Forwarded from Deadly malware xp
#Red_Team_Tactics
1. Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime
https://github.com/D1rkMtr/UnhookingPatch
2. A new AMSI Bypass technique using .NET ALI Call Hooking
https://github.com/pracsec/AmsiBypassHookManagedAPI
3. Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID
https://github.com/D1rkMtr/FilelessNtdllReflection
1. Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime
https://github.com/D1rkMtr/UnhookingPatch
2. A new AMSI Bypass technique using .NET ALI Call Hooking
https://github.com/pracsec/AmsiBypassHookManagedAPI
3. Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID
https://github.com/D1rkMtr/FilelessNtdllReflection
❤1
Forwarded from Deadly malware xp
#tools
#Offensive_security
Ronin - Open Source Ruby toolkit for security research and development
https://github.com/ronin-rb/ronin
#Offensive_security
Ronin - Open Source Ruby toolkit for security research and development
https://github.com/ronin-rb/ronin
GitHub
GitHub - ronin-rb/ronin: Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows…
Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd-party git ...
👍1
Forwarded from Deadly malware xp
#Blue_Team_Techniques
1. Recognizing the APT groups most likely responsible for a cybersecurity incident from the MITRE ATT&CK techniques in the incident report of the incident
https://gitlab.com/bontchev/whodunit
2. Open source tool to aid in SOC investigations
https://github.com/zdhenard42/SOC-Multitool
1. Recognizing the APT groups most likely responsible for a cybersecurity incident from the MITRE ATT&CK techniques in the incident report of the incident
https://gitlab.com/bontchev/whodunit
2. Open source tool to aid in SOC investigations
https://github.com/zdhenard42/SOC-Multitool
GitLab
Vesselin Bontchev / whodunit · GitLab
Recognizing the most likely APT groups responsible for an incident
Forwarded from Deadly malware xp
IPv6_security.pdf
14.3 MB
#Whitepaper
"IPv6 Security Guide", 2022.
"IPv6 Security Guide", 2022.
👍1
Forwarded from Deadly malware xp
#Malware_analysis
Unraveling the techniques of Mac ransomware
https://www.microsoft.com/en-us/security/blog/2023/01/05/unraveling-the-techniques-of-mac-ransomware
Unraveling the techniques of Mac ransomware
https://www.microsoft.com/en-us/security/blog/2023/01/05/unraveling-the-techniques-of-mac-ransomware
👍1
Forwarded from Deadly malware xp
#exploit
PandoraFMS NG765 - Pre-Auth RCE
https://3sjay.github.io/2023/01/06/pandoraFMS-Pre-Auth-RCE.html
PandoraFMS NG765 - Pre-Auth RCE
https://3sjay.github.io/2023/01/06/pandoraFMS-Pre-Auth-RCE.html
Esjay’s Blog
PandoraFMS - Pre-Auth Remote Code Execution
Assessed Version: PandoraFMS NG 765
Forwarded from Deadly malware xp
#Red_Team_Tactics
How To Attack Admin Panels Successfully
Part 1: https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c
Part 2: https://medium.com/geekculture/how-to-attack-admin-panels-successfully-part-2-9316c3caad3a
How To Attack Admin Panels Successfully
Part 1: https://infosecwriteups.com/how-to-attack-admin-panels-successfully-72c90eeb818c
Part 2: https://medium.com/geekculture/how-to-attack-admin-panels-successfully-part-2-9316c3caad3a
Medium
How To Attack Admin Panels Successfully
Attacking Web Apps Admin Panels The Right Way
Forwarded from Deadly malware xp
#Malware_analysis
1. Unpack Brute Ratel (BRC4) stager and extract config
https://github.com/matthw/malware_analysis/tree/main/brc4
2. Reversing AutoIT Scripts
https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408
3. A Deep Dive Into poweRAT: Stealer/RAT Combo Polluting PyPI
https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi
1. Unpack Brute Ratel (BRC4) stager and extract config
https://github.com/matthw/malware_analysis/tree/main/brc4
2. Reversing AutoIT Scripts
https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408
3. A Deep Dive Into poweRAT: Stealer/RAT Combo Polluting PyPI
https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi
GitHub
malware_analysis/brc4 at main · matthw/malware_analysis
Contribute to matthw/malware_analysis development by creating an account on GitHub.
