Кириакос Экономоу @kyREcon Twitter profile

Last Seen Profiles

@JudyRoss52

@Big_Callum

@maromuj95

@StevenS0070

@2016_carp_v7

@_Aliiu1

@azad_freelancer

@AltPress

@fern__nm

@eanmoba

@health_safety01

@traydi1

@404byounhk

@tobenna

@Sniper_______0

@bbg_tz

@bengisuvural

@stw46

@TKeck44

@Elzini0

@winterphotogram

@penschoolsystem

@montana6427

@karinlifestye

@Millys_Smiles

@wesca_

@TharquoreFThPu

@Papawadee04

@GrittyMMA

@SeoulExplore

@Flippa

@kubo_sada_01

@loden_west

@Got2gofast95

@JulenLM

@DingerTracker

Кириакос Экономоу

@kyREcon

4 years

Linkedin is now officially a dumpster for shameless pros, attention seekers and individuals giving advice about subjects they have zero knowledge about. Things like 'how to get in cybersecurity' by people working in HR departments with IT skills just enough to login to Facebook.

18

32

242

Кириакос Экономоу

@kyREcon

5 years

How many "else if" statements do I need to become an AI software expert?

22

19

126

Кириакос Экономоу

@kyREcon

5 months

Here's an interesting thread about EDRs messing with PEB to tamper with manual exported functions resolving. This is not new. i.e Cylance used this ages ago. When I found out it was game over. Then morphisec did something similar. I found out, game over. Then others, game over.

eversinc33 🤍🔪⋆｡˚ ⋆

@eversinc33

5 months

If you are facing an EDR with PEB protection/obf which makes Ldr inaccessible & want to inject shellcode, just pass the VA of LoadLibrary (which is consistent across processes) to the shellcode via egg-hunting from your injector, enabling lib resolution without touching the PEB

10

134

608

1

34

128

Кириакос Экономоу

@kyREcon

2 years

Windows 10 0-day bug.

1

11

94

Кириакос Экономоу

@kyREcon

4 years

Everybody is happy to advise on how to get into Infosec, but nobody wants to talk about how to get the fuck out.

4

11

75

Кириакос Экономоу

@kyREcon

7 years

@MalwareTechBlog I have a better one from a guy working in an apple store: "You don't need antivirus because Apple patches the bugs all the time."

4

5

59

Кириакос Экономоу

@kyREcon

4 years

I am so fucking bored of every infodick out there trying to associate the word 'black' in security context with racism. What a bunch of useless attention seeker morons. I guess that's what you get when you convert a passion-driven lifestyle into a certificate-bitch industry.

6

14

58

Кириакос Экономоу

@kyREcon

2 years

S3cur3Th1sSh1t

@ShitSecure

2 years

@gregdarwin @passthehashbrwn So the end user still needs to unhook by himself right? No clean syscalls?

2

0

6

5

18

53

Кириакос Экономоу

@kyREcon

2 years

If you ever used this, you probably need to start eating healthier and exercise more.

8

7

50

Кириакос Экономоу

@kyREcon

9 months

Someone writes something technical on LinkedIn about position independent code dev. Guess what happens next. 🤦‍♂️

6

1

46

Кириакос Экономоу

@kyREcon

3 years

"Heavy passion and dedication". This actually means: sleepless nights, burnouts and lonely weekends spent in front of a monitor. This is what it takes. Infosec primadonas will tell you the opposite and this is the only proof you need, to know they are fucking clueless :)

Chetan Nayak (Brute Ratel C4 Author)

@NinjaParanoid

3 years

How it started (2019): How it's going (2021): When you pursue something with heavy passion and dedication and watch it evolve, it's a different feeling altogether!

5

24

161

0

5

42

Кириакос Экономоу

@kyREcon

8 years

A short write-up on a tiny update of NT kernel version 10.0.15063 inside nt!SepCreateAccessStateFromSubjectContext

1

29

34

Кириакос Экономоу

@kyREcon

3 years

@vxunderground Why are you using an infected password. Can you provide a clean one please?

0

2

34

Кириакос Экономоу

@kyREcon

9 years

@kalilinux Installing and using #Shellter v3.1 in Kali Linux.

2

34

29

Кириакос Экономоу

@kyREcon

9 years

Passwords for zip archives opened with Windows Explorer in Win8.x/10 are automatically cached. #facepalm

2

38

28

Кириакос Экономоу

@kyREcon

3 years

@Sophos "We are using Sophos now."

