🔥🔥🔥Indirect syscalls PoCs:
💥HellsHall(combination of HellsGate and indirect syscalls) - Another Way To Fetch Clean Syscalls
🔖Github repo
💥C_SYSCALLS is a single stub direct and indirect syscalling with runtime SSN resolving for windows.
💥Hiding Your Syscalls - bypassing detections that I wrote myself. To the best of my knowledge EDR vendors aren’t really alerting on direct syscalls yet.
🔖Source code
💥FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++! Doesn't it bother you to have to define every syscall stub or function within a module? Or having to depend on the Windows version for the syscalls? Well, forget about all that. FreshyCalls makes use of some features implemented from C++11 such as the variadic templates along with some custom mini-shellcode to avoid this.
💥syscalls-asm
💥Charon's Ferry(adapted from HellsGate)- An indirect syscaller
💥HellsHall(combination of HellsGate and indirect syscalls) - Another Way To Fetch Clean Syscalls
🔖Github repo
💥C_SYSCALLS is a single stub direct and indirect syscalling with runtime SSN resolving for windows.
💥Hiding Your Syscalls - bypassing detections that I wrote myself. To the best of my knowledge EDR vendors aren’t really alerting on direct syscalls yet.
🔖Source code
💥FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++! Doesn't it bother you to have to define every syscall stub or function within a module? Or having to depend on the Windows version for the syscalls? Well, forget about all that. FreshyCalls makes use of some features implemented from C++11 such as the variadic templates along with some custom mini-shellcode to avoid this.
💥syscalls-asm
💥Charon's Ferry(adapted from HellsGate)- An indirect syscaller
👍2
⚡1
#Offensive_security
1. Offensive Software Exploitation (OSE) Course
https://github.com/ashemery/exploitation-course
2. Persistence and LOLBins
https://windowsir.blogspot.com/2022/12/persistence-and-lolbins.html
1. Offensive Software Exploitation (OSE) Course
https://github.com/ashemery/exploitation-course
2. Persistence and LOLBins
https://windowsir.blogspot.com/2022/12/persistence-and-lolbins.html
GitHub
GitHub - ashemery/exploitation-course: Offensive Software Exploitation Course
Offensive Software Exploitation Course. Contribute to ashemery/exploitation-course development by creating an account on GitHub.
#Threat_Research
1. Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022
https://pytorch.org/blog/compromised-nightly-dependency
2. Google Home Vulnerability: Eavesdropping on Conversations
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html#poc-1-spy-on-victim
1. Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022
https://pytorch.org/blog/compromised-nightly-dependency
2. Google Home Vulnerability: Eavesdropping on Conversations
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html#poc-1-spy-on-victim
#Malware_analysis
1. Dimorf - ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´s
https://github.com/Ort0x36/Dimorf
2. TTPs: Rust vs C++
A comparative analysis of C++ and Rust implant binaries
https://steve-s.gitbook.io/0xtriboulet/ttps/ttps-rust-vs-c++
1. Dimorf - ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´s
https://github.com/Ort0x36/Dimorf
2. TTPs: Rust vs C++
A comparative analysis of C++ and Rust implant binaries
https://steve-s.gitbook.io/0xtriboulet/ttps/ttps-rust-vs-c++
GitHub
GitHub - Ort0x36/Dimorf: Dimorf is a ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´s
Dimorf is a ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´s - Ort0x36/Dimorf
#tools
#Red_Team_Tactics
1. DROPS - Adversary Tool Command Generator / "Dynamic Cheat Sheet"
https://sygnialabs.github.io/DROPS
2. ScrapPY - utility for scraping manuals, documents, and other sensitive PDFs to generate targeted wordlists that can be utilized by offensive security tools
https://github.com/RoseSecurity/ScrapPY
3. Rust reflective loader
https://github.com/winsecurity/Offensive-Rust/tree/main/peloader64
#Red_Team_Tactics
1. DROPS - Adversary Tool Command Generator / "Dynamic Cheat Sheet"
https://sygnialabs.github.io/DROPS
2. ScrapPY - utility for scraping manuals, documents, and other sensitive PDFs to generate targeted wordlists that can be utilized by offensive security tools
https://github.com/RoseSecurity/ScrapPY
3. Rust reflective loader
https://github.com/winsecurity/Offensive-Rust/tree/main/peloader64
GitHub
GitHub - RoseSecurity/ScrapPY: ScrapPY is a Python utility for scraping manuals, documents, and other sensitive PDFs to generate…
ScrapPY is a Python utility for scraping manuals, documents, and other sensitive PDFs to generate wordlists that can be utilized by offensive security tools to perform brute force, forced browsing,...
