Shellter Pro v1.0 -Released-

Posted in Blog News on March 20th, 2017 by kyREcon

Shellter Pro has been released!

Read more here.


Tags: , , , , ,

RIP Kris Kaspersky

Posted in Blog News on March 12th, 2017 by kyREcon

Sadly,  Kris passed away recently.

I never had the opportunity to meet him in person, but I can remember in a way that still puts a smile in my face, that he was one of the first people that I rushed to be connected with in linkedin when I firstly created an account about 10 years ago.

Who is ever going to forget the “remote code execution through Intel CPU bugs” and so many other things discovered and written by Kris.

I wish all the best to his family and close friends, and may he stay alive in everyone’s memories forever.

Death is not the greatest loss in life. The greatest loss is what dies inside us while we live.” -Norman Cousins



Time to fight back and remind to everyone…

Posted in General Articles on November 16th, 2016 by kyREcon

Lately, I have been constantly attacked on twitter at a personal level by these two guys: @harmj0y and @christruncer.
They are both co-authors of veil. Unfortunately it seems that other people like @mattifestation joined them. Why matti?

This made me realize two things.

Either people don’t know the backstory of what is going on and/or these people have their own crew of supporters that will keep coming back against me, whatever happens.
Personally, I don’t like any of the two.

For that reason it’s about time to remind to people who these people are, how they keep attacking me at a personal level and how they attacked my project Shellter with lies. Remember, these people have no limits. They had even published their lies, yes they even made a youtube video, but we will go back to that.

Good thing is, I kept this video, because I knew they would come back to me.

First of all, I want to make clear that I accept that I am not the guy that always uses kind words, however this is lights of years away from attacking someone personally.

A few days ago, I posted on my @shellterproject account a tweet saying that “Shellter eats for breakfast veil, backdoor factory, and any other tool in this category.”

Now, if you are a co-author of any of those tools and you see a personal insult there, just because I am saying that my tool performs better, then something doesn’t fit.

I believe that anyone with some common sense can understand that something is totally wrong with these people.

If you think I am wrong, and your tool performs better than mine, then please come to me with your tests and results and give me the time to analyze them and give you some results back.

Instead of trying to defend their work at a technical level, these people started throwing insults at me at a personal level.

Here they are:














Again, these people unable to keep the discussion at a technical level and defend their tool veil by those means, they started attacking me at a personal level.

It seems that for them, if someone makes something better, then they have to make him look like he is a bad guy. That’s their only way of defending their work, by making people look bad through the power they have on social media.

I am not an angel, but my comments much or little harsh, were not personal. I have the right to say my tool ‘tastes’ better than yours. If you think I am wrong, then please prove me wrong, but whatever the outcome is, trying to make this personal is what really is unacceptable.

Now The backstory!

This is were everything begun: July 23 2015.

That day, with the help of @midnite_runr, the author of backdoor factory, these people created a youtube video showing a vulnerability in Shellter that didn’t exist in order to defame my project.

Now you tell me how low that is, and yet these people count thousands of followers on twitter.

Yes these people did that to me!

Here is the video they created:

What these sad people did, was to give to Shellter to execute a binary that they previously infected with a reverse connection stager, and then they used that to throw lies and defame my project.

Yes, these people did that to me, all of them together as a team: @harmj0y, @christruncer, and @midnite_runr

All of them together, created, published, and/or fully endorsed this framing of my project, trying to embarass me.

Little did they know!

To make things clear Shellter’s tracer acts as a debugger that executes and logs the execution flow of an application.

This is fully documented, and it’s not a secret. It’s how this tool gets all the necessary information to achieve dynamic PE infection. So basically it acts like a debugger, it executes programs.

Well maybe, these people don’t know what a debugger is, but I don’t believe that, if you know what I mean.

Obviously, I had immediately realised what these people were doing so I had put all the details of their supposed vulnerability in this very blog.

Then, I did the mistake to decide to give them a break from complete embarassement. I contacted one of them and tried to make peace, mostly to protect them from their own actions.

Now I regret about that, and I hardly regret about anything!

I regret about it, because they don’t deserve it and because these people are so good at forgetting and completely ignoring their own actions that now they came back attacking me just because I said that my tool performs better with AV evasion.

If you are one of their followers, this is what these people are: Shameless!

Take care,

Tags: , ,

Mitigating the NULL SecurityDescriptor Kernel Exploitation Vector

Posted in Research on October 14th, 2016 by kyREcon

This article describes a new mitigation in the latest Windows 10 v1607 against a common attack vector user by many kernel exploits until today.

Read more here.



Detecting KDs with a single instruction

Posted in Research on May 19th, 2016 by kyREcon

tl;dr: Just finished an article about detecting a kernel-mode debugger in Windows from userland by using a single instruction.
Portable across all latest Windows versions, both x86/x64 builds.

Read more here.