0

2

28

Кириакос Экономоу

@kyREcon

5 years

So VBox disables SMEP support in Windows guest OS. Hope you are not using this to run anything important. :)

2

14

25

Кириакос Экономоу

@kyREcon

1 year

The MSI leak is so bad, there are no words for it. Apart from the catastrophic consequences in low level firmware validation, it's also a low-hanging fruit against MS Defender ASR rules and other security software in general. - Signed with a trusted cert? - Nothing to see here.

2

5

27

Кириакос Экономоу

@kyREcon

4 years

The more time goes on, the more I realize that many ex-colleagues were abusing my technical work to show off to their bosses, get promotions, salary increases while hiding me under the carpet and giving me zero credit for it. If that ever happened to you, I sympathize you deeply.

2

3

24

Кириакос Экономоу

@kyREcon

2 years

Open-source C2s keep coming, but except from different UIs, what do they provide more regarding evasion during payload execution? I reckon not much as they just embed the same modules from other github repos.

6

1

25

Кириакос Экономоу

@kyREcon

9 years

CVE-2015-1438 Panda Security - PSKMAD.sys arbitrary code execution. http://t.co/1PjImEUhq2

0

32

24

Кириакос Экономоу

@kyREcon

7 years

@MalwareTechBlog Truth is, with a degree or not, most people in infosec are self-taught. I hardly remember any prof helping me to defeat packers back then. 😂

0

5

23

Кириакос Экономоу

@kyREcon

2 years

I am tired of infosec idiots killing our beloved profession from the inside. Maybe you don't know/believe this, but there are people calling themselves ethical hackers that actively hangout with cyber criminals leaking and sharing legitimate and commercial security testing tools.

8

4

24

Кириакос Экономоу

@kyREcon

9 years

NDI5aster - Privilege Escalation through NDIS 5.x Filter Intermediate Drivers.

0

26

23

Кириакос Экономоу

@kyREcon

8 months

I am offering $5000 to anyone that can provide information that will lead to prosecuting the admins of cyberarsenal[.]org forum. They believe it's funny to ruin the work of legit infosec professionals. I am also inviting anybody affected by them in order to increase the bounty,

2

6

22

Кириакос Экономоу

@kyREcon

7 years

More than 3 years later that #Shellter was publicly released and my baby still rocks. w00t!

0

9

22

Кириакос Экономоу

@kyREcon

7 years

Today we released a few little turtles back to their natural habitat. My father took good care of them while they were tiny. #NotAtDefconBtw

2

4

20

Кириакос Экономоу

@kyREcon

9 years

Believe it or not... #Shellter v4.0 has been released! ;0) Enjoy!

0

27

21

Кириакос Экономоу

@kyREcon

5 years

Considering that for restoring Notre-Dame it was raised about $1 Billion (in just 2 days btw), I guess for saving the entire planet $20 Million should suffice. :)

1

6

21

Кириакос Экономоу

@kyREcon

7 years

finished a really interesting exploit. not the usual memory corruption stuff. can't wait to release a writeup.... Soon..hopefully! :)

1

0

21

Кириакос Экономоу

@kyREcon

11 months

Cobalt Strike's vetting process leaked!

0

2

21

Кириакос Экономоу

@kyREcon

3 years

1/n To mr @cyb3rops and the rest of "defensive" community cybercrap, here's a thread for y'all. You should all be thankful for being able to access all that offensive information for free and have an idea what you are dealing with.

1

4

19

Кириакос Экономоу

@kyREcon

8 years

I wonder when someone will come up with this advisory: "LCE in Windows notepad: a user can rename .txt files to .bat and execute code."

1

8

18

Кириакос Экономоу

@kyREcon

8 years

There are no unresponsible vulnerability disclosures, only unresponsible vendor replies to vulnerability submissions.

1

13

15

Кириакос Экономоу

@kyREcon

9 years

New Shellter version is out!

Shellter

@shellterproject

9 years

Shellter V [5.3] has been released. Enhanced and ultra fast polymorphic code generation stages. Enjoy!

0

24

22

0

14

18

Кириакос Экономоу

@kyREcon

5 years

#Symantec SEP LPE writeup Part #1 :)

Nettitude Labs

@Nettitude_Labs

5 years

CVE-2019-12750 Symantec Local Priv Esc: @kyREcon walks you through the exploitation of Symantec Endpoint Protection.

