nt!_SEP_TOKEN_PRIVILEGES – Single Write EoP Protect

Posted in Research on April 18th, 2017 by kyREcon

A short write-up on a tiny update introduced in NT kernel version 10.0.15063 inside nt!SepCreateAccessStateFromSubjectContext that can mess up with your kernel exploits in case you abuse _SEP_TOKEN_PRIVILEGES.Enabled through a Read-Write Primitive to gain EoP.

Read more here.


Tags: ,

On ProtonMail’s “Human Verification”

Posted in General Articles on April 12th, 2017 by kyREcon


Recently, I noticed that protonmail treats users that attempt to use their service via tor a bit differently.

So if you are ready and/or willing to laugh or cry a bit about it, then keep on reading.

Let’s go…

First of all protonmail owners are happy to talk a lot about privacy and security, which is a good thing. They even offer a Tor hidden service!







They even mention that protonmail “does not require any personally identifiable information to register”.






However, how true is all that about privacy and anonymity?

So in case you actually attempt to signup for a new account on protonmail, via tor, this is what happens:









Wait a minute!!!

Isn’t Tor’s purpose to offer anonymity and privacy to the user?!?!

Are you actually telling to the users to connect via Tor for which you also provide a URL and then you are asking them to give you their mobile number and/or their credit card information?!?!?

Didn’t you say that you don’t require any personal information to register?!?!

This makes no sense…this makes no fucking sense!!!

To make things clear, asking for a mobile number and/or credit card information has nothing to do with “Human Verification”.

This is clearly an “Identification” of the person that attempts to signup to their service…using Tor…for which they also provide a URL…for which process they were supposed not to ask any personal information.

After having a conversation over twitter with @bartcbutler (Protonmail’s CTO), it seems that they still believe that promoting privacy via Tor and then asking someone to provide personal information it makes sense.

Their excuse is that they do that to fight spammers and people creating multiple accounts, which could cause to make the whole service suffer.

But…do they do this for users that don’t attempt to signup via Tor?

No they don’t!!!













So, let me get this straight…if that makes any sense.

When I asked them what is the point of allowing people to signup via Tor and also offering a Tor URL if they assume that Tor users are spammers, @bartcbutler  said that they don’t assume anything like that.

Apparently, though this is not the case, again!

If it was the case, then why not always ask for personal information?

Can’t spammers create multiple accounts without using Tor?

Well…the difference is that it makes it easier to identify people that create an account without using Tor.

Because that’s the difference. That’s the only difference.

So clearly, this doesn’t make any sense and definitely it’s not for fighting spammers.

Nothing from what they claim and say adds up, and for me protonmail is definitely not an option anymore.

What I mean is, if you see shit on one side of the cake, what do you do:

a. You clean that part up and eat the rest of the cake.

b. You throw away the whole fucking cake!


The choice is yours.

Take care,





Shellter Pro v1.0 -Released-

Posted in Blog News on March 20th, 2017 by kyREcon

Shellter Pro has been released!

Read more here.


Tags: , , , , ,

RIP Kris Kaspersky

Posted in Blog News on March 12th, 2017 by kyREcon

Sadly,  Kris passed away recently.

I never had the opportunity to meet him in person, but I can remember in a way that still puts a smile in my face, that he was one of the first people that I rushed to be connected with in linkedin when I firstly created an account about 10 years ago.

Who is ever going to forget the “remote code execution through Intel CPU bugs” and so many other things discovered and written by Kris.

I wish all the best to his family and close friends, and may he stay alive in everyone’s memories forever.

Death is not the greatest loss in life. The greatest loss is what dies inside us while we live.” -Norman Cousins



Time to fight back and remind to everyone…

Posted in General Articles on November 16th, 2016 by kyREcon

Lately, I have been constantly attacked on twitter at a personal level by these two guys: @harmj0y and @christruncer.
They are both co-authors of veil. Unfortunately it seems that other people like @mattifestation joined them. Why matti?

This made me realize two things.

Either people don’t know the backstory of what is going on and/or these people have their own crew of supporters that will keep coming back against me, whatever happens.
Personally, I don’t like any of the two.

For that reason it’s about time to remind to people who these people are, how they keep attacking me at a personal level and how they attacked my project Shellter with lies. Remember, these people have no limits. They had even published their lies, yes they even made a youtube video, but we will go back to that.

Good thing is, I kept this video, because I knew they would come back to me.

First of all, I want to make clear that I accept that I am not the guy that always uses kind words, however this is lights of years away from attacking someone personally.

A few days ago, I posted on my @shellterproject account a tweet saying that “Shellter eats for breakfast veil, backdoor factory, and any other tool in this category.”

Now, if you are a co-author of any of those tools and you see a personal insult there, just because I am saying that my tool performs better, then something doesn’t fit.

I believe that anyone with some common sense can understand that something is totally wrong with these people.

If you think I am wrong, and your tool performs better than mine, then please come to me with your tests and results and give me the time to analyze them and give you some results back.

Instead of trying to defend their work at a technical level, these people started throwing insults at me at a personal level.

Here they are:














Again, these people unable to keep the discussion at a technical level and defend their tool veil by those means, they started attacking me at a personal level.

It seems that for them, if someone makes something better, then they have to make him look like he is a bad guy. That’s their only way of defending their work, by making people look bad through the power they have on social media.

I am not an angel, but my comments much or little harsh, were not personal. I have the right to say my tool ‘tastes’ better than yours. If you think I am wrong, then please prove me wrong, but whatever the outcome is, trying to make this personal is what really is unacceptable.

Now The backstory!

This is were everything begun: July 23 2015.

That day, with the help of @midnite_runr, the author of backdoor factory, these people created a youtube video showing a vulnerability in Shellter that didn’t exist in order to defame my project.

Now you tell me how low that is, and yet these people count thousands of followers on twitter.

Yes these people did that to me!

Here is the video they created:

What these sad people did, was to give to Shellter to execute a binary that they previously infected with a reverse connection stager, and then they used that to throw lies and defame my project.

Yes, these people did that to me, all of them together as a team: @harmj0y, @christruncer, and @midnite_runr

All of them together, created, published, and/or fully endorsed this framing of my project, trying to embarass me.

Little did they know!

To make things clear Shellter’s tracer acts as a debugger that executes and logs the execution flow of an application.

This is fully documented, and it’s not a secret. It’s how this tool gets all the necessary information to achieve dynamic PE infection. So basically it acts like a debugger, it executes programs.

Well maybe, these people don’t know what a debugger is, but I don’t believe that, if you know what I mean.

Obviously, I had immediately realised what these people were doing so I had put all the details of their supposed vulnerability in this very blog.

Then, I did the mistake to decide to give them a break from complete embarassement. I contacted one of them and tried to make peace, mostly to protect them from their own actions.

Now I regret about that, and I hardly regret about anything!

I regret about it, because they don’t deserve it and because these people are so good at forgetting and completely ignoring their own actions that now they came back attacking me just because I said that my tool performs better with AV evasion.

If you are one of their followers, this is what these people are: Shameless!

Take care,

Tags: , ,