Log inSign up
Kyle Avery
1,161 posts
user avatar
Kyle Avery
@kyleavery
Texas, USA
kyleavery.com
Joined July 2017
601
Following
3,906
Followers

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • user avatar
    Kyle Avery
    @kyleavery
    Aug 12, 2022
    Incase you missed it, check out my new tool from #DEFCON30 !
    GitHub - kyleavery/AceLdr: Cobalt Strike UDRL for memory scanner evasion.
    From github.com
  • user avatar
    Kyle Avery
    @kyleavery
    Jan 3, 2022
    Introducing inject-assembly! Execute a .NET assembly in any existing process, including your current Beacon, and retrieve the output! - Patches Environment.Exit() - PE header stomping - Random pipe name generation - No blocking of the current Beacon
    GitHub - kyleavery/inject-assembly: Inject .NET assemblies into an existing process
    From github.com
  • user avatar
    Kyle Avery
    @kyleavery
    May 25, 2023
    Last week I ported TinyNuke HVNC to a Cobalt Strike BOF:
    GitHub - WKL-Sec/HiddenDesktop: HVNC for Cobalt Strike
    From github.com
    49K
  • user avatar
    Kyle Avery
    @kyleavery
    Jun 8, 2022
    Excited to announce that I’ll be presenting ‘Avoiding Memory Scanners: Customizing Malware to Evade YARA, PE-sieve, and More’ at #DEFCON30 !
  • user avatar
    Kyle Avery
    @kyleavery
    Jul 24, 2023
    New DLL hijacking opportunities, triggered using DCOM for lateral movement:
    GitHub - WKL-Sec/dcomhijack: Lateral Movement Using DCOM and DLL Hijacking
    From github.com
    44K
  • user avatar
    Kyle Avery
    @kyleavery
    Dec 13, 2023
    user avatar
    𝖜𝖔𝖒𝖇𝖑𝖊 𝖜𝖎𝖙𝖍𝖔𝖚𝖙 𝖆 𝖈𝖆𝖚𝖘𝖊
    @goblinodds
    Dec 9, 2023
    god why are men so hard to get gifts for wtf do u people want
    32K
  • user avatar
    Kyle Avery
    @kyleavery
    Sep 9, 2022
    Check out my new blog post on Avoiding Memory Scanners:
    kyleavery.com
    Avoiding Memory Scanners
    Customizing Malware to Evade YARA, PE-sieve, and More
  • user avatar
    Kyle Avery
    @kyleavery
    Dec 19, 2024
    Replying to @zhou_xian_
    9.4K
  • user avatar
    Kyle Avery
    @kyleavery
    Aug 9, 2021
    Just published my blog post on a Mythic use case that I find very interesting: multiple implant stages that use the same backend C2 server while still having separate network infrastructure. It includes a Terraform config to deploy the exact setup. blog.kyleavery.com/posts/multi-st…
  • user avatar
    Kyle Avery
    @kyleavery
    Feb 1, 2022
    Besides BloodHound from @_wald0 + @SpecterOps and PingCastle from @mysmartlogon, what other open source or free tools should every organization be running on a regular basis?
  • user avatar
    Kyle Avery
    @kyleavery
    Dec 21, 2021
    Just got .NET execution in an existing process working - needs some quality testing but I plan to open source it eventually
  • user avatar
    Kyle Avery
    @kyleavery
    Jan 7, 2024
    I decided to try something besides Windows this weekend. Here is a Linux sleep obfuscation poc using POSIX timers:
    github.com
    GitHub - kyleavery/pendulum: Linux Sleep Obfuscation
    Linux Sleep Obfuscation. Contribute to kyleavery/pendulum development by creating an account on GitHub.
    16K
  • user avatar
    Kyle Avery
    @kyleavery
    Feb 1, 2024
    I've been getting questions about this again recently, so I wrote a small post. Patching .NET functions from an unmanaged CLR harness:
    Unmanaged .NET Patching | Outflank
    From outflank.nl
    17K
  • user avatar
    Kyle Avery
    @kyleavery
    Jul 19, 2024
    Today’s outages are a great example of why @Apple kicked EDR out of the kernel. Sure, kernel dev is hard, QA should catch this, etc. - now imagine what would happen if EDR could collect the same data from user-mode. I’m not really an Apple fan, nor am I calling their solution
    21K