1

99

173

0

7

18

Кириакос Экономоу

@kyREcon

8 years

Greeks invented Democracy in the confines of a highly educated society. Understand this is not the case anymore. Nowhere. #Brexit

1

8

17

Кириакос Экономоу

@kyREcon

2 years

I am by no means a Red Teamer, but as a developer of @shellterproject and various other private offensive tools/techniques for evading AVs/EDRs, my advice to you is to never rely on a single C2 framework. Be realistic. Don't deify your tools. Improvisation is key.

0

2

17

Кириакос Экономоу

@kyREcon

11 years

Why AV static detection (byte matching, hashing) is a bad idea, and how malware authors break them on the fly. http://t.co/r8Ebd8lQOl

1

17

Кириакос Экономоу

@kyREcon

2 years

WTF?!?!

vx-underground

@vxunderground

2 years

The United States Department of Justice has charged a 55-year-old Cardiologist from Venezuela as the developer of Jigsaw Ransomware and Thanos Ransomware. Thanos Ransomware Builder is available for download on vx-underground. More info:

18

162

404

1

4

16

Кириакос Экономоу

@kyREcon

7 years

For those that don't get it: I didn't donate @MalwareTechBlog because I know/can prove his innocence. I did so that he can if he truly is.

1

3

16

Кириакос Экономоу

@kyREcon

11 months

@NSAMostWanted Based on his facial characteristics and posture on your image; this is the guy.

1

0

15

Кириакос Экономоу

@kyREcon

5 months

Apparently Israel is currently shredding to pieces more children as we speak. I can't possibly stand any of this anymore. I am stopping all professional activities with people associated with Israeli companies. I am in total disbelief.

2

3

16

Кириакос Экономоу

@kyREcon

3 years

@noptrix @vxunderground The password was deleted by defender because it was infected!!!

0

14

Кириакос Экономоу

@kyREcon

9 years

VMware Multiple Products - Privilege Escalation

1

23

15

Кириакос Экономоу

@kyREcon

6 years

It's about time to go apply some patches. ;)

Nettitude Labs

@Nettitude_Labs

6 years

CVE-2018-6851 to CVE-2018-6857: Multiple Sophos Privilege Escalation Vulnerabilities by @kyREcon

0

113

103

1

4

15

Кириакос Экономоу

@kyREcon

5 years

Let's first ban all military-grade idiots from infosec. Then OST might not be the problem after all. If you think that public tools are the problem, if you don't see that this provides equal opportunity also to defenders to prepare for, then you are the real threat.

2

6

15

Кириакос Экономоу

@kyREcon

1 year

Is there any AMSI bypass that doesn't rely on hooking/patching/preload fake amsi.dll? Not talking about obfuscated scripts and such, but 'disabling' AMSI from within a process of running shellcode etc... I haven't seen any so far, currently working on it.

3

1

15

Кириакос Экономоу

@kyREcon

4 years

It's nice to see that infosec people have just discovered that you can use syscalls directly in Windows OS and that may be slightly more effective in bypassing some security products. I guess they never bothered looking at some malware. Some progress just there. 👏👏👏

0

1

14

Кириакос Экономоу

@kyREcon

4 years

Wild boar... 😋😋😋😋

1

0

14

Кириакос Экономоу

@kyREcon

6 years

It's nice to see so many people asking how to break into infosec. They will eventually realize that the hard part is breaking out of it. They all do. :)

1

14

Кириакос Экономоу

@kyREcon

1 year

If you want to dive into COM programming for whatever reason that might be, @zodiacon training course is really awesome. I enjoyed it from beginning to end and I totally recommend it.

0

1

14

Кириакос Экономоу

@kyREcon

4 years

The only thing you shouldn't hack, that's 'your way into cyber security'. Spend time to learn the stuff you like. Be patient. Be persistent. Don't waste money on stupid certs. Pick 1-2 that count. No shortcut will make you better. Seniority is not a job title. Will never be. ✌️

3

14

Кириакос Экономоу

@kyREcon

8 years

I don't trust 100% my phone's fingerprint scanner, but avoiding to type my password in crowded places is really practical.

3

9

14

Кириакос Экономоу

@kyREcon

4 years

@MalwareTechBlog I can't even pretend to understand how difficult all this was/is. Wish you all the best.

0

14

Кириакос Экономоу

@kyREcon

9 years

#Shellter V has been released!

