winterknife 🌻
@winterknife.bsky.social
low-level developer with a focus on 𝙸𝚗𝚝𝚎𝚕 𝚡𝟾𝟼 ISA devices running 𝚆𝚒𝚗𝚍𝚘𝚠𝚜 | victoria per observatiam | R&D @bhinfosecurity.bsky.social
Reposted by winterknife 🌻
Tradecraft Orchestration in the Garden
aff-wg.org/2025/12/01/t...
An exercise in building base architectures with Crystal Palace .spec files and configuring/layering specific tradecraft modules over them at link time.
aff-wg.org/2025/12/01/t...
An exercise in building base architectures with Crystal Palace .spec files and configuring/layering specific tradecraft modules over them at link time.
Tradecraft Orchestration in the Garden
What’s more relaxing than a beautiful fall day, a crisp breeze, a glass of Sangria, and music from the local orchestra? Of course, I expect you answered: writing position-independent code projects …
aff-wg.org
December 1, 2025 at 2:11 PM
Tradecraft Orchestration in the Garden
aff-wg.org/2025/12/01/t...
An exercise in building base architectures with Crystal Palace .spec files and configuring/layering specific tradecraft modules over them at link time.
aff-wg.org/2025/12/01/t...
An exercise in building base architectures with Crystal Palace .spec files and configuring/layering specific tradecraft modules over them at link time.
Releasing SILVERPICK, yet another Windows shellcode development framework using C++.
github.com/winterknife/...
github.com/winterknife/...
GitHub - winterknife/SILVERPICK: Windows User-Mode Shellcode Development Framework (WUMSDF)
Windows User-Mode Shellcode Development Framework (WUMSDF) - winterknife/SILVERPICK
github.com
November 14, 2025 at 4:31 PM
Releasing SILVERPICK, yet another Windows shellcode development framework using C++.
github.com/winterknife/...
github.com/winterknife/...
Reposted by winterknife 🌻
Tradecraft Engineering with Aspect-Oriented Programming
@rastamouse.me pretty much predicted what was coming in his last blog post. attach (Win32 APIs), redirect (local funcs), capability right-sized IAT hooks, and PICO function exports.
Yes, attach can incept its PIC.
aff-wg.org/2025/11/10/t...
@rastamouse.me pretty much predicted what was coming in his last blog post. attach (Win32 APIs), redirect (local funcs), capability right-sized IAT hooks, and PICO function exports.
Yes, attach can incept its PIC.
aff-wg.org/2025/11/10/t...
Tradecraft Engineering with Aspect-Oriented Programming
It’s 2025 and apparently, I’m still a Java programmer. One of the things I never liked about Java’s culture, going back many years ago, was the tendency to hype frameworks that seemed to over-engin…
aff-wg.org
November 10, 2025 at 6:21 PM
Tradecraft Engineering with Aspect-Oriented Programming
@rastamouse.me pretty much predicted what was coming in his last blog post. attach (Win32 APIs), redirect (local funcs), capability right-sized IAT hooks, and PICO function exports.
Yes, attach can incept its PIC.
aff-wg.org/2025/11/10/t...
@rastamouse.me pretty much predicted what was coming in his last blog post. attach (Win32 APIs), redirect (local funcs), capability right-sized IAT hooks, and PICO function exports.
Yes, attach can incept its PIC.
aff-wg.org/2025/11/10/t...
Reposted by winterknife 🌻
Tradecraft Garden’s PIC Parterre
Dynamic Function Resolution pt. 2, Say yes to the .bss, and symbol remapping.
aff-wg.org/2025/10/27/t...
Dynamic Function Resolution pt. 2, Say yes to the .bss, and symbol remapping.
aff-wg.org/2025/10/27/t...
Tradecraft Garden’s PIC Parterre
The goal of Tradecraft Garden is to separate evasion tradecraft from C2. Part of this effort involves looking for logical lines of separation. And, with PIC, I think we’ve just found one of them. T…
aff-wg.org
October 27, 2025 at 3:48 PM
Tradecraft Garden’s PIC Parterre
Dynamic Function Resolution pt. 2, Say yes to the .bss, and symbol remapping.
aff-wg.org/2025/10/27/t...