Forwarded from Deadly malware xp
GitLab
Vesselin Bontchev / bpfdscan · GitLab
A BPFDoor scanner
Forwarded from Deadly malware xp
#Threat_Research
1. Exploit Party: Bring Your Own Vulnerable Driver Attacks
https://fourcore.io/blogs/bring-your-own-vulnerable-driver-attack
2. Analyzing CVE-2022-46630 (DLL Hijacking in Squirrel.Windows)
https://archcloudlabs.com/projects/cve-2022-46330
1. Exploit Party: Bring Your Own Vulnerable Driver Attacks
https://fourcore.io/blogs/bring-your-own-vulnerable-driver-attack
2. Analyzing CVE-2022-46630 (DLL Hijacking in Squirrel.Windows)
https://archcloudlabs.com/projects/cve-2022-46330
FourCore
Exploit Party: Bring Your Own Vulnerable Driver Attacks
BYOVD or Bring Your Own Vulnerable Driver is an attack where a threat actor brings a legitimately signed and vulnerable driver to perform malicious actions on the system. In a BYOVD attack, the attacker can use the vulnerabilities in the driver to execute…
Forwarded from Deadly malware xp
Supply_Chains_Taxonomy.pdf
896.7 KB
#Research
"Taxonomy of Attacks on Open-Source Software Supply Chains", 2022.
]-> https://riskexplorer.endorlabs.com/#/attack-tree
"Taxonomy of Attacks on Open-Source Software Supply Chains", 2022.
]-> https://riskexplorer.endorlabs.com/#/attack-tree
Forwarded from Deadly malware xp
GLeeFuzz.pdf
6 MB
#Fuzzing
"GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation", 2022.
]-> Repo: https://github.com/HexHive/GLeeFuzz
"GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation", 2022.
]-> Repo: https://github.com/HexHive/GLeeFuzz
Forwarded from Deadly malware xp
#exploit
SSRF attack on MySQL Server with password using php-curl
https://github.com/wupco/rwctf2023-ASTLIBRA
SSRF attack on MySQL Server with password using php-curl
https://github.com/wupco/rwctf2023-ASTLIBRA
GitHub
GitHub - wupco/rwctf2023-ASTLIBRA
Contribute to wupco/rwctf2023-ASTLIBRA development by creating an account on GitHub.
Forwarded from Deadly malware xp
PhiAttack.pdf
179 KB
#Red_Team_Tactics
"PhiAttack: Rewriting the Java Card Class Hierarchy", 2021.
"PhiAttack: Rewriting the Java Card Class Hierarchy", 2021.
Forwarded from Deadly malware xp
Java_Card_Security.pdf
1.3 MB
#Threat_Research
"Good, Bad and Ugly Design of Java Card Security" (Master’s Thesis).
// This thesis is focused on the study of logical attacks on the Java Card platform which try to exploit bugs in the implementation of the Java Card specification or try to break the security of the virtual machine by installing malformed applets. Although logical attacks are not as universal and powerful as physical attacks, it does not require expensive equipment and scales quite well...
"Good, Bad and Ugly Design of Java Card Security" (Master’s Thesis).
// This thesis is focused on the study of logical attacks on the Java Card platform which try to exploit bugs in the implementation of the Java Card specification or try to break the security of the virtual machine by installing malformed applets. Although logical attacks are not as universal and powerful as physical attacks, it does not require expensive equipment and scales quite well...
Forwarded from Deadly malware xp
Text_to_SQL_Models.pdf
7.4 MB
Forwarded from Deadly malware xp
#tools
#Blue_Team_Techniques
1. Python script that will help in finding Path Traversal/RCE vulnerability in Apache 2.4.50 (CVE-2021-42013)
https://github.com/walnutsecurity/cve-2021-42013
2. Tool to check for dependency confusion vulnerabilities in multiple package management systems
https://github.com/visma-prodsec/confused
#Blue_Team_Techniques
1. Python script that will help in finding Path Traversal/RCE vulnerability in Apache 2.4.50 (CVE-2021-42013)
https://github.com/walnutsecurity/cve-2021-42013
2. Tool to check for dependency confusion vulnerabilities in multiple package management systems
https://github.com/visma-prodsec/confused
GitHub
GitHub - walnutsecurity/cve-2021-42013: cve-2021-42013.py is a python script that will help in finding Path Traversal or Remote…
cve-2021-42013.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2.4.50 - walnutsecurity/cve-2021-42013
Forwarded from Deadly malware xp
Python_for_Cybersecurity.pdf
8.9 MB
#Tech_book
"Python for Cybersecurity: Using Python for Cyber Offense and Defense", 2022.
"Python for Cybersecurity: Using Python for Cyber Offense and Defense", 2022.
Geolocation Spy (GeoSpy) - is an OSINT analysis and research tool that is used to track and execute intelligent social engineering attacks in real time.
▫️https://github.com/askmetoo/geospy
▫️https://github.com/askmetoo/geospy