serpentine - Windows RAT (Remote Administration Tool) with a multiplatform RESTful C2 server
🗣jafarlihi
It's great that the client is in C++, but the Java server is a deal breaker.
👤PhisherPrice
I always knew RAT as “Remote Access Trojan”
👤Wiamly
🎖@malwr
🗣jafarlihi
It's great that the client is in C++, but the Java server is a deal breaker.
👤PhisherPrice
I always knew RAT as “Remote Access Trojan”
👤Wiamly
🎖@malwr
Mobile phone data extraction by police forces in England and Wales: Investigation report - Information Commissioner's Office | This will be required reading for anyone applying for DF jobs in UK LEAs in the next few months. Almost guaranteed to be mentioned in interviews.
🗣LordUlthar
Thanks for sharing! It's very informative.
👤happyredditgifts
🎖@malwr
🗣LordUlthar
Thanks for sharing! It's very informative.
👤happyredditgifts
🎖@malwr
Masking Malicious Memory Artifacts Part II: Insights from Moneta
🗣digicat
Part 1⃣: https://www.forrest-orr.net/post/malicious-memory-artifacts-part-i-dll-hollowing
🎖@malwr
🗣digicat
Part 1⃣: https://www.forrest-orr.net/post/malicious-memory-artifacts-part-i-dll-hollowing
🎖@malwr
ForrestOrr
Masking Malicious Memory Artifacts – Part II: Blending in with False Positives
IntroductionWith fileless malware becoming a ubiquitous feature of most modern Red Teams, knowledge in the domain of memory stealth and detection is becoming an increasingly valuable skill to add to both an attacker and defender’s arsenal. I’ve written this…
Booting to 'Hello Rust' on x86_64
🗣micouy
Author here. It's my first post and I'd really appreciate your feedback. If you have any questions, you can comment here, DM me or send me an email. Thanks for reading :)
👤micouy
🎖@malwr
🗣micouy
Author here. It's my first post and I'd really appreciate your feedback. If you have any questions, you can comment here, DM me or send me an email. Thanks for reading :)
👤micouy
🎖@malwr
Labtainers - Navy Postgraduate School - Center for Cybersecurity and Cyber Operations | Free Cybersecurity exercises & manuals covering a wide variety of topics. The Networking & Network Traffic Analysis portions should be of particular interest to forensicators.
🗣LordUlthar
🎖@malwr
🗣LordUlthar
🎖@malwr
nps.edu
Labtainers - Center for Cybersecurity and Cyber Operations - Naval Postgraduate School
Cybersecurity labs for Linux
GLORYHook - The first Linux hooking framework to allow merging two binary files into one
🗣partyfaker
🎖@malwr
🗣partyfaker
🎖@malwr
GitHub
GitHub - tsarpaul/GLORYHook: The first Linux hooking framework to allow merging two binary files into one!
The first Linux hooking framework to allow merging two binary files into one! - tsarpaul/GLORYHook
Git'ing Users for OSINT: Analysis of All GitHub Users - SANS@MIC Talk | A great case study of leveraging APIs for OSINT
🗣LordUlthar
🎖@malwr
🗣LordUlthar
🎖@malwr
YouTube
Git'ing Users for OSINT: Analysis of All GitHub Users | SANS@MIC Talk
Within the world of OSINT, many people solely focus on what data they can retrieve from a web browser. Others, like me, know the power and potential of using Application Programming Interfaces (APIs) to harvest huge amounts of data from platforms and incredible…
DARPA - Operationally Transparent Cyber (OpTC) Data Release - multi-day dataset that includes endpoint activity (including benign activity generation) from ~500 endpoints as well as Zeekurity data from the enterprise egress point.
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
GitHub
GitHub - FiveDirections/OpTC-data
Contribute to FiveDirections/OpTC-data development by creating an account on GitHub.
KAPE - A Beginner's Guide
🗣deltawing
Best viewed not on mobile due to size of visual aids.
👤deltawing
🎖@malwr
🗣deltawing
Best viewed not on mobile due to size of visual aids.
👤deltawing
🎖@malwr
AboutDFIR - The Definitive Compendium Project
KAPE - AboutDFIR - The Definitive Compendium Project
A detailed guide on how to use KAPE geared towards first-timers and visual learners.
Rom Hacking tool for Gameboy Advance game + detailed manual about how it was developed + talks
🗣bmacabeus
Awesome stuff, man.
👤Streiw
🎖@malwr
🗣bmacabeus
Awesome stuff, man.
👤Streiw
🎖@malwr
GitHub
GitHub - macabeus/klo-gba.js: 🧢 Reverse engineering tool for the Klonoa's GBA game
🧢 Reverse engineering tool for the Klonoa's GBA game - macabeus/klo-gba.js
Bypassing Symantec Endpoint Protection for Fun & Profit!
🗣input0
This is fun, but missing some details.
1. Version of Symantec Endpoint Protection tested is not listed. SEP14.3 came out a couple weeks ago and adds new capabilities including AMSI (finally).
1. Test was conducted on Windows 2012R2. Yes, Windows 2012R2 is still widespread in production and under support, however Windows 10/2016 have enhancements that make dumping credentials much more difficult (LSAS virtualization in Virtualization Bases Security).
Without this information, this blog really is "I walked through an intentionally vulnerable pen testing lab scenario", vs. "here is a demonstration that you should do something and actionable guidance on what you should do". (IE, you should upgrade your fleet to 2016/10, etc).
👤R-EDDIT
🎖@malwr
🗣input0
This is fun, but missing some details.
1. Version of Symantec Endpoint Protection tested is not listed. SEP14.3 came out a couple weeks ago and adds new capabilities including AMSI (finally).
1. Test was conducted on Windows 2012R2. Yes, Windows 2012R2 is still widespread in production and under support, however Windows 10/2016 have enhancements that make dumping credentials much more difficult (LSAS virtualization in Virtualization Bases Security).
Without this information, this blog really is "I walked through an intentionally vulnerable pen testing lab scenario", vs. "here is a demonstration that you should do something and actionable guidance on what you should do". (IE, you should upgrade your fleet to 2016/10, etc).
👤R-EDDIT
🎖@malwr