HID Attack using 1.5$ Arduino Rubber Ducky-ish
๐ฃjithins1610
A lot of people donโt trust these cause the price but theyโre a charm and so. Much. God. Damn. Fun.
๐คmaximus1218
Pro tip though, get several Digisparks. Thereโs probably a 20% chance they wonโt work
๐คmcbergstedt
The dollar sign goes first
๐คLegitimateCrepe
๐@malwr
๐ฃjithins1610
A lot of people donโt trust these cause the price but theyโre a charm and so. Much. God. Damn. Fun.
๐คmaximus1218
Pro tip though, get several Digisparks. Thereโs probably a 20% chance they wonโt work
๐คmcbergstedt
The dollar sign goes first
๐คLegitimateCrepe
๐@malwr
YouTube
Digispark Rubber Ducky | Arduino Rubber Ducky | HID Attack-Digispark USB Keyboard
Arduino Rubber Ducky using Digispark | Digispark HID Keyboard | HID Attack on a PC - In this video, I will show you how to hack a computer using Arduino HID ...
10 Years of Linux Security - A Report Card
๐ฃcitypw
Keep in mind that grsecurity's business model relies on painting Linux, and in particular Linux security, in a negative light.
I'm not saying that makes any of this information invalid by itself, but it's worth considering the source.
๐คawkisopen
I see words in that PDF but barely understand anything it's saying. Context is key.
This was clearly written by an engineer who had no idea whether or not the audience would understand the presentation.
๐คToasterToasts
Well, that could have benefited from some explanation of acronyms.
Most of the recommendations seemed to be process or attitude things. How about recommending some simplification, throwing away old code even if it still mostly works ? I'm mostly talking about user-space code. Could we get rid of the init structure and commit to systemd ? Get rid of some old encryption and hashing and VPN modules, force people onto the new stuff ? Have DNS specified in 1 place instead of 5 ?
๐คbilldietrich1
๐@malwr
๐ฃcitypw
Keep in mind that grsecurity's business model relies on painting Linux, and in particular Linux security, in a negative light.
I'm not saying that makes any of this information invalid by itself, but it's worth considering the source.
๐คawkisopen
I see words in that PDF but barely understand anything it's saying. Context is key.
This was clearly written by an engineer who had no idea whether or not the audience would understand the presentation.
๐คToasterToasts
Well, that could have benefited from some explanation of acronyms.
Most of the recommendations seemed to be process or attitude things. How about recommending some simplification, throwing away old code even if it still mostly works ? I'm mostly talking about user-space code. Could we get rid of the init structure and commit to systemd ? Get rid of some old encryption and hashing and VPN modules, force people onto the new stuff ? Have DNS specified in 1 place instead of 5 ?
๐คbilldietrich1
๐@malwr
ARMRef (ARMv8.5 assembly reference app)
๐ฃ_evilpenguin
Sadly no Android support
๐คKrieghofGames
๐@malwr
๐ฃ_evilpenguin
Sadly no Android support
๐คKrieghofGames
๐@malwr
GitHub
GitHub - evilpenguin/ARMRef: ARM Assembly Reference Manual for iOS, iPadOS, and macOS.
ARM Assembly Reference Manual for iOS, iPadOS, and macOS. - GitHub - evilpenguin/ARMRef: ARM Assembly Reference Manual for iOS, iPadOS, and macOS.
The analyzer automates the process of exploring EFI files. After the analysis, well-known protocols, interrupts, etc. are found.
https://github.com/DSecurity/efiSeek
๐@malwr
https://github.com/DSecurity/efiSeek
๐@malwr
GitHub
GitHub - DSecurity/efiSeek: Ghidra analyzer for UEFI firmware.
Ghidra analyzer for UEFI firmware. Contribute to DSecurity/efiSeek development by creating an account on GitHub.
A buggy behavior located into CreateFile allows to hide malware from users and AV scanners. Microsoft will not fix it:
https://github.com/dalvarezperez/CreateFile_based_rootkit
#CreateFile #malware #rootkit #antivirus
โน๏ธ Sent from one of our members
๐@malwr
https://github.com/dalvarezperez/CreateFile_based_rootkit
#CreateFile #malware #rootkit #antivirus
โน๏ธ Sent from one of our members
๐@malwr
GitHub
GitHub - dalvarezperez/CreateFile_based_rootkit
Contribute to dalvarezperez/CreateFile_based_rootkit development by creating an account on GitHub.
