Pushed up a few small fixes for boflink. Currently working on some other improvements which should make writing BOFs in higher level languages like C++/Rust/Zig a lot more feasible without needing to add various different compiler/source code tricks github.com/MEhrn00/bofl...
With everyone publishing information on every corner of the Internet, it's never easy to stay informed
There are some rather ...interesting... opsec and design decisions in there but the core of it is that each component is split up and designed to run in a separate process using a main "orchestrator" for managing IPC. The posts above are good reads to help spark some ideas
Three samples that come to mind are CloudWizard securelist.com/cloudwizard-..., CloudSorcerer securelist.com/cloudsorcere... and Deadglyph www.welivesecurity.com/en/eset-rese.... They more or less do this where each module is spread across multiple different processes
Finally releasing a project publicly I have been pretty excited about. Here is Boflink, a linker for Beacon Object Files. github.com/MEhrn00/bofl...
Supporting blog post about it. blog.cybershenanigans.space/posts/boflin...
Windows OpenSSH agent will store SSH keys under "HKCU:Software\OpenSSH\Agent\Keys". It's on my TODO list to write a tool that will extract these and decrypt them if needed
First: Visual Studio Code
Visual Studio Code stores it's cached tabs at %APPDATA%\Code\Backups\<guid>\
The untitled temporary tabs will be found in the untitled folder, and each file contains the contents of those tabs
Not sexy things, but they make my day-to-day usage much better. I've seen many people bemoan about Ghidra 's interface. My experience with ANY tool is that things don't change unless the problem is reported to the devs. So reach out and lay out your concerns - they'll respond!
This is a pretty handy trick that I don't commonly see people doing. It's possible to embed a large file in a C/C++ program without needing to create a giant header file for it. Here's a slightly (...very) detailed blog post on it blog.cybershenanigans.space/posts/embedd...
Where do I subscribe?
๐ฅ๐ฅ๐ฅ
Giving Advent of Code 2024 a go, first time using Rust so makes a nice challenge while learning something new D
It's that time of year again everybody! I want to know YOUR thoughts on Mythic! What did you like? What could be improved? What would you like to see next? Why do you or don't you use it? If you could change something, what would it be? www.surveymonkey.com/r/MythicPlan... I'm all ears :)
Look, I get it. We've normalized running ads in search results for companies to try to make more money. But I really don't need an ad for buying "linux kernel modules" on Amazon ๐คฆ
you want a patchless amsi bypass?
Since this is turning into the the infosec social media platform, I've been working on trying to keep up with my security/technical related blog. I just released a new blog post: "Writing Beacon Object Files Without DFR" blog.cybershenanigans.space/posts/writin...
