Rui_Ueyama_Introduction_to_creating_a_C_compiler_for_those_who_want.pdf
1 MB
Introduction to creating a C compiler for those who want to know the lower layer
Rui Ueyama
note: the image can't translated
Rui Ueyama
note: the image can't translated
β€βπ₯4
Forwarded from vx-underground
One thing noobie scoobies don't seem to understand is that malware is literally just software. Understandably, that seems kind of obvious, it's in the name β 'malicious software'. But it seems less obvious to some that, in order to write malware, you apply the exact same principles, techniques, and structures that legitimate software uses.
Malware is regular ol' programming with some sprinkles of weird stuff. These weird things are documented and shared. Some try to find new weird things.
When people ask what language is best for malware... it's kind of like asking 'what's the best ice cream flavor?'. It's entirely subjective. Everyone will tell you something different. You'll notice a lot of people will prefer Chocolate or Vanilla, you may encounter some who like Raspberry Banana Sprinkle Jam-Blam Blast, or Minty Schminty SpongeBob Sticks Bombs, but at the end of the day it's all still ice cream.
In it's most simple form, all malware techniques are things legitimate software may do.
Ransomware?
- Step 1. Enumerate files in a directory
- Step 2. Lock and encrypt files
Information Stealers?
- Step 1. Enumerate files in a directory
- Step 2. Upload files somewhere
RATs?
- Step 1. Make program run at start
- Step 2. Execute commands (cmd, powershell, other programs)
- Step 3. Upload files somewhere
Loaders?
- Step 1. Download file from somewhere
- Step 2. Run file
Everything the malware does is just an expansion of what is explained above.
Want to find new malware techniques? Find new ways to execute a process, find new ways to enumerate files in a directory, file new ways to upload files somewhere, find new ways to download files from somewhere, find new ways to write to files or delete files, etc.
How do you do this? Read. Read everything. Blogs, Windows documentation, StackOverflow, Wikipedia, our website. Look at every DLL you find on your computer in Ida or Ghidra, just open stuff and look around. Look at other peoples work and see if you can expand on it and find something new.
tl;dr learn to code, then learn weird stuff
Malware is regular ol' programming with some sprinkles of weird stuff. These weird things are documented and shared. Some try to find new weird things.
When people ask what language is best for malware... it's kind of like asking 'what's the best ice cream flavor?'. It's entirely subjective. Everyone will tell you something different. You'll notice a lot of people will prefer Chocolate or Vanilla, you may encounter some who like Raspberry Banana Sprinkle Jam-Blam Blast, or Minty Schminty SpongeBob Sticks Bombs, but at the end of the day it's all still ice cream.
In it's most simple form, all malware techniques are things legitimate software may do.
Ransomware?
- Step 1. Enumerate files in a directory
- Step 2. Lock and encrypt files
Information Stealers?
- Step 1. Enumerate files in a directory
- Step 2. Upload files somewhere
RATs?
- Step 1. Make program run at start
- Step 2. Execute commands (cmd, powershell, other programs)
- Step 3. Upload files somewhere
Loaders?
- Step 1. Download file from somewhere
- Step 2. Run file
Everything the malware does is just an expansion of what is explained above.
Want to find new malware techniques? Find new ways to execute a process, find new ways to enumerate files in a directory, file new ways to upload files somewhere, find new ways to download files from somewhere, find new ways to write to files or delete files, etc.
How do you do this? Read. Read everything. Blogs, Windows documentation, StackOverflow, Wikipedia, our website. Look at every DLL you find on your computer in Ida or Ghidra, just open stuff and look around. Look at other peoples work and see if you can expand on it and find something new.