Dynamic Function Resolution pt. 2, Say yes to the .bss, and symbol remapping.
aff-wg.org/2025/10/27/t...
Reposted by winterknife 🌻
In which I get way too excited about Apple's new Memory Integrity Enforcement features, which will make mercenary spyware that much harder to deploy on new iPhones. (Subscribe!) freedom.press/digisec/blog...
iPhone 17’s killer feature: Memory safety
Apple’s new phone series has a secret superpower that will make mercenary spyware much harder to deploy
freedom.press
September 24, 2025 at 8:03 PM
In which I get way too excited about Apple's new Memory Integrity Enforcement features, which will make mercenary spyware that much harder to deploy on new iPhones. (Subscribe!) freedom.press/digisec/blog...
Reposted by winterknife 🌻
Analysis of a Ransomware Breach
aff-wg.org/2025/09/26/a...
Breach analysis? Breach intelligence? Industry critique? Fee-only ransomware negotiator? 100% efficacy? The story of how Microsoft worked an old problem, fucked it up, we malign the guy who told us, they fixed it, and it wasn't fixed? PtH?
aff-wg.org/2025/09/26/a...
Breach analysis? Breach intelligence? Industry critique? Fee-only ransomware negotiator? 100% efficacy? The story of how Microsoft worked an old problem, fucked it up, we malign the guy who told us, they fixed it, and it wasn't fixed? PtH?
September 26, 2025 at 5:12 PM
Analysis of a Ransomware Breach
aff-wg.org/2025/09/26/a...
Breach analysis? Breach intelligence? Industry critique? Fee-only ransomware negotiator? 100% efficacy? The story of how Microsoft worked an old problem, fucked it up, we malign the guy who told us, they fixed it, and it wasn't fixed? PtH?
aff-wg.org/2025/09/26/a...
Breach analysis? Breach intelligence? Industry critique? Fee-only ransomware negotiator? 100% efficacy? The story of how Microsoft worked an old problem, fucked it up, we malign the guy who told us, they fixed it, and it wasn't fixed? PtH?
Reposted by winterknife 🌻
Quick post on how to use the new make coff and merge commands in @raphaelmudge.bsky.social's Crystal Palace.
rastamouse.me/modular-pic-...
rastamouse.me/modular-pic-...
Modular PIC C2 Agents (reprise)
A few months ago, I published a post called Modular PIC C2 Agents where I mused about what it could look like to build a C2 agent out of individual (modular) COFFs. The idea was to build a capability ...
rastamouse.me
September 12, 2025 at 10:30 PM
Quick post on how to use the new make coff and merge commands in @raphaelmudge.bsky.social's Crystal Palace.
rastamouse.me/modular-pic-...
rastamouse.me/modular-pic-...
Reposted by winterknife 🌻
COFFing out the Night Soil
aff-wg.org/2025/09/10/c...
A COFF-focused Crystal Palace update:
* internal COFF normalization & section group merging
* Crystal Palace can now export COFF
* I added COFF merging to the spec language too
Linker stuff.
aff-wg.org/2025/09/10/c...
A COFF-focused Crystal Palace update:
* internal COFF normalization & section group merging
* Crystal Palace can now export COFF
* I added COFF merging to the spec language too
Linker stuff.
COFFing out the Night Soil
I’m back with another update to the Tradecraft Garden project. Again, this release is focused on the Crystal Palace linker. My priority in this young project is to build the foundation first, then …
aff-wg.org
September 10, 2025 at 9:37 PM
COFFing out the Night Soil
aff-wg.org/2025/09/10/c...
A COFF-focused Crystal Palace update:
* internal COFF normalization & section group merging
* Crystal Palace can now export COFF
* I added COFF merging to the spec language too
Linker stuff.
aff-wg.org/2025/09/10/c...
