Currently at OrangeCon meeting old and new friends. A lot of interesting talks and greatly organized. 🚀

Presenting some research at RedTreat today 👀. Pretty excited for all other presentations as well. They’ve been amazing so far!

Today, AmberWolf released two blog posts and our tool "NachoVPN" to target vulnerabilities in major VPNs, including CVE-2024-29014 (SonicWall NetExtender SYSTEM RCE) and CVE-2024-5921 (Palo Alto GlobalProtect RCE and Priv Esc), after our SANS HackFest presentation.🧵

I will be presenting at NULLCON 2025! 🇮🇳 The hidden ART of rolling shellcode decryption. A dive into a new shellcode loading technique!

EDRPrison - Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry github.com/senzee1984/EDR…

🛠️ Malware that sleeps, works, and never stays! 😴 Learn how Kong Loader uses sleep masks to make malware invisible in memory throughout its execution, offering a new level of stealth and evasion Join Tijme Gommers at #NullconGoa2025 👉 nullcon.net/goa-2025/speak… #kongloader #shellcode

An unexpected journey into Microsoft Defender's signature World: retooling.io/blog/an-unexpe…

Another one. It's raining PIC shellcode templates around here. Added to PIC-Library: github.com/tijme/relocata…

🔪Open-sourcing 💀StringReaper BOF! I've had great success in engagements carving credentials out of remote process memory with this BOF github.com/boku7/StringRe…

Getting ready for #NullconGoa2025!

I’ve started the development of a #Nimplant C2 beacon in truly position independent pure C-code. It’s a PoC, highly opsec unsafe, but hopefully it inspires some people and sparks creativity! 👨‍💻 github.com/tijme/nimplant…

Calculating CVSS for this vuln with Cas van Cooten...

Built something super satisfying — truly and tiny position independent code, cross-compiled from any OS to any OS. 😎

Exciting times. I'm publishing Dittobytes today after presenting it at OrangeCon ! Dittobytes is a true metamorphic cross-compiler aimed at evasion. Use Dittobytes to compile your malware. Each compilation produces unique, functional shellcode. github.com/tijme/dittobyt…

🍿My second OrangeCon talk is live! A 25-minute crash course on metamorphic malware. In Memory of In-Memory Detection! youtu.be/9tCT2ItbPD4

Back in July, Neeraj Gupta introduced DeepPass2, a smarter secret scanner that finds both API keys/tokens & contextual passwords using BERT + LLM validation. The model & tool code are now live! Model ➡️ ghst.ly/3KTLkmm Code ➡️ ghst.ly/3L96jS5 🧵: 1/2