subvert0r

icon location Subverting bad guys since 2004.

Results 15 issues of subvert0r

KeyError: 'tag_name' when trying to use objection patchapk

Describe the bug Objection has successfully downloaded libfrida-gadget.so, but after that it always fails to pull git tags due to network problems, but since it has successfully obtained gadget, why...

freshissue

Fibratus doesn't log some of the registry operations

1 comment

Steps to reproduce : ``` 1. Install Fibratus and execute Fibratus run (optionally capture output somewhere) (Windows 10 x64) 2. Download this LSASS dumper : https://github.com/tastypepperoni/PPLBlade/releases/download/v1.0/PPLBlade.exe (Note: Defender detects PPLBlade.exe...

Why Service Control Manager provider doesn't generate any event id?

2 comment

I am trying to get events related to service creation, and so far I have tried these: ``` Microsoft-Windows-Services Service Control Manager Service Control Manager Trace ``` But strangely, non...

Default config file causes error

1 comment

Using the provided default config file will raise an exception.. https://github.com/pathtofile/Sealighter/blob/main/docs/CONFIGURATION.md#kernel_traces ``` { "session_properties": { "session_name": "My-Process-Trace", "output_format": "stdout", "buffering_timout_seconds": 10 }, "user_traces": [ { "trace_name": "proc_trace", "provider_name": "Microsoft-Windows-Kernel-Process", "keywords_any":...

Does this project support Proxmox?

Does this project support Proxmox for Virtual Machine Introspection of Proxmox VMs?

Missing events when event burst happen even after setting the EVENT_TRACE_PROPERTIES to large number of buffers?

3 comment

I have minimized my callback function to just collect as much as info as possible and just pass that to another thread, But I am still missing some events when...

Missing Task start and Service start telemetries

1 comment

These telemetries are missing from the comparison: ``` Task Start Service Start ``` If we are going to even include deletion of these, then surely starting it would be included...

waiting for info

Is PatchGuard bypass necessary in case of boot time DSE bypass?

1 comment

### Question description I have tested the boot time DSE bypass without the patchguard, and I did not get any BSOD, even after waiting 40-50 minute. My question is, is...

question

Why not have the option to load the windows boot manager from the EfiGuardDxe.efi instead of loader.efi?

### Question description I have added a code to load windows boot manager in the DXE project itself, and tried to load this instead of the loader, and it worked...

question

Chapter 11 - IoGetDeviceObjectPointer for some devices return a wrong device object?!

I am not sure what the problem is, but for `volmgr` devices, such as `\device\harddiskvolumeX`, `IoGetDeviceObjectPointer` returns a FltMgr device! I know that `IoGetDeviceObjectPointer` returns the top most device in...