Profile avatar
hashford.bsky.social
Currently working in DE&TH
21 posts 36 followers 47 following
Regular Contributor
Conversation Starter
Posts 22 Comments 19

New blog post on the abuse of the IDispatch COM interface to get unexpected objects loaded into a process. Demoed by using this to get arbitrary code execution in a PPL process. googleprojectzero.blogspot.com/2025/01/wind...

submitted 32 days ago • 2 comments

2024 was a significant year for decompilation, constituting a possible resurgence in the field. Major talks, the thirty-year anniversary of research, movements in AI, and an all-time high for top publications in decompilation. Join me for a retrospective: mahaloz.re/dec-progr...

submitted 33 days ago • 0 comments

Very interesting post by Microsoft about the internals of the new Admin Protection feature It seems they have patched my SSPI UAC bypass based on NTLM as well as the Kerberos UAC bypass in which both were able to bypass AP as well More details here 👇 techcommunity.microsoft.com/blog/microso...

submitted 33 days ago • 1 comment

While working on some ETW research I whipped up this dirty script to enumerate registered Trace logging providers and more importantly their DACLs which I needed mostly. gist.github.com/olafhartong/...

submitted 59 days ago • 0 comments

Summiting the Pyramid: Bring the Pain with Robust and Accurate Detection medium.com/mitre-engenu... #ThreatHunting #DetectionEngineering

submitted 70 days ago • 1 comment

youtu.be/PW6itxkRUMQ in this video I cover how I have approached enumerating advanced audit settings a host and across the domain for situational awareness and one of the mayor sources of info for rail-guards on C2s #redteam

submitted 76 days ago • 0 comments

A companion blog to my Bluehat 2024 presentation on OleView.NET is up now. googleprojectzero.blogspot.com/2024/12/wind...

submitted 80 days ago • 0 comments

Just added 2 new DFIR resources you can work with Microsoft Defender for Endpoint at my MDE-DFIR-Resources Github repo. Check the resources here: 🔗 github.com/cyb3rmik3/MD... #MicrosoftSecurity #MicrosoftDefender #MDE #DigitalForensics #IncidentResponse #DFIR

submitted 83 days ago • 0 comments

Created a new repo to publish my MITRE ATT&CK mappings for when reports don't have a section on TTPs, hopefully useful for other defenders working on detection engineering & threat hunting. github.com/BushidoUK/MI...

submitted 89 days ago • 2 comments

Anyone got a clear idea of how ADSI authentication works with AD? When I bind using DirectoryEntry I can see in wireshark I get a TGS-REP, but no tickets in klist? Might be because I'm using alternative creds? I probably just need to read more stuff by @syfuhs.net 😂

submitted 90 days ago • 1 comment

[NEW BLOG] EDR Silencer and Beyond: Exploring Methods to Block EDR Communication - Part 2 In collaboration with @fabian.bader.cloud academy.bluraven.io/blog/edr-sil... #redteam

submitted 92 days ago • 1 comment

[BLOG] This post summarises how to tie Cobalt Strike's UDRL, SleepMask, and BeaconGate together for your syscall and call stack spoofing needs. rastamouse.me/udrl-sleepma...

submitted 93 days ago • 0 comments

It was fun speaking at the first KustoCon. All videos are up on YouTube. www.youtube.com/playlist?lis... I’m converting my talk into a blog at the moment so you don’t have to listen to me 😆 that will be out in the next week or two.

submitted 97 days ago • 0 comments

Incredible research from the @volexity.com crew here -- a must read!

submitted 101 days ago • 0 comments

I know what I'm reading on my flight tomorrow: research.cert.orangecyberdefense.com/hidden-netwo...

submitted 101 days ago • 1 comment

The problem with using bin in your detection rules: attackthesoc.com/posts/practi... Really more useful for gathering general statistics vs finding meaningful connections and meeting your set event thresholds.

submitted 103 days ago • 1 comment

Not many people are willing to go through the effort of writing an agent in C, and of them, very few are willing (or able) to open source it. @silentwarble.bsky.social went beyond even that and also released a blog about it! silentwarble.com/posts/making... check them out!

submitted 103 days ago • 0 comments

💡Interested in #memoryforensics ? Follow ✅ @volexity.com ✅ @volatilityfoundation.org ✅ @attrc.bsky.social ✅ @rmettig.bsky.social ✅ @nolaforensix.bsky.social ➡️ more to come!

submitted 103 days ago • 1 comment

Let's see if the signal-to-noise ratio on bluesky helps this get some traction: what are people's favourite content management systems for knowledge capture? Essentially something for storing playbooks etc that teams can access and edit. Maybe a wiki or similar.

submitted 102 days ago • 1 comment

Standing at the end of a tunnel saying "nice echo chamber" to everyone who goes in

submitted 104 days ago • 1 comment

For the newcomers, I'm running a Black Friday deal if you are into threat hunting, detection engineering, rapid triage using Microsoft Defender, Sentinel, Kusto/KQL.

submitted 105 days ago • 0 comments

Great training materials available here: github.com/mthcht/aweso...

submitted 105 days ago • 1 comment