tl;dr learn to code, then learn weird stuff
π5
networking_manual_by_bassterlord.pdf
5.6 MB
Networking Manual
Bassterlord
p.s: APT-ing guide
Bassterlord
p.s: APT-ing guide
2405.04109v1.pdf
5.9 MB
The Malware as a Service ecosystem
Constantinos Patsakis, David Arroyo, and Fran Casino
Constantinos Patsakis, David Arroyo, and Fran Casino
π₯2
https://attl4s.github.io/assets/pdf/Understanding_a_Payloads_Life.pdf
Daniel LΓ³pez JimΓ©nez
Daniel LΓ³pez JimΓ©nez
Linux Kernel Geeking Resources:
https://kernelnewbies.org/
https://www.linuxtopia.org/online_books/linux_kernel/kernel_configuration/
https://kernelnewbies.org/
https://www.linuxtopia.org/online_books/linux_kernel/kernel_configuration/
π1
Forwarded from vx-underground
Mildly irritating things seen by malware nerds:
- Person saying {thing} evades EDR and/or AV, but they've never performed against an enterprise environment with an active Blue Team (they don't know what they're talking about). Yes, your payload avoided basic analysis, but stop disrespecting Blue Team nerds, you're seriously under estimating them.
- Person saying {language} is superior to {other language} for malware development. This is like watching Linux nerds argue about distros
- Person saying their malware is FUD. It is only undetected because you've successfully infected 4 machines running Windows 7. Large scale campaigns are difficult to run. Stop disrespecting reverse engineers. They're dealing with serious Threat Groups.
- Person saying {thing} is undetectable (in theory) because they've implemented over 9000 different evasion techniques. No, you've filled your binary with IOCs.
- Person dissing ransomware payloads, saying it is for noobs. This is both correct and incorrect. Writing single threaded ransomware is easy. Writing fast ransomware (thread pools, queuing, I/O completion ports) that can both encrypt and decrypt successfully regardless of file type and file size can be challenging.
- Anyone who references Mr. Robot when discussing malware.
- Person saying {thing} evades EDR and/or AV, but they've never performed against an enterprise environment with an active Blue Team (they don't know what they're talking about). Yes, your payload avoided basic analysis, but stop disrespecting Blue Team nerds, you're seriously under estimating them.
- Person saying {language} is superior to {other language} for malware development. This is like watching Linux nerds argue about distros
- Person saying their malware is FUD. It is only undetected because you've successfully infected 4 machines running Windows 7. Large scale campaigns are difficult to run. Stop disrespecting reverse engineers. They're dealing with serious Threat Groups.
- Person saying {thing} is undetectable (in theory) because they've implemented over 9000 different evasion techniques. No, you've filled your binary with IOCs.
- Person dissing ransomware payloads, saying it is for noobs. This is both correct and incorrect. Writing single threaded ransomware is easy. Writing fast ransomware (thread pools, queuing, I/O completion ports) that can both encrypt and decrypt successfully regardless of file type and file size can be challenging.
- Anyone who references Mr. Robot when discussing malware.
Forwarded from vx-underground
vx-underground
Mildly irritating things seen by malware nerds: - Person saying {thing} evades EDR and/or AV, but they've never performed against an enterprise environment with an active Blue Team (they don't know what they're talking about). Yes, your payload avoided basicβ¦
People need to seriously stop dissing Blue Team nerds. If you've ever tried to deploy malware against an enterprise network with an active Blue Team with software restriction policies, path-based execution restriction, a team that has an effective and up-to-date EDR (custom detection rules) coupled with an AV, and an active SOC..... it can be extremely challenging.
These Blue Team nerds are not dummies and they take their job extremely seriously
These Blue Team nerds are not dummies and they take their job extremely seriously
Is AI make programmer Illiterate?
Anonymous Poll
25%
Yeah, make the kid lazy read doc even write one.
10%
No, it help me skip redudant task like DAO, DTO, etc.
10%
With AI or not, I am still bloody stupid in compsci-related stuff.
0%
Whos care ? I have Nvidia, Intel and Amd stock, they just roundabout dividend.
40%
I'm cat Woo-Miaow
15%
Tommorow Valentine, dont go outside.
Forwarded from (Ο (ΞΌ (Ξ»)))
We have seen that computer programming is an art, because it applies accumulated knowledge to the world, because it requires skill and ingenuity, and especially because it produces objects of beauty. Programmers who subconsciously view themselves as artists will enjoy what they do and will do it better.
Donald Knuth, from "Computer Programming as an Art" (1974) in Literate Programming (1992)
Donald Knuth, from "Computer Programming as an Art" (1974) in Literate Programming (1992)
Compsci Library π pinned Β«https://startacomputer.club/ Interesting guide to start computer club IRLΒ»