How does AV know when a process is malicious if it doesnt have a known hash?
π£Diesl
All AVs have a database of known malicious code and extensions. If the hash is unrecognized it may get quarantined.
π€latnGemin616
π@malwr
π£Diesl
All AVs have a database of known malicious code and extensions. If the hash is unrecognized it may get quarantined.
π€latnGemin616
π@malwr
Culbert Report
How AV Hooks NTDLL
How Does AV Know? Have you ever wondered how AV knows what that the application youβre trying to run is malicious when it doesnβt have a known signature? NTDLL is the answer.
π1
Image displays its own MD5 hash
π£ASIC_SP
Absolute noob question incoming... What are some practical uses for this?
π€WhatArghThose
There's a mathematical function (maybe in parametric form) whose graph is the "picture of the algebraic equation" of the function itself. I can't find it right now. [not exactly correct, see below\]
EDIT:
Tupper's self-referential formula:
https://en.wikipedia.org/wiki/Tupper%27s_self-referential_formula
π€Acrobatic-Cause-4925
See also: This PDF is an NES ROM that prints its own MD5 hash!
π€cbarrick
π@malwr
π£ASIC_SP
Absolute noob question incoming... What are some practical uses for this?
π€WhatArghThose
There's a mathematical function (maybe in parametric form) whose graph is the "picture of the algebraic equation" of the function itself. I can't find it right now. [not exactly correct, see below\]
EDIT:
Tupper's self-referential formula:
https://en.wikipedia.org/wiki/Tupper%27s_self-referential_formula
π€Acrobatic-Cause-4925
See also: This PDF is an NES ROM that prints its own MD5 hash!
π€cbarrick
π@malwr
π1
Downrange: A Survey of Chinaβs Cyber Ranges - Center for Security and Emerging Technology
π£digicat
π@malwr
π£digicat
π@malwr
Center for Security and Emerging Technology
Downrange: A Survey of Chinaβs Cyber Ranges | Center for Security and Emerging Technology
China is rapidly building cyber ranges that allow cybersecurity teams to test new tools, practice attack and defense, and evaluate the cybersecurity of a particular product or service. The presence of these facilities suggests a concerted effort on the partβ¦
git-vuln-finder v1.3 released - a python tool to find potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could contain a fix regarding a software vulnerability.
π£digicat
π@malwr
π£digicat
π@malwr
GitHub
Release git-vuln-finder v1.3 released - bug fixes release Β· cve-search/git-vuln-finder
git-vuln-finder v1.3 released - bug fixes released.
git-vuln-finder is a python tool to find potential software vulnerabilities from git commit messages. The output format is a JSON with the associ...
git-vuln-finder is a python tool to find potential software vulnerabilities from git commit messages. The output format is a JSON with the associ...
Cronos: PoC for a new sleep obfuscation technique leveraging waitable timers to evade memory scanners - leveraging waitable timers to RC4 encrypt the current process and change the permissions from RW to RX
π£digicat
π@malwr
π£digicat
π@malwr
GitHub
GitHub - Idov31/Cronos: PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners. - Idov31/Cronos
π1
List of Free Cybersecurity Services and Tools curated by CISA
https://www.cisa.gov/free-cybersecurity-services-and-tools
π£apes_2gether_strong
π@malwr
https://www.cisa.gov/free-cybersecurity-services-and-tools
π£apes_2gether_strong
π@malwr
Cybersecurity and Infrastructure Security Agency CISA
No-Cost Cybersecurity Services & Tools | CISA
BumbleBee: Round Two - In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector to deploy Cobalt Strike and Meterpreter.
π£digicat
π@malwr
π£digicat
π@malwr
The DFIR Report
BumbleBee: Round Two
In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector. BumbleBee has been identified as an initial access vector utilized by several ransomware affiliates. β¦
Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV [PDF+EXPLOIT](https://github.com/Wh04m1001/ZoneAlarmEoP)
π£soupcreamychicken
π@malwr
π£soupcreamychicken
π@malwr
GitHub
GitHub - Wh04m1001/ZoneAlarmEoP: Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV
Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV - GitHub - Wh04m1001/ZoneAlarmEoP: Exploit for Arbitrary File Move vulnerability in ZoneAlarm AV
Microsoft Shift F10 bypass + Autopilot privilege escalation
π£k4m1ll0
Am i missing something, or could you just as easily pop out the harddisk and put it in another machine to remove the DisableCMDRequest.TAG file/do whatever you want?
π€Bl00dsoul
There are ways to disable it: https://call4cloud.nl/2022/01/the-oobe-massacre-the-beginning-of-shift-f10/
Another attack vector would be audit mode at beginning of setup. After creating admin accounts or whatever sysprep back to OOBE to continue with autopilot
π€HankMardukasNY
This vuln is fairly well-known in the Intune community, but mostly theoretical - great to see a writeup and full attack chain. Do you have any recommendations for mitigating it? I've focused on using preprovisioning to lock down the system and defaultuser0, but being able to alt-tab and modify system state at all seems like a huge attack surface
π€Pl4nty
π@malwr
π£k4m1ll0
Am i missing something, or could you just as easily pop out the harddisk and put it in another machine to remove the DisableCMDRequest.TAG file/do whatever you want?
π€Bl00dsoul
There are ways to disable it: https://call4cloud.nl/2022/01/the-oobe-massacre-the-beginning-of-shift-f10/
Another attack vector would be audit mode at beginning of setup. After creating admin accounts or whatever sysprep back to OOBE to continue with autopilot
π€HankMardukasNY
This vuln is fairly well-known in the Intune community, but mostly theoretical - great to see a writeup and full attack chain. Do you have any recommendations for mitigating it? I've focused on using preprovisioning to lock down the system and defaultuser0, but being able to alt-tab and modify system state at all seems like a huge attack surface
π€Pl4nty
π@malwr
K4M1Ll0
Shift F10 bypass and Autopilot privilege escalation - Microsoft
Shift + F10 bypass and privilege escalation
π1
Process Memory Basics for Reverse Engineers - Tracking Memory With A Debugger (OALABS Tutorial)
π£herrcore
π@malwr
π£herrcore
π@malwr
YouTube
Process Memory Basics for Reverse Engineers - Tracking Memory With A Debugger [ Patreon Unlocked ]
Full Patreon tutorial (with examples):
https://www.patreon.com/posts/process-memory-1-72454056
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
httβ¦
https://www.patreon.com/posts/process-memory-1-72454056
-----
OALABS DISCORD
https://discord.gg/6h5Bh5AMDU
OALABS PATREON
https://www.patreon.com/oalabs
Twitch
https://www.twitch.tv/oalabslive
OALABS GITHUB
httβ¦
Poseidonβs Offspring: Charybdis and Scylla - The attacks target a number of advertising SDKs within apps available via both Googleβs Play Store and Appleβs App Store.
π£digicat
π@malwr
π£digicat
π@malwr
HUMAN Security
Poseidonβs Offspring: Charybdis and Scylla - HUMAN Security
HUMAN's Satori Threat Intelligence and Research Team uncovered a network of 89 Android and iOS apps committing various flavors of ad fraud.