This is the infosec blog of Aussie PatH, opinions are my own. Code and Examples are on Github.

Posts

• Oct 24, 2024

  Investigating realtime detections on iOS using Unified Logging

• Nov 30, 2022

  Gaining Threat-Intelligence the REALLY dodgy way

• Aug 22, 2022

  Linux cloud memory forensics tutorial

• Aug 21, 2022

  Tool - Use TouchID and the Secure Enclave from the commandline

• Aug 4, 2022

  Commandline Cloaking 2 - Tetragon and Nim

• Jul 21, 2022

  Tool - Using AWS Lambdas to distribute WebRequests

• Jun 10, 2022

  SIEMCraft - Security detection monitoring using Minecraft

• Jun 2, 2022

  Tool - Create run VPNs in various clouds

• Apr 24, 2022

  Tool - Use Terraform and Bitcoin to run VMs

• Jan 4, 2022

  Commandline Cloaking and Sysmon for Linux

• Sep 4, 2021

  Hunting Sliver

• Aug 1, 2021

  DEF CON 29: Bad BPF - Warping reality using eBPF

• Jul 7, 2021

  Detecting Kernel Hooking using eBPF

• Jul 1, 2021

  ETW on Windows 11 - Initial thoughts

• May 12, 2021

  Gaining Threat-Intelligence the dodgy way

• Feb 22, 2021

  Mapping It Out: Analyzing the Security of eBPF Maps

• Feb 15, 2021

  Using eBPF to uncover in-memory loading

• Dec 16, 2020

  Experimenting with Protected Processes and Threat-Intelligence

• Nov 28, 2020

  Hunting Koadic Pt. 2 - JARM Fingerprinting

• Nov 19, 2020

  Tracking Windows Updates with Git and CI

• Oct 31, 2020

  Getting more out of the Windows Filtering ETW Events

• Jul 21, 2020

  Introducing Sealighter - Sysmon-Like research tool for ETW

• Jan 11, 2020

  Experimenting with Ghidra Scripting

• Jan 11, 2020

  Using Python Bandit to find dodgy packages

• Dec 3, 2019

  Hunting Koadic across Shodan

subscribe via RSS