dhulliger
@ruheabteil.ch
dad, screaming at computers and climbing rocks
Reposted by dhulliger
First two unauthenticated RCE CVEs published - Discovered with the help of our #Binja plugin #Mole!
🔗 Advisory: certvde.com/en/advisorie... @ruheabteil.ch
🔗 Mole: github.com/cyber-defenc...
More vulnerabilities have been reported - stay tuned for upcoming advisories.
🔗 Advisory: certvde.com/en/advisorie... @ruheabteil.ch
🔗 Mole: github.com/cyber-defenc...
More vulnerabilities have been reported - stay tuned for upcoming advisories.
WAGO: Vulnerabilities in WAGO Industrial-Managed Switches
certvde.com
December 10, 2025 at 6:50 PM
First two unauthenticated RCE CVEs published - Discovered with the help of our #Binja plugin #Mole!
🔗 Advisory: certvde.com/en/advisorie... @ruheabteil.ch
🔗 Mole: github.com/cyber-defenc...
More vulnerabilities have been reported - stay tuned for upcoming advisories.
🔗 Advisory: certvde.com/en/advisorie... @ruheabteil.ch
🔗 Mole: github.com/cyber-defenc...
More vulnerabilities have been reported - stay tuned for upcoming advisories.
Reposted by dhulliger
🧯The security community is pushing back against new claims that 80% of #ransomware attacks are AI-driven, a figure from a recent MIT-linked report now drawing widespread criticism. →
socket.dev/blog/securit...
socket.dev/blog/securit...
Security Community Slams MIT-linked Report Claiming AI Power...
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
socket.dev
October 31, 2025 at 1:25 AM
🧯The security community is pushing back against new claims that 80% of #ransomware attacks are AI-driven, a figure from a recent MIT-linked report now drawing widespread criticism. →
socket.dev/blog/securit...
socket.dev/blog/securit...
Reposted by dhulliger
Did a new one
August 7, 2025 at 6:46 PM
Did a new one
Earlier that year @damianpfammatter.bsky.social and me had time to play with domotics equipment. Finally the patches and advisories were released: www.certvde.com/en/advisorie...
Sauter: Multiple vulnerabilities in SAUTER modulo 6
www.certvde.com
October 22, 2025 at 7:43 AM
Earlier that year @damianpfammatter.bsky.social and me had time to play with domotics equipment. Finally the patches and advisories were released: www.certvde.com/en/advisorie...
Reposted by dhulliger
Reposted by dhulliger
Reposted by dhulliger
My DEFCON talk "We are currently clean on OPSEC" now has over 30k views on YouTube, so now more people watched my talk than attended DEFCON itself. If you haven't seen it, please do! The Trump admin's incompetence is mindbogglingly BONKERS www.youtube.com/watch?v=KFYy...
"We are currently clean on OPSEC": The Signalgate Saga (DEFCON 33)
YouTube video by Micah Lee
www.youtube.com
August 19, 2025 at 6:24 PM
My DEFCON talk "We are currently clean on OPSEC" now has over 30k views on YouTube, so now more people watched my talk than attended DEFCON itself. If you haven't seen it, please do! The Trump admin's incompetence is mindbogglingly BONKERS www.youtube.com/watch?v=KFYy...
Reposted by dhulliger
Check out our latest blog post on modeling complex control flow with function-level basic block analysis in Binary Ninja 5.1. From DSPs to Brain***k, this update makes it easier to develop plugins for tricky architectures. binary.ninja/2025/08/12/f...
August 14, 2025 at 7:17 PM
Check out our latest blog post on modeling complex control flow with function-level basic block analysis in Binary Ninja 5.1. From DSPs to Brain***k, this update makes it easier to develop plugins for tricky architectures. binary.ninja/2025/08/12/f...
Reposted by dhulliger
During my #BHUSA talk I've released many ETW research tools, of which the most notable is BamboozlEDR. This tool allows you to inject events into ETW, allowing you to generate fake alerts and blind EDRs.
github.com/olafhartong/...
Slides available here:
github.com/olafhartong/...
github.com/olafhartong/...
Slides available here:
github.com/olafhartong/...
