Malware News
15.1K subscribers
1.63K photos
7 videos
130 files
7.97K links
The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ...

Partner channel: @cveNotify

For ads: https://telega.io/c/malwr
Download Telegram
Booting to 'Hello Rust' on x86_64
๐Ÿ—ฃmicouy

Author here. It's my first post and I'd really appreciate your feedback. If you have any questions, you can comment here, DM me or send me an email. Thanks for reading :)
๐Ÿ‘คmicouy


๐ŸŽ–@malwr
Process Injection DInvoke
๐Ÿ—ฃdmchell


๐ŸŽ–@malwr
Bypassing Symantec Endpoint Protection for Fun & Profit!
๐Ÿ—ฃinput0

This is fun, but missing some details.

1. Version of Symantec Endpoint Protection tested is not listed. SEP14.3 came out a couple weeks ago and adds new capabilities including AMSI (finally).
1. Test was conducted on Windows 2012R2. Yes, Windows 2012R2 is still widespread in production and under support, however Windows 10/2016 have enhancements that make dumping credentials much more difficult (LSAS virtualization in Virtualization Bases Security).

Without this information, this blog really is "I walked through an intentionally vulnerable pen testing lab scenario", vs. "here is a demonstration that you should do something and actionable guidance on what you should do". (IE, you should upgrade your fleet to 2016/10, etc).
๐Ÿ‘คR-EDDIT


๐ŸŽ–@malwr