Matt HandHypervisor Detection with SystemHypervisorDetailInformationReversing how Windows gets hypervisor information8 min read·Sep 15, 2023----
Matt HandCVE-2023–28072: Local Privilege Escalation in Alienware Command CenterBackground4 min read·Sep 1, 2023----
Matt HandHang Fire: Challenging our Mental Model of Initial AccessFor as long as I’ve been working in security, initial access has generally looked the same. While there are high degrees of variation…4 min read·Jun 16, 2022----
Matt HandFormalized CuriosityI grew up as an insanely curious kid. My parents have seemingly endless numbers of stories of me taking things apart and trying to put them…9 min read·Oct 25, 2021----
Matt HandLife is Pane: Persistence via Preview HandlersUsing shell preview handlers for privileged persistence12 min read·Oct 21, 2021----
Matt HandAdventures in Dynamic EvasionMost teams I have worked with rely heavily on anecdotal evidence when it comes to evasion. If an operator is asked why they chose a…10 min read·Dec 7, 2020----
Matt HandCVE-2020–14979: Local Privilege Escalation in EVGA PrecisionX1A few weeks ago, I reported a Local Privilege Escalation (LPE)affecting version <1.0.7 of EVGA’s Precision X1 performance software. This…3 min read·Aug 12, 2020----
Matt HandMethodology for Static Reverse Engineering of Windows Kernel DriversIntroduction13 min read·Apr 15, 2020--2--2
Matt HandMimidrv In Depth: Exploring Mimikatz’s Kernel DriverMimikatz provides the opportunity to leverage kernel mode functions through the included driver, Mimidrv. Mimidrv is a signed Windows…29 min read·Jan 13, 2020----
Matt HandShhmon — Silencing Sysmon via Driver UnloadSysmon is an incredibly powerful tool to aide in data collection beyond Windows’ standard event logging capabilities. It presents a…4 min read·Sep 18, 2019----