Justin BuiinSnowflake Builders Blog: Data Engineers, App Developers, AI/ML, & Data ScienceMacOS CI/CD with TartHow Snowflake’s Red Team uses Tart and AWS EC2 for macOS CI/CD and development6 min read·Feb 14, 2024----
Justin BuiDebugging Cookie Dumping Failures with Chromium’s Remote DebuggerChromium updated and broke our ability to dump cookies using the remote debugger?5 min read·Jul 16, 2023----
Justin BuiUnderstanding and Defending Against Reflective Code Loading on macOSThis blogpost will describe the concept of loading executables in-memory on macOS and how to detect it.10 min read·Apr 12, 2022--1--1
Justin BuiExtended Attributes and TCC on macOSThis blogpost will describe how Transparency, Consent, and Control (TCC) affects extended attributes on macOS6 min read·Mar 8, 2022----
Justin BuiWhere in the World is Carmen Sandiego: Abusing Location Services on macOSA dive into macOS, TCC, and Location Services8 min read·Dec 1, 2021--2--2
Justin BuiinPosts By SpecterOps Team MembersHands in the Cookie Jar: Dumping Cookies with Chromium’s Remote Debugger PortA dive into stealing Chromium cookies with a remote debugger port10 min read·Dec 17, 2020--1--1
Justin BuiinPosts By SpecterOps Team MembersAutomating DLL Hijack DiscoveryA dive into Windows DLLs, DLL hijacking, automation, WinAPI, and finding the root cause of shared DLL hijacks.11 min read·Jun 30, 2020--1--1
Justin BuiinPosts By SpecterOps Team MembersUnderstanding and Defending Against Access Token Theft: Finding Alternatives to winlogon.exeA dive into Windows processes, access tokens, SACLs, WinAPI and access token manipulation.12 min read·Oct 1, 2019----
Justin BuiinPosts By SpecterOps Team MembersRevisiting TTPs: TimeStomperIn this post, I will cover how to manipulate file times on the Windows OS with a proof-of-concept tool and show examples of detection.8 min read·Apr 16, 2019----