Wietze
@wietzebeukema.nl
Threat Detection & Response. Interested in cyber security, tech and politics. Views are my own, unless retweeted.
Read more: afine.com/threat-of-tc...
Threat of TCC Bypasses on macOS - AFINE - digitally secure
TCC on macOS isn't just an annoying prompt—it's the last line of defense between malware and your private data. Read this article to learn why.
afine.com
June 17, 2025 at 11:06 AM
Read more: afine.com/threat-of-tc...
UAC bypass can be achieved by eg moving the legit perfmon.exe and a malicious atl.dll to "c:\windows \system32". Windows is tricked into thinking this is a safe/trusted directory, meaning perfmon will launch with high integrity and your DLL will be loaded. Several other executables are vulnerable!
June 13, 2025 at 12:04 PM
UAC bypass can be achieved by eg moving the legit perfmon.exe and a malicious atl.dll to "c:\windows \system32". Windows is tricked into thinking this is a safe/trusted directory, meaning perfmon will launch with high integrity and your DLL will be loaded. Several other executables are vulnerable!
Bonus background reading: why do hidden files start with a dot on Linux?
💠 glenda.0x46.net/articles/dot...
💠 glenda.0x46.net/articles/dot...
A lesson in shortcuts - Rob Pike
glenda.0x46.net
June 12, 2025 at 9:02 AM
Bonus background reading: why do hidden files start with a dot on Linux?
💠 glenda.0x46.net/articles/dot...
💠 glenda.0x46.net/articles/dot...
More about this technique: www.wietzebeukema.nl/blog/save-th...
Save the Environment (Variable)
By manipulating environment variables on process level, it is possible to let trusted applications load arbitrary DLLs and execute malicious code. This post lists nearly 100 executables vulnerable to…
www.wietzebeukema.nl
June 9, 2025 at 11:03 AM
More about this technique: www.wietzebeukema.nl/blog/save-th...