11 files

A41APT is a long-running campaign with activities detected from March 2019 to the end of December 2020. Most of the discovered malware families are fileless malware and they have not been seen before.

This tool can help you to see the real IP behind CloudFlare protected websites. - zidansec/CrimeFlare

Learn how attackers use the Windows Background Intelligent Transfer Service (BITS) as a method for maintaining the persistence of malicious applications.

CobaltStrike became part of the Cybercrime’s “toolset” almost in every Company breach. This growth is explained by the fact that CobaltStrike was leaked multiple times and became more accessible for malicious groups. Below is a statistics made by RecordedFuture…

I'm gonna give you malicious emails everyday .. so please check these emails in your organization or at your personal emails.


if You wanna support me in patron , thank you

https://www.patreon.com/MahmoudElMenshawy?fbclid=IwAR2lZM5Ecj4gn780pWhpdPIEtK…

You will find a written report here
my blogger
https://menshaway.blogspot.com/2021/04/agenttesla-malware.html

IF You wanna support me in patron , thank you

https://www.patreon.com/MahmoudElMenshawy?fbclid=IwAR2lZM5Ecj4gn780pWhpdPIEtKmt1EUTqgrVCvl38Y…

A cheat sheet about Microsoft Windows Privileges.

Proof of concept for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely. - 0vercl0k/CVE-2021-24086

In this blog post we analyze a denial of service vulnerability affecting the IPv6 stack of Windows. This issue, whose root cause can be found in the mishandling of IPv6 fragments, was patched by Microsoft in their February 2021 security bulletin.

Fileless persistence: The rootkit resides in the system memory and does not write any files to the disk. This is achieved in multiple stages.

In this article we review methods to extract credentials from lsass process memory despite LSA protection and RunAsPPL registry settings.

A repository for learning various heap exploitation techniques. - shellphish/how2heap

A list of useful payloads and bypass for Web Application Security and Pentest/CTF - swisskyrepo/PayloadsAllTheThings

In this series we’ll document a novel and as-yet-undocumented Virtual Machine detection trick for each month of 2021. These detection tricks will be focused on 64-bit Windows 10 or Windows Server 2019 guests, targeting a variety of VM platforms.

Divide full port scan results and use it for targeted Nmap runs - snovvcrash/DivideAndScan

Interactive debuggers are tools that allow you to selectively observe the program state during an execution. In this chapter, you will learn how such debuggers work – by building your own debugger.Prerequisites You should have read the Chapter on Tracing…

The general method of browser render process exploit is: after exploiting the vulnerability to obtain user mode arbitrary memory read/write primitive, the vtable of DOM/js object is tampered to hijack the code execution flow. Then VirtualProtect is called…

Expect memes, food for thoughts, tech guidelines and trash talk daily.