Home - KnifeCoat

![[logo.png|300]] Welcome fellow **antiquarians**! `KnifeCoat` is a new way to share some of my thoughts, collect resources for study, and post some ad-hoc data/research of questionable use. ### Times gone by `FuzzySecurity` has been servicing 250-350k unique visitors per year on average 🤯. However, one does not always have as much time to *(1)* research content, *(2)* write content, *(3)* turn the content into HTML as one used to (it's true). For this reason `FuzzySecurity` has been archived using [GitHub Pages](https://pages.github.com/). I started `FuzzySecurity` in 2011 and I believe that, while a good portion of the content has aged beyond power of memory to recall it's usefulness, it has some historic value and some pretty damn cool research! I would also like to remember, fondly, some of the suffering I endured working on the content 💕 As such `FuzzySecurity` will remain online and accessible using the normal URL: - [https://www.fuzzysecurity.com/tutorials.html](https://www.fuzzysecurity.com/tutorials.html) ``` Let us not then pursue By force impossible, by leave obtain’d Unacceptable, though in Heav’n, our state Of splendid vassalage, but rather seek Our own good from our selves, and from our own Live to our selves, though in this vast recess, Free, and to none accountable, preferring Hard liberty before the easie yoke Of servile Pomp. Our greatness will appear Then most conspicuous, when great things of small, Useful of hurtful, prosperous of adverse We can create, and in what place so e’re Thrive under evil, and work ease out of pain Through labour and endurance. This deep world Of darkness do we dread? ``` ### But what is a KnifeCoat? This is just a small joke, Microsoft has written detections for some tools I wrote in [Sharp-Suite](https://github.com/FuzzySecurity/Sharp-Suite) and those detections are grouped under the moniker `Knifecoat.XXXXX`. The naming game is so on point. ### Background I have been messing around with computers for a long time, I remember using `Red Hat` before it was a commercial product if that is any indication. In 2011 I started working in security. As time progressed I narrowed my interests to focus mostly on: all things Windows, endpoint post-exploitation, OS internals, systems programming and any weird research problems that caught my attention. I have worked on all sides of the fence in our industry: hard-core util based consulting 🔥, red teaming, defence and research. For the past 4-5 years my main efforts have been in Red Teaming and threat based research. I split my time between `R&D` and `hands-on-keyboard` activities. Currently I work as ~~a Senior Managing Security Consultant~~ an **Antiquarian** @ `IBM` on the `Adversary Services` team. ### Contact Hit me up if you have any questions or feedback. - Twitter - [@FuzzySec](https://twitter.com/FuzzySec) - Mastodon - [@[email protected]](https://infosec.exchange/@FuzzySec) - LinkedIn - [rboonen](https://www.linkedin.com/in/rboonen/) - Email - `[email protected]` - GitHub - [FuzzySecurity](https://github.com/FuzzySecurity) - YouTube - [fuzzysecurity](https://www.youtube.com/@fuzzysecurity)<br><br> ``` -----BEGIN PGP PUBLIC KEY BLOCK----- mJMEY+IWohMFK4EEACMEIwQA1uZ3cO7MvyOYlLhP+/EmO2pfQwahrA3+wIIDPDhJ XiRRwGas8s3upHoR51YaMk/cV2bkKNayAAgQFqEpCRDye+8BAJo6xe13vNAMSyAa owmh1MGJ1hQmdRSx2q+YpRv/k2atI8FElhL3vKj1iFNhC27Hm7H6jBcuDrqZ5bYf xsZkT5G0KVJ1YmVuIEJvb25lbiAoYjMzZikgPHJ1LmJvb25lbkBnbWFpbC5jb20+ iNsEExMKAEEWIQTiHvdXQ5NAud69esauSLHuvMys/AUCY+IW2wIbAwUJA8JnAAUL CQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRCuSLHuvMys/MyKAgi8KapI6vla c1OGP+THESJMgZqOv7oWy1wi3Wga5IFBd7CzmYRtLuEgn3zlMI36GW+lq1kp9KMG T4pOi4CcuzA7qwIIo/61rAZvjeEQ1JlOHN43co+go3Zg18d4zZFCtMqQO3PWPcPT TIPjndvNpTbydqslPLneAF0+4k92hQvxEAVPaqK4lwRj4havEgUrgQQAIwQjBAFb kWgyrafYL1kaKg2BQMGHvOp79+nydADn/tLf8y5iJfsX2utxZEpbhomp8sW9sx7i dpYNMzkAIPwvcRnE4kAQ0wB5e1NuOnR9YU6lXO1oJy30LCusS5+csB2AD0EHQjfF y0Ls7NQVgtJHVdtwTt9Z0qWHv6MGYQzHDRLf1sMfPRiukAMBCgmIugQYEwoAIBYh BOIe91dDk0C53r16xq5Ise68zKz8BQJj4hbbAhsMAAoJEK5Ise68zKz8db8CCKBk 8RNmJPXcM2SpkZQk85YcmbQT0oMsm0Trl6ezb7NwNgkAnPwmRHZ7b2tmjtqDYuP/ YjW5IrDnYOJ8W5U7/0sAAgj312rR5nnMxFuEADMO2f7ddjGVK0YerfGaDvqVspp3 BQ5MzN9Lkt9ToYTcKFcuYU4bWIlBs8cof/pvG6N1hdEVDQ== =ZkKB -----END PGP PUBLIC KEY BLOCK----- ```