Skip to content
View mattifestation's full-sized avatar

Block or report mattifestation

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
mattifestation/README.md

Conference Presentations

Date Conference Talk Title
11-Aug-22 Black Hat USA 2022 Living Off the Walled Garden: Abusing the Features of the Early Launch Antimalware Ecosystem
2-Oct-21 BSides Augusta 2021 Confidently Measuring Attack Technique Coverage by Asking Better Questions
3-Dec-20 CONverge Detroit Keynote: Improving the Landscape and Messaging of Offensive Tooling and Techniques
6-Sep-19 DerbyCon IX How do I detect technique X in Windows? Applied Methodology to Definitively Answer this Question
30-Jun-19 REcon 2019 Using WPP and TraceLogging Tracing to Facilitate Dynamic and Static Windows RE
7-Aug-18 Black Hat USA 2018 Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology
15-Mar-18 TROOPERS18 Subverting Trust in Windows
23-Jan-18 BlueHat IL 2018 Hi, My Name is 'CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US'
7-Nov-17 Crowdstrike Fal.Con Unite 2017 Subverting & Restoring Trust in Windows
22-Mar-17 TROOPERS17 Architecting a Modern Defense using Device Guard
22-Sep-17 DerbyCon VII Keynote: Subverting Trust in Windows - A Case Study of the "How" and "Why" of Engaging in Security Research
24-Jan-17 BlueHat IL 2017 Device Guard Attack Surface, Bypasses, and Mitigations
3-May-17 PowerShell Conference EU 2017 Defensive Coding Strategies for a High-Security Environment
3-May-17 PowerShell Conference EU 2017 Architecting a Modern Defense Using Device Guard and PowerShell
24-Sep-16 DerbyCon 6.0 Living Off the Land 2: A Minimalist's Guide to Windows Defense
12-Jan-16 Microsoft BlueHat v15 Windows Management Instrumentation – The Omnipresent Attack and Defense Platform
8-Aug-15 DEF CON 23 WhyMI so Sexy? WMI Attacks, Real-Time Defense, and Advanced Forensic Analysis
5-Aug-15 Black Hat USA 2015 Abusing Windows Management Instrumentation (WMI) to Build a Persistent, Asynchronous, and Fileless Backdoor
27-May-15 Microsoft BlueHat Briefing Day (Internal Conference) Offensive PowerShell: Scripting Past Network Defenses
13-Jan-15 ShmooCon Epilogue 2015 Automating Obfuscated .NET Malware Analysis
7-Oct-14 MIRcon 2014 Analysis of Malicious Security Support Provider DLLs
28-Apr-14 PowerShell Summit 2014 Using PowerShell as a Reverse Engineering Tool
28-Apr-14 PowerShell Summit 2014 Advanced PowerShell Eventing Scripting Techniques
28-Sep-13 DerbyCon 3 Living Off The Land: A Minimalist's Guide To Windows Post Exploitation
26-Mar-13 #misec PowerShell Study Group Parsing Binary File Formats with PowerShell

Blog Posts

Topic: Detection

Topic: Windows Defender Application Control (WDAC)

Topic: Code Signing

Topic: Windows Tradecraft

Topic: Reverse Engineering

Topic: Miscellaneous

Attributed CVEs

CVE Description
CVE-2023-28228 Windows Spoofing Vulnerability
CVE-2022-35743 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
CVE-2020-1599 Windows Spoofing Vulnerability
CVE-2019-0733 Windows Defender Application Control Security Feature Bypass Vulnerability
CVE-2019-0627 Windows Security Feature Bypass Vulnerability
CVE-2018-8222 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2018-8221 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2018-8211 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2018-8204 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2018-8200 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2018-0854 Windows Security Feature Bypass Vulnerability
CVE-2017-0219 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2017-0218 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2017-0216 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
CVE-2016-3346 Windows Permissions Enforcement Elevation of Privilege Vulnerability

Pinned Loading

  1. PowerShellArsenal PowerShellArsenal Public

    A PowerShell Module Dedicated to Reverse Engineering

    PowerShell 864 204

  2. CimSweep CimSweep Public

    CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.

    PowerShell 651 146

  3. WDACTools WDACTools Public

    A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies

    PowerShell 206 36

  4. AntimalwareBlight AntimalwareBlight Public

    Execute PowerShell code at the antimalware-light protection level.

    PowerShell 140 19