I'd also love to add calls to native Win32 APIs to this graph, the on-disk binaries themselves and the permissions against them, COM object instantiation/calling, etc.
At that point I see this graph being capable of assisting with the discovery of currently unknown "lolbin" primitives.
At that point I see this graph being capable of assisting with the discovery of currently unknown "lolbin" primitives.
October 2, 2025 at 4:51 PM
I'd also love to add calls to native Win32 APIs to this graph, the on-disk binaries themselves and the permissions against them, COM object instantiation/calling, etc.
At that point I see this graph being capable of assisting with the discovery of currently unknown "lolbin" primitives.
At that point I see this graph being capable of assisting with the discovery of currently unknown "lolbin" primitives.
This obviously does not guarantee that a function called from one of these binaries will land at a function in kernel32.dll. I'd love to map cross-binary function call graphs. Not sure whether there is an easy solution to that.
October 2, 2025 at 4:51 PM
This obviously does not guarantee that a function called from one of these binaries will land at a function in kernel32.dll. I'd love to map cross-binary function call graphs. Not sure whether there is an easy solution to that.
This is the kind of research that should invite serious conversation about the trustworthiness of cloud authentication services.
It won't. But it should.
It won't. But it should.
September 17, 2025 at 7:32 PM
This is the kind of research that should invite serious conversation about the trustworthiness of cloud authentication services.
It won't. But it should.
It won't. But it should.
Such a fantastic find and the ideal outcome. Amazing work, Katie.
August 14, 2025 at 5:41 PM
Such a fantastic find and the ideal outcome. Amazing work, Katie.
Gonna tell my kids this is the eras tour
August 4, 2025 at 2:35 PM
Gonna tell my kids this is the eras tour