winterknife 🌻's Avatar

winterknife 🌻

@winterknife.bsky.social

low-level developer with a focus on π™Έπš—πšπšŽπš• 𝚑𝟾𝟼 ISA devices running πš†πš’πš—πšπš˜πš πšœ | victoria per observatiam | R&D @bhinfosecurity.bsky.social

92 Followers  |  32 Following  |  1 Posts  |  Joined: 13.12.2023  |  1.4257

Latest posts by winterknife.bsky.social on Bluesky

Preview
Tradecraft Orchestration in the Garden What’s more relaxing than a beautiful fall day, a crisp breeze, a glass of Sangria, and music from the local orchestra? Of course, I expect you answered: writing position-independent code projects …

Tradecraft Orchestration in the Garden

aff-wg.org/2025/12/01/t...

An exercise in building base architectures with Crystal Palace .spec files and configuring/layering specific tradecraft modules over them at link time.

01.12.2025 14:11 β€” πŸ‘ 7    πŸ” 3    πŸ’¬ 0    πŸ“Œ 2
Preview
GitHub - winterknife/SILVERPICK: Windows User-Mode Shellcode Development Framework (WUMSDF) Windows User-Mode Shellcode Development Framework (WUMSDF) - winterknife/SILVERPICK

Releasing SILVERPICK, yet another Windows shellcode development framework using C++.

github.com/winterknife/...

14.11.2025 16:31 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Tradecraft Engineering with Aspect-Oriented Programming It’s 2025 and apparently, I’m still a Java programmer. One of the things I never liked about Java’s culture, going back many years ago, was the tendency to hype frameworks that seemed to over-engin…

Tradecraft Engineering with Aspect-Oriented Programming

@rastamouse.me pretty much predicted what was coming in his last blog post. attach (Win32 APIs), redirect (local funcs), capability right-sized IAT hooks, and PICO function exports.

Yes, attach can incept its PIC.

aff-wg.org/2025/11/10/t...

10.11.2025 18:21 β€” πŸ‘ 10    πŸ” 9    πŸ’¬ 0    πŸ“Œ 1
Preview
Tradecraft Garden’s PIC Parterre The goal of Tradecraft Garden is to separate evasion tradecraft from C2. Part of this effort involves looking for logical lines of separation. And, with PIC, I think we’ve just found one of them. T…

Tradecraft Garden’s PIC Parterre

Dynamic Function Resolution pt. 2, Say yes to the .bss, and symbol remapping.

aff-wg.org/2025/10/27/t...

27.10.2025 15:48 β€” πŸ‘ 7    πŸ” 3    πŸ’¬ 0    πŸ“Œ 1
Preview
iPhone 17’s killer feature: Memory safety Apple’s new phone series has a secret superpower that will make mercenary spyware much harder to deploy

In which I get way too excited about Apple's new Memory Integrity Enforcement features, which will make mercenary spyware that much harder to deploy on new iPhones. (Subscribe!) freedom.press/digisec/blog...

24.09.2025 20:03 β€” πŸ‘ 16    πŸ” 8    πŸ’¬ 1    πŸ“Œ 0

Analysis of a Ransomware Breach

aff-wg.org/2025/09/26/a...

Breach analysis? Breach intelligence? Industry critique? Fee-only ransomware negotiator? 100% efficacy? The story of how Microsoft worked an old problem, fucked it up, we malign the guy who told us, they fixed it, and it wasn't fixed? PtH?

26.09.2025 17:12 β€” πŸ‘ 14    πŸ” 6    πŸ’¬ 0    πŸ“Œ 1
Preview
Modular PIC C2 Agents (reprise) A few months ago, I published a post called Modular PIC C2 Agents where I mused about what it could look like to build a C2 agent out of individual (modular) COFFs. The idea was to build a capability ...

Quick post on how to use the new make coff and merge commands in @raphaelmudge.bsky.social's Crystal Palace.
rastamouse.me/modular-pic-...

12.09.2025 22:29 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 1
Preview
COFFing out the Night Soil I’m back with another update to the Tradecraft Garden project. Again, this release is focused on the Crystal Palace linker. My priority in this young project is to build the foundation first, then …

COFFing out the Night Soil

aff-wg.org/2025/09/10/c...

A COFF-focused Crystal Palace update:

* internal COFF normalization & section group merging
* Crystal Palace can now export COFF
* I added COFF merging to the spec language too

Linker stuff.

10.09.2025 21:37 β€” πŸ‘ 11    πŸ” 5    πŸ’¬ 0    πŸ“Œ 1
Preview
Beacon %25 The fourth year of Beacon: London's home of hackers, hunters and EDR dodgers.

If you're in London, Will Burgess (x.com/joehowwolf) is speaking at Beacon %25 on "Linkers and Loaders: Experiments with Crystal Palace" this Thursday.

www.eventbrite.co.uk/e/beacon-25-...

beac0n.org

From his X: "If you enjoy filthy PIC tradecraft it may be of interest!"

09.09.2025 20:46 β€” πŸ‘ 7    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Preview
jIRCii - Java IRC Client jIRCii is a fully scriptable internet relay chat client for Windows, MacOS X, and Linux. It's free too

I just updated my 25+ year old IRC client, jIRCii.

Curious about Aggressor Script's ancestor? It's here.

Update improves IRC over SSL/TLS UX, fixes some bugs, tightens some screws, and fixes build to compile on OpenJDK 10+.

jircii.dashnine.org/download/

CC @hagiagraphe.bsky.social

31.07.2025 16:59 β€” πŸ‘ 5    πŸ” 1    πŸ’¬ 3    πŸ“Œ 0
Preview
PIC Development Crash Course Some helpful content for writing position independent code.

Position Independent Code (PIC) Development Crash Course.

My July 2025 overview of PIC writing fundamentals.

Don't know why jump tables are bad? Got a __chkstk relocation error? Watch this video.

#GoodLuckAndHappyHacking

vimeo.com/1100089433/d...

16.07.2025 15:40 β€” πŸ‘ 9    πŸ” 4    πŸ’¬ 0    πŸ“Œ 1

@winterknife is following 19 prominent accounts