Jared Atkinson

icon indicating a website link http://www.invoke-ir.com

icon company SpecterOps icon location Las Vegas, NV

Results 6 comments of Jared Atkinson

Unable to Marshal function parameters

For this example can't you specify the return type as [bool]? I think the marshaling would happen automatically. Something like: (func user32 EnumChildWindows ([bool]) @( [IntPtr], [IntPtr], [IntPtr] )) Sent...

Crowdstrike identifying this module as malicious

This is a good data point. Unfortunately this is also marked as malicious by Windows Defender. The main problem stems from the PSReflect module that it is based on. While...

Crowdstrike identifying this module as malicious

Yea this is a tough one. I typically use this module in non production use cases like when I'm researching an attack technique and want more granular control over different...

Failed to install: Windows Defender flags package

Hey Scott, Unfortunately the module is built on PSReflect which is not inherently malicious, but has been used with a lot of PowerShell based hacking tools. This is a situation...

Potential memory leak in WinVerifyTrust call

Hey @JohnLaTwC! Nice catch! I'll take a look and see if I can get these fixed. Now I'm wondering if there are handles from win32 functions that aren't being closed...

Potential memory leak in WinVerifyTrust call

Yea a quick survey shows that I basically don't free any of the buffers created by AllocHGlobal :(