Juan Manuel Fernández
@xc3ll.bsky.social
Just a biologist that loves to break cyber-stuff. Adepts of 0xCC founder.
Reposted by Juan Manuel Fernández
May 20, 2025 at 7:52 AM
Reposted by Juan Manuel Fernández
Reposted by Juan Manuel Fernández
Our red team is growing and we have a rare open position for a Principal RT Operator - if this sounds like you, get in touch 🙏
April 9, 2025 at 6:55 PM
Our red team is growing and we have a rare open position for a Principal RT Operator - if this sounds like you, get in touch 🙏
Reposted by Juan Manuel Fernández
A small demo/tutorial on unpacking executables with #PEsieve and #TinyTracer: hshrzd.wordpress.com/2025/03/22/u...
- automatic OEP finding, reconstructing IAT, avoiding antidebugs and fixing imports broken by shims
- automatic OEP finding, reconstructing IAT, avoiding antidebugs and fixing imports broken by shims
Tutorial: unpacking executables with TinyTracer + PE-sieve
In this short blog I would like to demonstrate you how to unpack an executable with PE-sieve and Tiny Tracer. As an example, let’s use the executable that was packed with a modified UPX: 8f66…
hshrzd.wordpress.com
March 22, 2025 at 8:53 PM
A small demo/tutorial on unpacking executables with #PEsieve and #TinyTracer: hshrzd.wordpress.com/2025/03/22/u...
- automatic OEP finding, reconstructing IAT, avoiding antidebugs and fixing imports broken by shims
- automatic OEP finding, reconstructing IAT, avoiding antidebugs and fixing imports broken by shims
Reposted by Juan Manuel Fernández
I got Linux running in a PDF file using a RISC-V emulator.
PDFs support Javascript, so Emscripten is used to compile the TinyEMU emulator to asm.js, which runs in the PDF. It boots in about 30 seconds and emulates a riscv32 buildroot system.
linux.doompdf.dev/linux.pdf
github.com/ading2210/li...
PDFs support Javascript, so Emscripten is used to compile the TinyEMU emulator to asm.js, which runs in the PDF. It boots in about 30 seconds and emulates a riscv32 buildroot system.
linux.doompdf.dev/linux.pdf
github.com/ading2210/li...
January 31, 2025 at 8:02 PM
I got Linux running in a PDF file using a RISC-V emulator.
PDFs support Javascript, so Emscripten is used to compile the TinyEMU emulator to asm.js, which runs in the PDF. It boots in about 30 seconds and emulates a riscv32 buildroot system.
linux.doompdf.dev/linux.pdf
github.com/ading2210/li...
PDFs support Javascript, so Emscripten is used to compile the TinyEMU emulator to asm.js, which runs in the PDF. It boots in about 30 seconds and emulates a riscv32 buildroot system.
linux.doompdf.dev/linux.pdf
github.com/ading2210/li...
Reposted by Juan Manuel Fernández
New blog post on the abuse of the IDispatch COM interface to get unexpected objects loaded into a process. Demoed by using this to get arbitrary code execution in a PPL process. googleprojectzero.blogspot.com/2025/01/wind...
Windows Bug Class: Accessing Trapped COM Objects with IDispatch
Posted by James Forshaw, Google Project Zero Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy ...
googleprojectzero.blogspot.com
January 30, 2025 at 6:37 PM
New blog post on the abuse of the IDispatch COM interface to get unexpected objects loaded into a process. Demoed by using this to get arbitrary code execution in a PPL process. googleprojectzero.blogspot.com/2025/01/wind...
Reposted by Juan Manuel Fernández
I don’t want to make a fuckin account to use my toaster. I don’t want to fuckin subscribe to software. I don’t want to create a fuckin profile to watch TV. I don’t want to fuckin register my whatever to unlock whatever. I don’t want to download a fuckin app to access anything. Death to new logins
i don't want to hear your most boomer complaint. what's your most millennial complaint?
January 15, 2025 at 11:47 PM
I don’t want to make a fuckin account to use my toaster. I don’t want to fuckin subscribe to software. I don’t want to create a fuckin profile to watch TV. I don’t want to fuckin register my whatever to unlock whatever. I don’t want to download a fuckin app to access anything. Death to new logins
Warming for tonight concert 🔥 www.youtube.com/watch?v=qRiA...
Biznaga – Imaginación política
YouTube video by BIZNAGA
www.youtube.com
December 18, 2024 at 11:07 AM
Warming for tonight concert 🔥 www.youtube.com/watch?v=qRiA...
Reposted by Juan Manuel Fernández
Can you find an ITW 0-day from crash logs? Project Zero finds out
googleprojectzero.blogspot.com/2024/12/qual...
googleprojectzero.blogspot.com/2024/12/qual...
The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit
Posted by Seth Jenkins, Google Project Zero This blog post provides a technical analysis of exploit artifacts provided to us by Google's Thr...
googleprojectzero.blogspot.com
December 16, 2024 at 6:16 AM
Can you find an ITW 0-day from crash logs? Project Zero finds out
googleprojectzero.blogspot.com/2024/12/qual...
googleprojectzero.blogspot.com/2024/12/qual...
