Code Monkey home page Code Monkey logo

Conference Presentations

Date Conference Talk Title
11-Aug-22 Black Hat USA 2022 Living Off the Walled Garden: Abusing the Features of the Early Launch Antimalware Ecosystem
2-Oct-21 BSides Augusta 2021 Confidently Measuring Attack Technique Coverage by Asking Better Questions
3-Dec-20 CONverge Detroit Keynote: Improving the Landscape and Messaging of Offensive Tooling and Techniques
6-Sep-19 DerbyCon IX How do I detect technique X in Windows? Applied Methodology to Definitively Answer this Question
30-Jun-19 REcon 2019 Using WPP and TraceLogging Tracing to Facilitate Dynamic and Static Windows RE
7-Aug-18 Black Hat USA 2018 Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology
15-Mar-18 TROOPERS18 Subverting Trust in Windows
23-Jan-18 BlueHat IL 2018 Hi, My Name is 'CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
7-Nov-17 Crowdstrike Fal.Con Unite 2017 Subverting & Restoring Trust in Windows
22-Mar-17 TROOPERS17 Architecting a Modern Defense using Device Guard
22-Sep-17 DerbyCon VII Keynote: Subverting Trust in Windows - A Case Study of the "How" and "Why" of Engaging in Security Research
24-Jan-17 BlueHat IL 2017 Device Guard Attack Surface, Bypasses, and Mitigations
3-May-17 PowerShell Conference EU 2017 Defensive Coding Strategies for a High-Security Environment
3-May-17 PowerShell Conference EU 2017 Architecting a Modern Defense Using Device Guard and PowerShell
24-Sep-16 DerbyCon 6.0 Living Off the Land 2: A Minimalist's Guide to Windows Defense
12-Jan-16 Microsoft BlueHat v15 Windows Management Instrumentation – The Omnipresent Attack and Defense Platform
8-Aug-15 DEF CON 23 WhyMI so Sexy? WMI Attacks, Real-Time Defense, and Advanced Forensic Analysis
5-Aug-15 Black Hat USA 2015 Abusing Windows Management Instrumentation (WMI) to Build a Persistent, Asynchronous, and Fileless Backdoor
27-May-15 Microsoft BlueHat Briefing Day (Internal Conference) Offensive PowerShell: Scripting Past Network Defenses
13-Jan-15 ShmooCon Epilogue 2015 Automating Obfuscated .NET Malware Analysis
7-Oct-14 MIRcon 2014 Analysis of Malicious Security Support Provider DLLs
28-Apr-14 PowerShell Summit 2014 Using PowerShell as a Reverse Engineering Tool
28-Apr-14 PowerShell Summit 2014 Advanced PowerShell Eventing Scripting Techniques
28-Sep-13 DerbyCon 3 Living Off The Land: A Minimalist's Guide To Windows Post Exploitation
26-Mar-13 #misec PowerShell Study Group Parsing Binary File Formats with PowerShell

Blog Posts

Topic: Detection

Topic: Windows Defender Application Control (WDAC)

Topic: Code Signing

Topic: Windows Tradecraft

Topic: Reverse Engineering

Topic: Miscellaneous

Attributed CVEs

CVE Description
CVE-2023-28228 Windows Spoofing Vulnerability
CVE-2022-35743 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
CVE-2020-1599 Windows Spoofing Vulnerability
CVE-2019-0733 Windows Defender Application Control Security Feature Bypass Vulnerability
CVE-2019-0627 Windows Security Feature Bypass Vulnerability
CVE-2018-8222 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2018-8221 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2018-8211 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2018-8204 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2018-8200 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2018-0854 Windows Security Feature Bypass Vulnerability
CVE-2017-0219 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2017-0218 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2017-0216 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2016-3346 Windows Permissions Enforcement Elevation of Privilege Vulnerability

Matt Graeber's Projects

bcd icon bcd

BCD is a module to interact with boot configuration data (BCD) either locally or remotely using the ROOT/WMI:Bcd* WMI classes. The functionality of the functions in this module mirror that of bcdedit.exe.

capstone icon capstone

Capstone disassembly framework: Core + Python + Ocaml + Java + C# bindings

catalogtools icon catalogtools

A PowerShell module to assist in parsing and managing catalog files.

cimsweep icon cimsweep

CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.

deviceguardbypassmitigationrules icon deviceguardbypassmitigationrules

A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses

psreflect icon psreflect

Easily define in-memory enums, structs, and Win32 functions in PowerShell

tcglogtools icon tcglogtools

A set of tools to retrieve and parse TCG measured boot logs. Microsoft refers to these as Windows Boot Confirguration Logs (WBCL). In order to retrieve these logs, you must be running at least Windows 8 with the TPM enabled.

wdacpolicies icon wdacpolicies

A collection of Windows software baseline notes with corresponding Windows Defender Application Control (WDAC) policies

wdactools icon wdactools

A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies

winpetools icon winpetools

A module designed to simplify the creation, customization, and deployment of bootable Windows Preinstallation Environment (WinPE) images.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.