GitHub - olafhartong/BamboozlEDR: A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.
A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes. - olafhartong/BamboozlEDR
github.com
August 6, 2025 at 8:49 PM
During my #BHUSA talk I've released many ETW research tools, of which the most notable is BamboozlEDR. This tool allows you to inject events into ETW, allowing you to generate fake alerts and blind EDRs.
github.com/olafhartong/...
Slides available here:
github.com/olafhartong/...
github.com/olafhartong/...
Slides available here:
github.com/olafhartong/...
Reposted by dhulliger
cut my heap into pieces, this is my crash report:
allocation, no alignment
don't give a fuck if it faults on assignment
this is fatal abort()
allocation, no alignment
don't give a fuck if it faults on assignment
this is fatal abort()
May 31, 2025 at 5:26 PM
cut my heap into pieces, this is my crash report:
allocation, no alignment
don't give a fuck if it faults on assignment
this is fatal abort()
allocation, no alignment
don't give a fuck if it faults on assignment
this is fatal abort()
Reposted by dhulliger
Linda McMahon, Secretary of Education, sent Harvard a letter.
They graded it.
Bwahahaha.
They graded it.
Bwahahaha.
May 7, 2025 at 2:41 AM
Linda McMahon, Secretary of Education, sent Harvard a letter.
They graded it.
Bwahahaha.
They graded it.
Bwahahaha.
Reposted by dhulliger
Heard of #ContextJail?
It's a nasty new technique: puts target thread into ⓪ deadloop, for as long as you can afford. Requires THREAD_GET_CONTEXT right.
The gist? Just spam NtGetContextThread(tgt).😸
Target will be jailed, running nt!PspGetSetContextSpecialApc 🔁.
Src & binary in [ALT].
Usecases: ⤵️
It's a nasty new technique: puts target thread into ⓪ deadloop, for as long as you can afford. Requires THREAD_GET_CONTEXT right.
The gist? Just spam NtGetContextThread(tgt).😸
Target will be jailed, running nt!PspGetSetContextSpecialApc 🔁.
Src & binary in [ALT].
Usecases: ⤵️
May 6, 2025 at 10:06 PM
Heard of #ContextJail?
It's a nasty new technique: puts target thread into ⓪ deadloop, for as long as you can afford. Requires THREAD_GET_CONTEXT right.
The gist? Just spam NtGetContextThread(tgt).😸
Target will be jailed, running nt!PspGetSetContextSpecialApc 🔁.
Src & binary in [ALT].
Usecases: ⤵️
It's a nasty new technique: puts target thread into ⓪ deadloop, for as long as you can afford. Requires THREAD_GET_CONTEXT right.
The gist? Just spam NtGetContextThread(tgt).😸
Target will be jailed, running nt!PspGetSetContextSpecialApc 🔁.
Src & binary in [ALT].
Usecases: ⤵️
Reposted by dhulliger
Post-ex Weaponization: An Oral History
aff-wg.org/2025/04/10/p...
A walk-through of some history on post-ex eco-systems used by CS (PowerShell, Reflective DLLs, .NET, and BOFs).
Ends with a coffee conversation talking about magician's guilds, security research, and ideas about what's next.
aff-wg.org/2025/04/10/p...
A walk-through of some history on post-ex eco-systems used by CS (PowerShell, Reflective DLLs, .NET, and BOFs).
Ends with a coffee conversation talking about magician's guilds, security research, and ideas about what's next.
April 10, 2025 at 2:24 PM
Post-ex Weaponization: An Oral History
aff-wg.org/2025/04/10/p...
A walk-through of some history on post-ex eco-systems used by CS (PowerShell, Reflective DLLs, .NET, and BOFs).
Ends with a coffee conversation talking about magician's guilds, security research, and ideas about what's next.
aff-wg.org/2025/04/10/p...
A walk-through of some history on post-ex eco-systems used by CS (PowerShell, Reflective DLLs, .NET, and BOFs).
Ends with a coffee conversation talking about magician's guilds, security research, and ideas about what's next.
Reposted by dhulliger
The craziest file I made & visualized recently was combining the Doom PDF with a DOS & Windows (EXE & PE) polyglot.