0

16

13

Кириакос Экономоу

@kyREcon

1 year

Detecting a hypervisor environment is trivial. The idea of throwing binaries in a VM for analysis automation and trusting the results coming back should keep you up at night.

0

1

13

Кириакос Экономоу

@kyREcon

4 years

Last rant for 2020: Please stop showing off your RT crap using direct syscalls in Windows to bypass security products, like it's some science you just invented. Malware are using this and other clever methods for decades. You 👏are👏late👏! Happy New Year everyone!

0

1

13

Кириакос Экономоу

@kyREcon

2 years

@angryWifey @Sebas26_ @InternetH0F For what movie?

2

0

11

Кириакос Экономоу

@kyREcon

8 years

If you use VirtualKD vminstall you might have issues debugging a Win10 VM, due to debug settings in Guest not correctly set. Fix and reboot.

0

4

13

Кириакос Экономоу

@kyREcon

7 years

ah...here it is

1

3

12

Кириакос Экономоу

@kyREcon

9 years

Shellter v4.0 - Injecting a DLL with a Reflective Loader

Shellter v4.0 - Injecting a DLL with a Reflective Loader

This video demonstrates the Reflective DLL loaders support that was introduced in Shellter v4.0.This allows the pentester to define his own actions in a high...

www.youtube.com

1

7

12

Кириакос Экономоу

@kyREcon

8 years

In 2017 I need to try to argue less with people. Especially with those crying about privacy all day long with their entire life posted on FB

2

4

11

Кириакос Экономоу

@kyREcon

5 months

@studentofthings The fact that you are talking about file hashes is another proof of how flawed your understanding is about any of this. You are completely clueless Nathan and I am not even trying to offend you.

1

0

12

Кириакос Экономоу

@kyREcon

6 years

This little cat was abandoned and I decided to adopt it. Clearly we will get along...

1

0

12

Кириакос Экономоу

@kyREcon

6 years

@cBekrar @ScottRFrost @scriptjunkie1 @info_dox In a VM inside another VM which runs over a baremetal hypervisor on a separate network.

1

11

Кириакос Экономоу

@kyREcon

4 years

Now that the CREST leak has been shorted let's move on with OSCP and OSCE. You are going to love this one. 1/n

1

3

11

Кириакос Экономоу

@kyREcon

6 years

@TheColonial @rtmcx @SushiDude I don't think "Not cool" is gonna cut it.

0

11

Кириакос Экономоу

@kyREcon

2 years

@ShitSecure @gregdarwin @passthehashbrwn For just $6k per user/year you want them to also unhook those functions for you? No worries though, Shellter Pro Plus will also do this for you even if the chosen payload doesn't.

0

11

Кириакос Экономоу

@kyREcon

9 years

Latest version is out! ;0)

Shellter

@shellterproject

9 years

Shellter VI [6.2] has been released! w00t!

0

15

13

0

4

10

Кириакос Экономоу

@kyREcon

4 years

Why does it have to be so hard for EDR vendors to provide a trial installation to infosec companies. They all think we would just buy something without evaluating it first. Ridiculous.

2

0

11

Кириакос Экономоу

@kyREcon

4 years

Their mother died, so now I need to feed them with a bottle...

1

0

11

Кириакос Экономоу

@kyREcon

9 years

#Shellter has been added in the official Kali Linux repo. :)

0

13

11

Кириакос Экономоу

@kyREcon

9 years

#Shellter v3.1 was added @backboxlinux repositories. http://t.co/pgTetR2dNq

0

9

8

Кириакос Экономоу

@kyREcon

5 years

@izdiwho @fs0c131y

0

9

Кириакос Экономоу

@kyREcon

7 years

Just had a look @Bsideslisbon currently disclosed speakers and talks. This is a lot more than just a bsides. You guys should be proud. :)

1

0

10

Кириакос Экономоу

@kyREcon

3 years

@hasherezade You mean this? :)

GitHub - kyREcon/IsKernelDebuggerPresent: Detects if a Kernel mode debugger is active by reading...

Detects if a Kernel mode debugger is active by reading the value of KUSER_SHARED_DATA.KdDebuggerEnabled. It is a high level and portable implementation between 32 and 64-bit architectures. - kyREco...

github.com

1

10

Кириакос Экономоу

@kyREcon

6 years

Just found this golden bargain on ebay!!!

