Matt Hand – Medium

Featured Book

Evading EDR: A Comprehensive Guide to Defeating Endpoint Detection Systems

Evading EDR: A Comprehensive Guide to Defeating Endpoint Detection Systems

A comprehensive guide to understanding the attack-detection software running on Windows systems—and how to evade it.

2023

Stories

Matt Hand

Hypervisor Detection with SystemHypervisorDetailInformation

Reversing how Windows gets hypervisor information

8 min readSep 15, 2023

--

Hypervisor Detection with SystemHypervisorDetailInformation

--

Matt Hand

CVE-2023–28072: Local Privilege Escalation in Alienware Command Center

Background

4 min readSep 1, 2023

--

CVE-2023–28072: Local Privilege Escalation in Alienware Command Center

--

Matt Hand

Hang Fire: Challenging our Mental Model of Initial Access

For as long as I’ve been working in security, initial access has generally looked the same. While there are high degrees of variation…

4 min readJun 16, 2022

--

Hang Fire: Challenging our Mental Model of Initial Access

--

Matt Hand

Formalized Curiosity

I grew up as an insanely curious kid. My parents have seemingly endless numbers of stories of me taking things apart and trying to put them…

9 min readOct 25, 2021

--

Formalized Curiosity

--

Matt Hand

Life is Pane: Persistence via Preview Handlers

Using shell preview handlers for privileged persistence

12 min readOct 21, 2021

--

Life is Pane: Persistence via Preview Handlers

--

Matt Hand

Adventures in Dynamic Evasion

Most teams I have worked with rely heavily on anecdotal evidence when it comes to evasion. If an operator is asked why they chose a…

10 min readDec 7, 2020

--

Adventures in Dynamic Evasion

--

Matt Hand

CVE-2020–14979: Local Privilege Escalation in EVGA PrecisionX1

A few weeks ago, I reported a Local Privilege Escalation (LPE)affecting version <1.0.7 of EVGA’s Precision X1 performance software. This…

3 min readAug 12, 2020

--

CVE-2020–14979: Local Privilege Escalation in EVGA PrecisionX1

--

Matt Hand

Methodology for Static Reverse Engineering of Windows Kernel Drivers

Introduction

13 min readApr 15, 2020

--

2

Methodology for Static Reverse Engineering of Windows Kernel Drivers

--

2

Matt Hand

Mimidrv In Depth: Exploring Mimikatz’s Kernel Driver

Mimikatz provides the opportunity to leverage kernel mode functions through the included driver, Mimidrv. Mimidrv is a signed Windows…

29 min readJan 13, 2020

--

Mimidrv In Depth: Exploring Mimikatz’s Kernel Driver

--

Matt Hand

Shhmon — Silencing Sysmon via Driver Unload

Sysmon is an incredibly powerful tool to aide in data collection beyond Windows’ standard event logging capabilities. It presents a…

4 min readSep 18, 2019

--

Shhmon — Silencing Sysmon via Driver Unload

--

Matt Hand

Matt Hand

Book Author

Red team guy gone purple @preludeorg 💜 | Author of Evading EDR http://nostarch.com/evading-edr 📖 | Security research & windows internals 🦠

Following

Help
Status
About
Careers
Blog
Privacy
Terms
Text to speech
Teams