👍1
#exploit
1. Buffer overflow exploit for Stephen Bradshaw's Vulnserver
https://github.com/shodanwashere/badserver
2. CVE-2022-20951:
Cisco BroadWorks CommPilot Application Software Unauthenticated SSRF
https://www.shielder.com/advisories/cisco-broadworks-commpilot-ssrf
3. CVE-2022-20958:
Cisco BroadWorks CommPilot Application Software Authenticated RCE
https://www.shielder.com/advisories/cisco-broadworks-commpilot-authenticated-remote-code-execution
1. Buffer overflow exploit for Stephen Bradshaw's Vulnserver
https://github.com/shodanwashere/badserver
2. CVE-2022-20951:
Cisco BroadWorks CommPilot Application Software Unauthenticated SSRF
https://www.shielder.com/advisories/cisco-broadworks-commpilot-ssrf
3. CVE-2022-20958:
Cisco BroadWorks CommPilot Application Software Authenticated RCE
https://www.shielder.com/advisories/cisco-broadworks-commpilot-authenticated-remote-code-execution
GitHub
GitHub - shodanwashere/badserver: Buffer overflow exploit for Stephen Bradshaw's Vulnserver.
Buffer overflow exploit for Stephen Bradshaw's Vulnserver. - shodanwashere/badserver
#WebApp_Security
1. Backdoor .NET applications via startup hooks
https://rastamouse.me/net-startup-hooks
2. Teler-waf - Go HTTP middleware that provide teler IDS functionality to protect against web-based attacks and improve the security web applications
https://github.com/kitabisa/teler-waf
1. Backdoor .NET applications via startup hooks
https://rastamouse.me/net-startup-hooks
2. Teler-waf - Go HTTP middleware that provide teler IDS functionality to protect against web-based attacks and improve the security web applications
https://github.com/kitabisa/teler-waf
GitHub
GitHub - teler-sh/teler-waf: teler-waf is a Go HTTP middleware that protects local web services from OWASP Top 10 threats, known…
teler-waf is a Go HTTP middleware that protects local web services from OWASP Top 10 threats, known vulnerabilities, malicious actors, botnets, unwanted crawlers, and brute force attacks. - teler-s...
#Malware_analysis
1. The Mac Malware of 2022
https://objective-see.org/blog/blog_0x71.html
2. New version of Raspberry Robin
https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe
1. The Mac Malware of 2022
https://objective-see.org/blog/blog_0x71.html
2. New version of Raspberry Robin
https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe
Objective-See
The Mac Malware of 2022 👾
A comprehensive analysis of the year's new malware
#exploit
#reversing
1. Vulnerability in Synology NAS
https://paper.seebug.org/2038
2. Reverse Engineering and Exploiting an IoT TotoLink N100RE bug
https://faradaysec.com/faraday-ctf-2022-write-up-reverse-engineering-and-exploiting-an-iot-bug
3. ESI Injection PoCs
https://infosecwriteups.com/exploring-the-world-of-esi-injection-b86234e66f91
#reversing
1. Vulnerability in Synology NAS
https://paper.seebug.org/2038
2. Reverse Engineering and Exploiting an IoT TotoLink N100RE bug
https://faradaysec.com/faraday-ctf-2022-write-up-reverse-engineering-and-exploiting-an-iot-bug
3. ESI Injection PoCs
https://infosecwriteups.com/exploring-the-world-of-esi-injection-b86234e66f91
Faraday
Reverse Engineering and Exploiting an IoT bug - Faraday
In most of the write-ups of CTF, reverse engineering concepts are taken for granted. This is a problem for newcomers that are unfamiliar with some basic concepts or don’t have prior experience in this field. However, this will be different. In this video…
#Sec_code_review
OWASP Mobile Application Security Testing Guide (MASTG)
https://github.com/OWASP/owasp-mastg
OWASP Mobile Application Security Testing Guide (MASTG)
https://github.com/OWASP/owasp-mastg
GitHub
GitHub - OWASP/mastg: The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security…
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA...