Reposted by Juan Manuel Fernández
We are extending our call for papers to January 1, 2025!
We are now targeting an end of January release.
If you have any Linux/ELF related research, projects, or papers, we would love to publish them!
Huge thank you to everyone who has already submitted!
tmpout.sh/blog/vol4-cf...
We are now targeting an end of January release.
If you have any Linux/ELF related research, projects, or papers, we would love to publish them!
Huge thank you to everyone who has already submitted!
tmpout.sh/blog/vol4-cf...
December 16, 2024 at 9:36 PM
We are extending our call for papers to January 1, 2025!
We are now targeting an end of January release.
If you have any Linux/ELF related research, projects, or papers, we would love to publish them!
Huge thank you to everyone who has already submitted!
tmpout.sh/blog/vol4-cf...
We are now targeting an end of January release.
If you have any Linux/ELF related research, projects, or papers, we would love to publish them!
Huge thank you to everyone who has already submitted!
tmpout.sh/blog/vol4-cf...
Reposted by Juan Manuel Fernández
@decoder-it.bsky.social and i noticed that it's no more possible to call NtLoadDriver pointing to an unprivileged regkey such as \REGISTRY\USER
Even if you have the SeLoadPrivilege you would still require the Admin group to write the required regkey.
Some more technical details below 👇
Even if you have the SeLoadPrivilege you would still require the Admin group to write the required regkey.
Some more technical details below 👇
December 13, 2024 at 4:11 PM
@decoder-it.bsky.social and i noticed that it's no more possible to call NtLoadDriver pointing to an unprivileged regkey such as \REGISTRY\USER
Even if you have the SeLoadPrivilege you would still require the Admin group to write the required regkey.
Some more technical details below 👇
Even if you have the SeLoadPrivilege you would still require the Admin group to write the required regkey.
Some more technical details below 👇
Reposted by Juan Manuel Fernández
I updated the diagram representing the different Point and Print configurations and their exploitation on my blog.
Hopefully, this should provide a better understanding of the whole "PrintNightmare" situation to both defenders and red teamers. 🤞
Hopefully, this should provide a better understanding of the whole "PrintNightmare" situation to both defenders and red teamers. 🤞
December 4, 2024 at 5:42 PM
I updated the diagram representing the different Point and Print configurations and their exploitation on my blog.
Hopefully, this should provide a better understanding of the whole "PrintNightmare" situation to both defenders and red teamers. 🤞
Hopefully, this should provide a better understanding of the whole "PrintNightmare" situation to both defenders and red teamers. 🤞
Reposted by Juan Manuel Fernández
Reposted by Juan Manuel Fernández
[BLOG]
This post summarises how to tie Cobalt Strike's UDRL, SleepMask, and BeaconGate together for your syscall and call stack spoofing needs.
rastamouse.me/udrl-sleepma...
This post summarises how to tie Cobalt Strike's UDRL, SleepMask, and BeaconGate together for your syscall and call stack spoofing needs.
rastamouse.me/udrl-sleepma...
UDRL, SleepMask, and BeaconGate
I've been looking into Cobalt Strike's UDRL, SleepMask, and BeaconGate features over the last couple of days. It took me some time to understand the relationship between these capabilities, so the aim...
rastamouse.me
November 30, 2024 at 2:05 AM
[BLOG]
This post summarises how to tie Cobalt Strike's UDRL, SleepMask, and BeaconGate together for your syscall and call stack spoofing needs.
rastamouse.me/udrl-sleepma...
This post summarises how to tie Cobalt Strike's UDRL, SleepMask, and BeaconGate together for your syscall and call stack spoofing needs.
rastamouse.me/udrl-sleepma...
Reposted by Juan Manuel Fernández
In case you missed it...the DEF CON video of my talk 'Splitting the Email Atom' is finally here! 🚀 Watch me demonstrate how to turn an email address into RCE on Joomla, bypass Zero Trust defences, and exploit parser discrepancies for misrouted emails. Don’t miss it:
youtu.be/JERBqoTllaE?...
youtu.be/JERBqoTllaE?...
DEF CON 32 - Splitting the email atom exploiting parsers to bypass access controls - Gareth Heyes
YouTube video by DEFCONConference
youtu.be
November 22, 2024 at 7:27 AM
In case you missed it...the DEF CON video of my talk 'Splitting the Email Atom' is finally here! 🚀 Watch me demonstrate how to turn an email address into RCE on Joomla, bypass Zero Trust defences, and exploit parser discrepancies for misrouted emails. Don’t miss it:
youtu.be/JERBqoTllaE?...
youtu.be/JERBqoTllaE?...
I should start logging how many hours I'm wasting trying to to compile a static openldap lib with SASL support. I thought it would be easy but hey, second weekend trying it without luck.
November 10, 2024 at 8:27 AM
I should start logging how many hours I'm wasting trying to to compile a static openldap lib with SASL support. I thought it would be easy but hey, second weekend trying it without luck.
