Quang Vo's Avatar

Quang Vo

@mr-r3bot.bsky.social

Offensive Security with passionate for Malware Development and Windows internal stuffs. #redteam

41 Followers  |  67 Following  |  8 Posts  |  Joined: 11.11.2024  |  1.7045

Latest posts by mr-r3bot.bsky.social on Bluesky

Preview
PIC Development Crash Course Some helpful content for writing position independent code.

Position Independent Code (PIC) Development Crash Course.

My July 2025 overview of PIC writing fundamentals.

Don't know why jump tables are bad? Got a __chkstk relocation error? Watch this video.

#GoodLuckAndHappyHacking

vimeo.com/1100089433/d...

16.07.2025 15:40 β€” πŸ‘ 9    πŸ” 4    πŸ’¬ 0    πŸ“Œ 1

ي

10.07.2025 13:59 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Potato exploits have been a cornerstone of local priv esc on Windows for years, but how & why do the inner starchy workings of the potatoes function?

Join @atomicchonk.bsky.social next week to understand Windows access tokens & their use in the Windows environment. ghst.ly/june-web-bsky

20.06.2025 16:55 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Post image

This is getting some attention today. Cool shellcode trick from:

My First and Last Shellcode Loader by @dobinrutis.bsky.social at HITB 2024.

H/T x.com/Jean_Maes_19...

01.04.2025 17:48 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0

Yo this is supercool

07.06.2025 15:08 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

When James Forshaw post, you read 🫑

13.12.2024 11:47 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
CodeMachine - Articles In depth technical articles on Windows Internals, Security, Malware, Rootkits, and Debugging

God tier resources for Windows Internal

codemachine.com/articles.html

13.12.2024 11:46 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Theodosius - Jit linker, Symbol Mapper, and Obfuscator Existing software protection frameworks typically operate at a small range of compilation levels. The highest level of obfuscation typically operates upon source code directly (source2source), the sec...

Good article about obfuscator
blog.back.engineering/06/05/2022/

09.12.2024 14:00 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Cobalt Strike Postex Kit The CS 4.10 update saw the introduction of the Postex Kit. This was a bit overshadowed by BeaconGate, which was also added in 4.10 (I wrote about this in my last post). The intention of this post is t...

[BLOG]
Today's post is all about Cobalt Strike's Postex Kit.
rastamouse.me/cobalt-strik...

08.12.2024 17:11 β€” πŸ‘ 15    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
Snowblind: The Invisible Hand of Secret Blizzard

Hack the other group’s c2 infra to use for your own campaign πŸ‘Œ. Interesting
blog.lumen.com/snowblind-th...

05.12.2024 01:14 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
EDR Silencers and Beyond: Exploring Methods to Block EDR Communication - Part 1 For red teams and adversary alike it’s important to stay hidden. As many companies nowadays have EDR agents deployed those agents are always in focus and tools like EDRSilencer or EDRSandblast use…

πŸ›‘οΈWindows Firewall and WFP are only two ways to silence an #EDR agent.
πŸ“’In my latest blog post I discuss another network based technique to prevent data ingest and ways to detect it.

And if you want even more, checkout part 2 released by @Cyb3rMonk Link in the post

01.12.2024 15:04 β€” πŸ‘ 21    πŸ” 10    πŸ’¬ 0    πŸ“Œ 0
Preview
UDRL, SleepMask, and BeaconGate I've been looking into Cobalt Strike's UDRL, SleepMask, and BeaconGate features over the last couple of days. It took me some time to understand the relationship between these capabilities, so the aim...

[BLOG]
This post summarises how to tie Cobalt Strike's UDRL, SleepMask, and BeaconGate together for your syscall and call stack spoofing needs.

rastamouse.me/udrl-sleepma...

30.11.2024 02:05 β€” πŸ‘ 33    πŸ” 17    πŸ’¬ 0    πŸ“Œ 1
Post image

Relaying DCOM has always intrigued me, so I decided to dive in. Started with a MiTM attack using a fake DNS entry, targeting certificate requests to an ADCS server and relaying to SMB.

29.11.2024 21:42 β€” πŸ‘ 9    πŸ” 4    πŸ’¬ 1    πŸ“Œ 0
CodeMachine - Article - X64 Deep Dive In depth tutorial on the key aspects of code execution and debugging on X64 like compiler optimizations, exception handling, parameter passing, stack layout and parameter retrieval.

Detailed articles about x64 assembly. Especially about how to unwind the stack and stack layout. Must read if you planning to implement stack spoofing πŸ‘Œ
codemachine.com/articles/x64...

25.11.2024 23:47 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE.
Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/re...

22.11.2024 05:50 β€” πŸ‘ 51    πŸ” 25    πŸ’¬ 1    πŸ“Œ 0

Dipping sweet potatoes into hummus is kinda goated tbh

14.11.2024 00:53 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
GitHub - itm4n/PrivescCheck: Privilege Escalation Enumeration Script for Windows Privilege Escalation Enumeration Script for Windows - itm4n/PrivescCheck

πŸ†•β€‹ New PrivescCheck extended check!

ℹ️​ The script can now enumerate dangerous default file extension associations, such as '.bat' or '.wsh'.

βš οΈβ€‹ A manual review of the result is always recommended, but for the most part, it should be fine.

github.com/itm4n/Prives...

11.03.2024 20:29 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

@mr-r3bot is following 20 prominent accounts