Kaspersky TDSSKiller abuse to disable EDR software
You can abuse TDSSKiller to interact with kernel-level services to disable EDR software running on the machine.
Removal of Malwarebytes Anti-Malware Service:
Removal of Microsoft Defender:
The "-dcsvc <service_name>" command deletes the specified service, removing the registry keys and executables associated with the service and software.
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/lockbit-ransomware-silently-disables-edr-using-tdsskiller
https://www.threatdown.com/blog/new-ransomhub-attack-uses-tdskiller-and-lazagne-disables-edr/
You can abuse TDSSKiller to interact with kernel-level services to disable EDR software running on the machine.
Removal of Malwarebytes Anti-Malware Service:
tdsskiller.exe -dcsvc MBAMService Removal of Microsoft Defender:
tdsskiller.exe -dcsvc windefend The "-dcsvc <service_name>" command deletes the specified service, removing the registry keys and executables associated with the service and software.
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/lockbit-ransomware-silently-disables-edr-using-tdsskiller
https://www.threatdown.com/blog/new-ransomhub-attack-uses-tdskiller-and-lazagne-disables-edr/
Leaked Wallpaper
This is a privilege escalation tool (fixed with CVE-2024-38100 in KB5040434) that allows us to leak a user's NetNTLM hash from any session on the computer, even if we are working from a low-privileged user.
https://github.com/MzHmO/LeakedWallpaper
This is a privilege escalation tool (fixed with CVE-2024-38100 in KB5040434) that allows us to leak a user's NetNTLM hash from any session on the computer, even if we are working from a low-privileged user.
https://github.com/MzHmO/LeakedWallpaper
PoC Exploit for Windows 0-Day Flaws CVE-2024-38202 and CVE-2024-21302 Released:
https://securityonline.info/poc-exploit-for-windows-0-day-flaws-cve-2024-38202-and-cve-2024-21302-released/
https://securityonline.info/poc-exploit-for-windows-0-day-flaws-cve-2024-38202-and-cve-2024-21302-released/
Estou publicando um curso de Flipper Zero no YouTube e conto com o apoio de vocês para poder trazer outros projetos futuramente. Curtam os vídeos e se inscrevam, ajudará bastante o canal.
https://www.youtube.com/playlist?list=PLDCjkmO5apxafYqY1JJEtMe186HK6ksN8
https://www.youtube.com/playlist?list=PLDCjkmO5apxafYqY1JJEtMe186HK6ksN8
YouTube
Curso de Flipper Zero
Um curso onde visa trazer usos básicos e avançados desse dispositivo magnífico.
Forwarded from Jame Time
PowerShell for Penetration Testing: Explore the capabilities of PowerShell for pentesters across multiple platforms (2024)
Forwarded from Jame Time
PowerShell for Penetration Testing.pdf
12.5 MB
Forwarded from Jame Time
Linux for Pentesting & Bug Bounties
Informações: https://hacktify.thinkific.com/courses/linux-for-pentesting-bug-bounties
Informações: https://hacktify.thinkific.com/courses/linux-for-pentesting-bug-bounties
Forwarded from Jame Time
Linux for Pentesting & Bug Bounties.zip
1.1 GB
#MalwareAnalysis
Agent Tesla is a popular info stealer coded in C# that consistently makes lists as one of the most prevalent malware strains.
https://ryan-weil.github.io/posts/AGENT-TESLA-1/
https://ryan-weil.github.io/posts/AGENT-TESLA-2/
https://research.checkpoint.com/2024/agent-tesla-targeting-united-states-and-australia/
Agent Tesla is a popular info stealer coded in C# that consistently makes lists as one of the most prevalent malware strains.
https://ryan-weil.github.io/posts/AGENT-TESLA-1/
https://ryan-weil.github.io/posts/AGENT-TESLA-2/
https://research.checkpoint.com/2024/agent-tesla-targeting-united-states-and-australia/
Instalação do Firmware pelo celular:
https://www.youtube.com/watch?v=DPuXcQop3Ts
#flipperzero #hardwarehacking
https://www.youtube.com/watch?v=DPuXcQop3Ts
#flipperzero #hardwarehacking
YouTube
Curso de Flipper Zero - Instalação do Firmware pelo celular
📌 Links Úteis:
NOSSO GRUPO NO TELEGRAM:
👉 https://t.me/hacking_bra
APOIE O CANAL:
👉Doe qualquer quantia e ajude a trazermos mais conteúdos.
Chave PIX: ryoonivo@protonmail.com
🅾️ REDES SOCIAIS:
👉 https://instagram.com/hackingbrasil
👉 https://t.me/hxcking…
NOSSO GRUPO NO TELEGRAM:
👉 https://t.me/hacking_bra
APOIE O CANAL:
👉Doe qualquer quantia e ajude a trazermos mais conteúdos.
Chave PIX: ryoonivo@protonmail.com
🅾️ REDES SOCIAIS:
👉 https://instagram.com/hackingbrasil
👉 https://t.me/hxcking…
photo_2024-07-31_08-39-43.jpg
145.9 KB
🚀 List of Bug Bounty Commands
Netgotchi - O dispositivo para detectar intrusos na sua rede
Video novo pessoal, quem puder estar deixando o like e se inscrevendo vai ajudar bastante.
https://youtu.be/eD2SduiXqIc
Video novo pessoal, quem puder estar deixando o like e se inscrevendo vai ajudar bastante.
https://youtu.be/eD2SduiXqIc
YouTube
Netgotchi - O dispositivo para detectar intrusos na sua rede
📌 Links Úteis:
NOSSO GRUPO NO TELEGRAM:
👉 https://t.me/hacking_bra
👉 Link do código do projeto:
https://github.com/MXZZ/Netgotchi
APOIE O CANAL:
👉Doe qualquer quantia e ajude a trazermos mais conteúdos.
Chave PIX: ryoonivo@protonmail.com
🅾️ REDES SOCIAIS:…
NOSSO GRUPO NO TELEGRAM:
👉 https://t.me/hacking_bra
👉 Link do código do projeto:
https://github.com/MXZZ/Netgotchi
APOIE O CANAL:
👉Doe qualquer quantia e ajude a trazermos mais conteúdos.
Chave PIX: ryoonivo@protonmail.com
🅾️ REDES SOCIAIS:…
🔥1
Exploit for Windows Kernel-Mode Driver Elevation of Privilege Flaw (CVE-2024-35250)
The vulnerability lies within the handling of property requests in the ks.sys driver. Specifically, when the KSPROPERTY_TYPE_UNSERIALIZESET flag is provided, a series of operations can be initiated that ultimately lead to arbitrary IOCTL calls. During this process, the user-supplied buffer is copied into a newly allocated space and executed without proper validation.
The vulnerability lies within the handling of property requests in the ks.sys driver. Specifically, when the KSPROPERTY_TYPE_UNSERIALIZESET flag is provided, a series of operations can be initiated that ultimately lead to arbitrary IOCTL calls. During this process, the user-supplied buffer is copied into a newly allocated space and executed without proper validation.
Cracking Windows Kernel with HEVD
🔗 Link - Part 0
🔗 Link - Part 1
🔗 Link - Part 2
🔗 Link - Part 3
🔗 Link - Part 4
🔗 Link - Part 0
🔗 Link - Part 1
🔗 Link - Part 2
🔗 Link - Part 3
🔗 Link - Part 4
Linux Malware Development:
Создание reverse shell на основе TLS/SSL на Python
*
writeUP
*
source: reverse_ssl.py
Создание reverse shell на основе TLS/SSL на Python
*
writeUP
*
source: reverse_ssl.py