Windows Process Injection: EM_GETHANDLE, WM_PASTE and EM_SETWORDBREAKPROC
๐ฃdigicat
Can i have the name or twitter handle of the owner of this blog they do an amazing job
๐คhilo25
https://twitter.com/modexpblog
๐คdigicat
๐@malwr
๐ฃdigicat
Can i have the name or twitter handle of the owner of this blog they do an amazing job
๐คhilo25
https://twitter.com/modexpblog
๐คdigicat
๐@malwr
modexp
Windows Process Injection: EM_GETHANDLE, WM_PASTE and EM_SETWORDBREAKPROC
Introduction Edit Controls Writing CP-1252 Compatible Code Initialization Set RAX to 0 Set RAX to 1 Set RAX to -1 Load and Store Data Two Byte Instructions Prefix Codes Generating Shellcode Injectiโฆ
Another method of bypassing ETW and Process Injection via ETW registration entries.
๐ฃbm11100
๐@malwr
๐ฃbm11100
๐@malwr
modexp
Another method of bypassing ETW and Process Injection via ETW registration entries.
Contents Introduction Registering Providers Locating the Registration Table Parsing the Registration Table Code Redirection Disable Tracing Further Research 1. Introduction This post briefly descriโฆ
Fuzzing sockets in Teeworlds game
๐ฃlogicaltrust-net
Never thought I'd see teeworlds here lol
๐คMegaManSec2
๐@malwr
๐ฃlogicaltrust-net
Never thought I'd see teeworlds here lol
๐คMegaManSec2
๐@malwr
Security Audits, Penetration Tests - LogicalTrust
LogicalTrust - [EN] A-Z: Introducing SocketInjectingFuzzer and its first target - Teeworlds
The idea behind Socket Injecting Fuzzer is simple - fuzz applications working in the client-server architecture by mutating real data packets that are exchanged by them in real usage scenarios. Implementation is also simple because it is based on hookingโฆ
[PDF ThaiCERT publishes "Threat Group Cards: A Threat Actor Encyclopedia" version 2.0 - Added 115 threat groups and many other updates - portal coming soon](https://www.dropbox.com/s/ds0ra0c8odwsv3m/Threat%20Group%20Cards.pdf?dl=0)
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
Dropbox
Threat Group Cards.pdf
Shared with Dropbox
An offensive guide to the Authorization Code grant - Comprehensive and digestible enumeration of security concerns in the OAuth 2.0 Authorization Code flow
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
NCC Group Research Blog
An offensive guide to the Authorization Code grant
OAuth is the widely used standard for access delegation, enabling many of the โSign in with Xโ buttons and โConnect your Calendarโ features of modern Internet software. OAutโฆ
Microsoft launches free Memory Forensics and Rootkit Detection service for Linux systems
๐ฃdreamygeek
Perhaps read the official blog post before you all get your pitch forks out over the free service thats intended to make hard to find, in memory malware incredibly expensive to keep using for attackers without risk of exposure.
"Project Freta was designed and built with survivor bias at its core."
God forbid microsoft and their academic researchers do a good thing here and get any credit.
Yeesh ๐
https://www.microsoft.com/en-us/research/blog/toward-trusted-sensing-for-the-cloud-introducing-project-freta/
๐คjdwashere
Soooo... Volatility in the cloud?
๐คYXZs
mmm... a rootkit that detects rootkits
๐คskyl4nk
๐@malwr
๐ฃdreamygeek
Perhaps read the official blog post before you all get your pitch forks out over the free service thats intended to make hard to find, in memory malware incredibly expensive to keep using for attackers without risk of exposure.
"Project Freta was designed and built with survivor bias at its core."
God forbid microsoft and their academic researchers do a good thing here and get any credit.
Yeesh ๐
https://www.microsoft.com/en-us/research/blog/toward-trusted-sensing-for-the-cloud-introducing-project-freta/
๐คjdwashere
Soooo... Volatility in the cloud?
๐คYXZs
mmm... a rootkit that detects rootkits
๐คskyl4nk
๐@malwr
HelpMeGeek
Microsoft has launched a Free Memory Forensics and Rootkit Detection Service for Linux - HelpMeGeek
Microsoft has just launched a Free online service Project Freta aimed to discover forensic evidence on Linux systems. With this service you will be able to dig up hard-to-find rootkits and malware. The project is named after the Birthplace of Marie Curieโฆ