githublloydlabs

*Iamlloydlabsongithub.*Iamlloydd(https://keybase.io/lloydd)onkeybase.*IhaveapublickeyASCVBevzbmASlzgmtSQHmSU4FfKIYphNtf4Cm-jD5-evOAo.To ...,ThisisasimplePoCwhichallowsyoutoreturnalistofPIDscurrentlyusingNTFS,byqueryingthe-ntfs-basedevice(theWindowsfilesystembaseobject).,Popularrepositories...Awaytodeletealockedfile,orcurrentrunningexecutable,ondisk....ThisnovelwayofusingNtQueueApcThreadExbyabu...

參考資訊如下
LloydLabs's gists

* I am lloydlabs on github. * I am lloydd (https://keybase.io/lloydd) on keybase. * I have a public key ASCVBevzbmASlzgmtSQHmSU4FfKIYphNtf4Cm-jD5-evOAo. To ...

LloydLabsprocess-enumeration

This is a simple PoC which allows you to return a list of PIDs currently using NTFS, by querying the -ntfs- base device (the Windows filesystem base object).

Lloyd Davies LloydLabs

Popular repositories ... A way to delete a locked file, or current running executable, on disk. ... This novel way of using NtQueueApcThreadEx by abusing the ...

LloydLabsdelete-self

A way to delete a locked file, or current running executable, on disk. - GitHub - LloydLabs/delete-self-poc: A way to delete a locked file, or current ...

Hiding Shellcode In Plain Sight

This technique is very simple, a RW memory region 2048 the size of the shellcode is allocated. This region is then filled with randomized data data ( ...

LloydLabssgrm-research

Repository to compliment my blog post on System Guard Runtime Monitor. 4 stars 0 forks Branches Tags Activity · Star · Notifications.

LloydLabsntqueueapcthreadex-ntdll-gadget

This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used ...

Lloyd Davies (@LloydLabs) X

Hiding Shellcode In Plain Sight PoC - Very simple, but extremely effective technique used by #RaspberryRobin ❓ Place the shellcode randomly in an extremely ...