5

0

10

Кириакос Экономоу

@kyREcon

8 years

@NBCNewYork @wopot I am not going to wear a V-neck t-shirt again. :(((

0

8

Кириакос Экономоу

@kyREcon

4 years

That was a cool finding for a while. :)

Nettitude Labs

@Nettitude_Labs

4 years

CVE-2020-14418: A vulnerability in the madCodeHook library caused many security products (by e.g. Cisco, Morphisec, etc) to contain a local privilege escalation vulnerability. Discovery and analysis by @kyREcon .

0

21

36

1

10

Кириакос Экономоу

@kyREcon

1 year

@RubenKelevra @omt66 @PR0GRAMMERHUM0R "fu" would be more appropriate tbh

1

0

9

Кириакос Экономоу

@kyREcon

4 months

0

10

Кириакос Экономоу

@kyREcon

2 years

@deepinthebuild Never forget that someone working there needs to feed their Lamborghini and they also probably have a husband/wife and kids that can't go to work/school driving a Fiat. You just took one for the team. That said, I hope you find something better soon.

1

0

10

Кириакос Экономоу

@kyREcon

9 years

Got a privilege escalation in Avast Windows products - aka Guest to SYSTEM like a boss. :0)

0

2

10

Кириакос Экономоу

@kyREcon

8 years

Today was my last day @Nettitude_com . I had really good time there and I will keep working with them on occasion. Stay hungry, stay foolish!

8

0

10

Кириакос Экономоу

@kyREcon

2 years

Nobody's leaving twitter for mastodon and 99% of you never cared about the verification badge before. Stop crying already and enjoy the weekend.

0

9

Кириакос Экономоу

@kyREcon

4 years

My dear friend and ex-colleague Tom Wilson and myself are now on a shared journey.

ZeroPeril

@ZeroPeril

4 years

HELLO WORLD! via @zeroperil

3

1

4

1

0

10

Кириакос Экономоу

@kyREcon

3 years

I was reading that thread about not writing securiry critical code in C/C++, and I was about to post a comment, but then I saw someone somewhere in there suggesting python and JavaScript as alternatives and I was like... let's just mute this cr @p .

0

10

Кириакос Экономоу

@kyREcon

7 years

@t045tbr0t @TheColonial And if you place it vertically you can keep all of your source code on a single page. 😂😂😂

1

0

10

Кириакос Экономоу

@kyREcon

3 years

@cyb3rops And btw those 90+ C2 frameworks dropped in 3 years, that you so much consider a threat, are 99% copy-paste of each other and use the exact same methods, with little to none variation. Again, please let us know how unknown threats would fit better your portfolio.

2

0

10

Кириакос Экономоу

@kyREcon

4 years

You are an EDR vendor. You get approached by a researcher kindly telling you that one of your drivers, that is shared with another EDR vendor has a serious vulnerability and asks you to provide a trial to verify this is the case in you current version too. What do you reply? :)

11

0

9

Кириакос Экономоу

@kyREcon

5 years

I am now officially a Godfather. :)

1

0

8

Кириакос Экономоу

@kyREcon

7 years

Computer? What's that? 😂

0

9

Кириакос Экономоу

@kyREcon

2 years

@Laughing_Mantis He can't be taken seriously, but let's be honest here; her take is also reaching.

2

0

9

Кириакос Экономоу

@kyREcon

6 years

That Infosec conference where attendance-only tickets can go up to $3000 USD, let alone attending also a training session, but if you want to present a software then it has to be open-source. 🤔

2

1

9

Кириакос Экономоу

@kyREcon

8 years

VM Detection through SETUPAPI.SetupDiGetDeviceRegistryProperty Arrived in my inbox as obfuscacted .js file which downloads the PE. ;0)

0

4

9

Кириакос Экономоу

@kyREcon

6 months

What the actual fuck?!?!

7

0

9

Кириакос Экономоу

@kyREcon

8 years

Someone got a $16k reward for a facebook bug submission and now all the bitches are crying because he used a pirated burp license. 🖕

1

0

9

Кириакос Экономоу

@kyREcon

3 years

Imagine being so 'passionate' about cybersecurity that your biggest issue is that one of the most respected certificates in the industry may cause you a burnout if you attempt the exam. Rest assured with that mentality you will never get a burnout; definitely not from cybersec.

0

2

9

Кириакос Экономоу

@kyREcon

3 years

@domchell @1njection @attritionorg We all agree that you should get your refund asap if you haven't already, but right now this looks like you are on a mission to ruin someone's life and career. You are crossing the line. Please stop.

1

9