It runs Doom on OS from 1993 until today, and Chrome-based PDF viewers!
You can make it an HTML/JS polyglot too to run on most browsers! (3/3)
It runs Doom on OS from 1993 until today, and Chrome-based PDF viewers!
You can make it an HTML/JS polyglot too to run on most browsers! (3/3)
April 1, 2025 at 6:34 AM
The craziest file I made & visualized recently was combining the Doom PDF with a DOS & Windows (EXE & PE) polyglot.
It runs Doom on OS from 1993 until today, and Chrome-based PDF viewers!
You can make it an HTML/JS polyglot too to run on most browsers! (3/3)
It runs Doom on OS from 1993 until today, and Chrome-based PDF viewers!
You can make it an HTML/JS polyglot too to run on most browsers! (3/3)
Reposted by dhulliger
quick guide to Signal's disappearing messages settings
March 26, 2025 at 2:04 PM
quick guide to Signal's disappearing messages settings
10 years ago🫣 Still one of my favorite places
March 25, 2025 at 8:17 PM
10 years ago🫣 Still one of my favorite places
Reposted by dhulliger
By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections.
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters 👉 wietze.github.io/blog/bypassi...
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters 👉 wietze.github.io/blog/bypassi...
March 24, 2025 at 9:08 AM
By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections.
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters 👉 wietze.github.io/blog/bypassi...
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters 👉 wietze.github.io/blog/bypassi...
Reposted by dhulliger
the most important aspect of kernel development is to make sure your driver freaks the fuck out whenever the system resumes from sleep
March 19, 2025 at 3:30 PM
the most important aspect of kernel development is to make sure your driver freaks the fuck out whenever the system resumes from sleep
Reposted by dhulliger
[BLOG]
I had a series in mind like "Rubeus' Hidden Secrets" or something like that. Basically, highlighting features of the tool that seem less well known. I'm starting off with a basic one for getting crackable hashes from cached service tickets.
rastamouse.me/kerberoastin...
I had a series in mind like "Rubeus' Hidden Secrets" or something like that. Basically, highlighting features of the tool that seem less well known. I'm starting off with a basic one for getting crackable hashes from cached service tickets.
rastamouse.me/kerberoastin...
Kerberoasting w/o the TGS-REQ
Kerberoasting is a technique that allows an attacker to extract the encrypted part of a TGS-REP and brute force it offline to recover the plaintext password of the associated service account. The most...
rastamouse.me
March 5, 2025 at 4:50 PM
[BLOG]
I had a series in mind like "Rubeus' Hidden Secrets" or something like that. Basically, highlighting features of the tool that seem less well known. I'm starting off with a basic one for getting crackable hashes from cached service tickets.
rastamouse.me/kerberoastin...
I had a series in mind like "Rubeus' Hidden Secrets" or something like that. Basically, highlighting features of the tool that seem less well known. I'm starting off with a basic one for getting crackable hashes from cached service tickets.
rastamouse.me/kerberoastin...
Reposted by dhulliger
I gave a day 1 closing keynote at DistrictCon yesterday. Surprisingly, it was a security talk about memory safety.
Slides are here:
docs.google.com/presentation...
Slides are here:
docs.google.com/presentation...
Memory Safety
Is this memory safety here in the room with us? Halvar Flake / Thomas Dullien DistrictCon 0 2025
docs.google.com
February 22, 2025 at 11:40 AM
I gave a day 1 closing keynote at DistrictCon yesterday. Surprisingly, it was a security talk about memory safety.
Slides are here:
docs.google.com/presentation...
Slides are here:
docs.google.com/presentation...
Why making responsible disclosure as cumbersome as possible? Did I miss a hidden agenda to go back to full disclosure vulns in random mailing lists?
February 13, 2025 at 4:05 PM
Why making responsible disclosure as cumbersome as possible? Did I miss a hidden agenda to go back to full disclosure vulns in random mailing lists?
Literally todays struggle
Virtualization is great because you can struggle with the bugs, quirks and tantrums of multiple operating systems at the same time.
Original->
Original->
February 10, 2025 at 6:40 PM
Literally todays struggle