#tools
#Malware_analysis
VBScript & VBA source-to-source deobfuscator with partial-evaluation
https://github.com/airbus-cert/vbSparkle
#Malware_analysis
VBScript & VBA source-to-source deobfuscator with partial-evaluation
https://github.com/airbus-cert/vbSparkle
GitHub
GitHub - airbus-cert/vbSparkle: VBScript & VBA source-to-source deobfuscator with partial-evaluation
VBScript & VBA source-to-source deobfuscator with partial-evaluation - airbus-cert/vbSparkle
#Offensive_security
1. Google Hacking Database (GHDB)
https://github.com/readloud/Google-Hacking-Database-GHDB
2. NTP Fingerprinting
https://isc.sans.edu/diary/Its+about+time+OS+Fingerprinting+using+NTP/29394
3. Powershell scripts for post exploitation
https://github.com/ItsCyberAli/PowerMeUp
1. Google Hacking Database (GHDB)
https://github.com/readloud/Google-Hacking-Database-GHDB
2. NTP Fingerprinting
https://isc.sans.edu/diary/Its+about+time+OS+Fingerprinting+using+NTP/29394
3. Powershell scripts for post exploitation
https://github.com/ItsCyberAli/PowerMeUp
GitHub
GitHub - readloud/Google-Hacking-Database: The GHDB is an index of search queries (we call them dorks) used to find publicly available…
The GHDB is an index of search queries (we call them dorks) used to find publicly available information, intended for pentesters and security researchers. - readloud/Google-Hacking-Database
EarSpy.pdf
3.7 MB
#Research
"EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers", 2022.
"EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers", 2022.
#tools
#Blue_Team_Techniques
1. DeTT&CT: Automate your detection coverage with dettectinator
https://blog.nviso.eu/2023/01/04/dettct-automate-your-detection-coverage-with-dettectinator
]-> Python library to DeTT&CT YAML files:
https://github.com/siriussecurity/dettectinator
2. Actively hunt for attacker infrastructure by filtering Shodan results with URLScan data
https://github.com/montysecurity/InfraHunter
#Blue_Team_Techniques
1. DeTT&CT: Automate your detection coverage with dettectinator
https://blog.nviso.eu/2023/01/04/dettct-automate-your-detection-coverage-with-dettectinator
]-> Python library to DeTT&CT YAML files:
https://github.com/siriussecurity/dettectinator
2. Actively hunt for attacker infrastructure by filtering Shodan results with URLScan data
https://github.com/montysecurity/InfraHunter
NVISO Labs
DeTT&CT: Automate your detection coverage with dettectinator
Introduction Last year, I published an article on mapping detection to the MITRE ATT&CK framework using DeTT&CT. In the article, we introduced DeTT&CT and explored its features and usag…
#Malware_analysis
1. Unpacking RedLine Stealer
https://dr4k0nia.github.io/posts/Unpacking-RedLine-Stealer
2. String Obfuscation The Malware Way
https://dr4k0nia.github.io/posts/String-Obfuscation-The-Malware-Way
1. Unpacking RedLine Stealer
https://dr4k0nia.github.io/posts/Unpacking-RedLine-Stealer
2. String Obfuscation The Malware Way
https://dr4k0nia.github.io/posts/String-Obfuscation-The-Malware-Way
dr4k0nia
Unpacking RedLine Stealer
In this post, we are going to take a look at Redline Stealer, a well-known .NET based credential stealer. I will focus on unpacking the managed payload and extracting it’s config, for a more detailed analysis of the payload you can check out this post by…