A COFF-focused Crystal Palace update:
* internal COFF normalization & section group merging
* Crystal Palace can now export COFF
* I added COFF merging to the spec language too
Linker stuff.
Reposted by winterknife 🌻
If you're in London, Will Burgess (x.com/joehowwolf) is speaking at Beacon %25 on "Linkers and Loaders: Experiments with Crystal Palace" this Thursday.
www.eventbrite.co.uk/e/beacon-25-...
beac0n.org
From his X: "If you enjoy filthy PIC tradecraft it may be of interest!"
www.eventbrite.co.uk/e/beacon-25-...
beac0n.org
From his X: "If you enjoy filthy PIC tradecraft it may be of interest!"
Beacon %25
The fourth year of Beacon: London's home of hackers, hunters and EDR dodgers.
www.eventbrite.co.uk
September 9, 2025 at 8:46 PM
If you're in London, Will Burgess (x.com/joehowwolf) is speaking at Beacon %25 on "Linkers and Loaders: Experiments with Crystal Palace" this Thursday.
www.eventbrite.co.uk/e/beacon-25-...
beac0n.org
From his X: "If you enjoy filthy PIC tradecraft it may be of interest!"
www.eventbrite.co.uk/e/beacon-25-...
beac0n.org
From his X: "If you enjoy filthy PIC tradecraft it may be of interest!"
Reposted by winterknife 🌻
I just updated my 25+ year old IRC client, jIRCii.
Curious about Aggressor Script's ancestor? It's here.
Update improves IRC over SSL/TLS UX, fixes some bugs, tightens some screws, and fixes build to compile on OpenJDK 10+.
jircii.dashnine.org/download/
CC @hagiagraphe.bsky.social
Curious about Aggressor Script's ancestor? It's here.
Update improves IRC over SSL/TLS UX, fixes some bugs, tightens some screws, and fixes build to compile on OpenJDK 10+.
jircii.dashnine.org/download/
CC @hagiagraphe.bsky.social
jIRCii - Java IRC Client
jIRCii is a fully scriptable internet relay chat client for Windows, MacOS X, and Linux. It's free too
jircii.dashnine.org
July 31, 2025 at 4:59 PM
I just updated my 25+ year old IRC client, jIRCii.
Curious about Aggressor Script's ancestor? It's here.
Update improves IRC over SSL/TLS UX, fixes some bugs, tightens some screws, and fixes build to compile on OpenJDK 10+.
jircii.dashnine.org/download/
CC @hagiagraphe.bsky.social
Curious about Aggressor Script's ancestor? It's here.
Update improves IRC over SSL/TLS UX, fixes some bugs, tightens some screws, and fixes build to compile on OpenJDK 10+.
jircii.dashnine.org/download/
CC @hagiagraphe.bsky.social
Reposted by winterknife 🌻
Position Independent Code (PIC) Development Crash Course.
My July 2025 overview of PIC writing fundamentals.
Don't know why jump tables are bad? Got a __chkstk relocation error? Watch this video.
#GoodLuckAndHappyHacking
vimeo.com/1100089433/d...
My July 2025 overview of PIC writing fundamentals.
Don't know why jump tables are bad? Got a __chkstk relocation error? Watch this video.
#GoodLuckAndHappyHacking
vimeo.com/1100089433/d...
PIC Development Crash Course
Some helpful content for writing position independent code.
vimeo.com
July 16, 2025 at 3:40 PM
Position Independent Code (PIC) Development Crash Course.
My July 2025 overview of PIC writing fundamentals.
Don't know why jump tables are bad? Got a __chkstk relocation error? Watch this video.
#GoodLuckAndHappyHacking
vimeo.com/1100089433/d...
My July 2025 overview of PIC writing fundamentals.
Don't know why jump tables are bad? Got a __chkstk relocation error? Watch this video.
#GoodLuckAndHappyHacking
vimeo.com/1100089433/d...