543
www.youtube.com/watch?v=hmYK...
CVE-2023-38043, CVE-2023-35080 & CVE-2023-38543
www.youtube.com/watch?v=hmYK...
Elevate & Conquer: A Journey Into Kernel Exploitation - Tijme Gommers
www.youtube.com
February 11, 2024 at 12:53 PM
Our @BSidesLondon Ivanti & Pulse Secure VPN kernel exploitation talk is live! The presentation is about shared research of my colleague Alex and me.
CVE-2023-38043, CVE-2023-35080 & CVE-2023-38543
www.youtube.com/watch?v=hmYK...
CVE-2023-38043, CVE-2023-35080 & CVE-2023-38543
www.youtube.com/watch?v=hmYK...
I dived into exploiting leaked code signing certificates to sign malware ✍. A technique that has been actively abused in the wild by threat actors for a long time.
Blog post: tij.me/blog/finding...
Blog post: tij.me/blog/finding...
November 22, 2023 at 7:12 AM
I dived into exploiting leaked code signing certificates to sign malware ✍. A technique that has been actively abused in the wild by threat actors for a long time.
Blog post: tij.me/blog/finding...
Blog post: tij.me/blog/finding...