Raphael Mudge
@raphaelmudge.bsky.social
Riding around in the breeze. Security Thinker. Hacker. USAF Veteran. https://aff-wg.org
Penalty Notice Capita Plc by UK ICO
Detailed breach analysis after 2023 ransomware attack. £14M fine. Which standards of care weren't met?
* Understaffed SOC (1 analyst/shift)
* 58hr SOC response vs. 4.5hr AD takeover
* Failure to implement Active Directory tiering.
ico.org.uk/media2/pv5nh...
Detailed breach analysis after 2023 ransomware attack. £14M fine. Which standards of care weren't met?
* Understaffed SOC (1 analyst/shift)
* 58hr SOC response vs. 4.5hr AD takeover
* Failure to implement Active Directory tiering.
ico.org.uk/media2/pv5nh...
October 16, 2025 at 8:34 AM
Penalty Notice Capita Plc by UK ICO
Detailed breach analysis after 2023 ransomware attack. £14M fine. Which standards of care weren't met?
* Understaffed SOC (1 analyst/shift)
* 58hr SOC response vs. 4.5hr AD takeover
* Failure to implement Active Directory tiering.
ico.org.uk/media2/pv5nh...
Detailed breach analysis after 2023 ransomware attack. £14M fine. Which standards of care weren't met?
* Understaffed SOC (1 analyst/shift)
* 58hr SOC response vs. 4.5hr AD takeover
* Failure to implement Active Directory tiering.
ico.org.uk/media2/pv5nh...
Taking them to the SHITTER: an analysis of vendor abuse of security research in-the-wild
aff-wg.org/2025/07/13/t...
(There is no benefit modulating my voice for anyone's comfort. This is my fair take, but unapologetic truth. This phenomena has gone unchecked for too long)
aff-wg.org/2025/07/13/t...
(There is no benefit modulating my voice for anyone's comfort. This is my fair take, but unapologetic truth. This phenomena has gone unchecked for too long)
July 14, 2025 at 2:05 PM
Taking them to the SHITTER: an analysis of vendor abuse of security research in-the-wild
aff-wg.org/2025/07/13/t...
(There is no benefit modulating my voice for anyone's comfort. This is my fair take, but unapologetic truth. This phenomena has gone unchecked for too long)
aff-wg.org/2025/07/13/t...
(There is no benefit modulating my voice for anyone's comfort. This is my fair take, but unapologetic truth. This phenomena has gone unchecked for too long)
Stack Cutting demonstrates how to push Win32 APIs through a "stack cutting" call proxy.
tradecraftgarden.org/stackcutting...
The idea is to remove "bad frames" (e.g., non-image backed stuff) from a stack before calling a Win32 API. In the best cases, gives illusion of a full call stack.
tradecraftgarden.org/stackcutting...
The idea is to remove "bad frames" (e.g., non-image backed stuff) from a stack before calling a Win32 API. In the best cases, gives illusion of a full call stack.
June 5, 2025 at 2:36 PM
Stack Cutting demonstrates how to push Win32 APIs through a "stack cutting" call proxy.
tradecraftgarden.org/stackcutting...
The idea is to remove "bad frames" (e.g., non-image backed stuff) from a stack before calling a Win32 API. In the best cases, gives illusion of a full call stack.
tradecraftgarden.org/stackcutting...
The idea is to remove "bad frames" (e.g., non-image backed stuff) from a stack before calling a Win32 API. In the best cases, gives illusion of a full call stack.
Crystal Palace is a stack-based language w/ commands to act on DLLS/COFFs/PIC. Ala, Malleable C2.
Encrypt, mask, link, and decorate resources with meta-info(checksums, lengths, etc.) too.
Can use BOF-like PICOs from a DLL loader context too.
tradecraftgarden.org/docs.html#sp...
Encrypt, mask, link, and decorate resources with meta-info(checksums, lengths, etc.) too.
Can use BOF-like PICOs from a DLL loader context too.
tradecraftgarden.org/docs.html#sp...
June 5, 2025 at 2:36 PM
Crystal Palace is a stack-based language w/ commands to act on DLLS/COFFs/PIC. Ala, Malleable C2.
Encrypt, mask, link, and decorate resources with meta-info(checksums, lengths, etc.) too.
Can use BOF-like PICOs from a DLL loader context too.
tradecraftgarden.org/docs.html#sp...
Encrypt, mask, link, and decorate resources with meta-info(checksums, lengths, etc.) too.
Can use BOF-like PICOs from a DLL loader context too.
tradecraftgarden.org/docs.html#sp...
So, here's a little thread on my new open source project:
The Tradecraft Garden.
tradecraftgarden.org
It's Crystal Palace, an open-source linker and linker script specialized to writing PIC DLL loaders.
And, a corpora of DLL loaders demonstrating design patterns building tradecraft with it.
The Tradecraft Garden.
tradecraftgarden.org
It's Crystal Palace, an open-source linker and linker script specialized to writing PIC DLL loaders.
And, a corpora of DLL loaders demonstrating design patterns building tradecraft with it.
June 5, 2025 at 2:36 PM
So, here's a little thread on my new open source project:
The Tradecraft Garden.
tradecraftgarden.org
It's Crystal Palace, an open-source linker and linker script specialized to writing PIC DLL loaders.
And, a corpora of DLL loaders demonstrating design patterns building tradecraft with it.
The Tradecraft Garden.
tradecraftgarden.org
It's Crystal Palace, an open-source linker and linker script specialized to writing PIC DLL loaders.
And, a corpora of DLL loaders demonstrating design patterns building tradecraft with it.
Sometimes, things have to get bad, before others are willing to notice, act, and work together to make things better. It's unfortunate--but human nature.
I still think small steps, "straight stick" examples, shared VALUES, and a vision for shared WINS can overcome toxic ___? What to assign it to?
I still think small steps, "straight stick" examples, shared VALUES, and a vision for shared WINS can overcome toxic ___? What to assign it to?
April 2, 2025 at 3:39 PM
Sometimes, things have to get bad, before others are willing to notice, act, and work together to make things better. It's unfortunate--but human nature.
I still think small steps, "straight stick" examples, shared VALUES, and a vision for shared WINS can overcome toxic ___? What to assign it to?
I still think small steps, "straight stick" examples, shared VALUES, and a vision for shared WINS can overcome toxic ___? What to assign it to?
I made predictions in 2019 at my last talk. A keynote lamenting things were going in a VERY bad direction for hackers. This climate continues. I'm trying steps to influence these trends too. Easier as a ghost more removed from these trends vs. someone being crushed by them
H/T x.com/edskoudis/st...
H/T x.com/edskoudis/st...
April 2, 2025 at 3:39 PM
I made predictions in 2019 at my last talk. A keynote lamenting things were going in a VERY bad direction for hackers. This climate continues. I'm trying steps to influence these trends too. Easier as a ghost more removed from these trends vs. someone being crushed by them
H/T x.com/edskoudis/st...
H/T x.com/edskoudis/st...