Researchers from Palo Alto Networks' Unit 42 Team recently discovered a new sample of Golang-based malware. GoBruteforcer targets web servers, specifically those running phpMyAdmin, MySQL, FTP and Postgres services. https://unit42.paloaltonetworks.com/gobruteforcer-golang-botnet/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Linux Kernel Rootkits:
Part 3: A Backdoor to Root : https://xcellerator.github.io/posts/linux_rootkits_03/
Part 2: Ftrace and Function Hooking : https://xcellerator.github.io/posts/linux_rootkits_02/
Part 1: Introduction and Workflow : https://xcellerator.github.io/posts/linux_rootkits_01/ @TheXcellerator
DIY Linux Kernel Rootkit Detection : https://unfinished.bike/diy-linux-kernel-rootkit-detection
π£binitamshah
π@malwr
Part 3: A Backdoor to Root : https://xcellerator.github.io/posts/linux_rootkits_03/
Part 2: Ftrace and Function Hooking : https://xcellerator.github.io/posts/linux_rootkits_02/
Part 1: Introduction and Workflow : https://xcellerator.github.io/posts/linux_rootkits_01/ @TheXcellerator
DIY Linux Kernel Rootkit Detection : https://unfinished.bike/diy-linux-kernel-rootkit-detection
π£binitamshah
π@malwr
Linux Rootkits Part 3: A Backdoor to Root
Linux Rootkits Part 3: A Backdoor to Root :: TheXcellerator
Now that you know how to make a Linux kernel module that can hook any exposed function in kernel memory (Part 1 and Part 2), letβs get down to writing a hook that does something interesting!
In this first example, weβre going to make a rootkit that interceptsβ¦
In this first example, weβre going to make a rootkit that interceptsβ¦
Google Cloud Platform Exfiltration : A Threat Hunting Guide : https://www.mitiga.io/blog/google-cloud-platform-exfiltration-a-threat-hunting-guide
π£binitamshah
π@malwr
π£binitamshah
π@malwr
Blink : tiniest x86-64-linux emulator : https://github.com/jart/blink credits @JustineTunney
cosmopolitan : build-once run-anywhere c library : https://github.com/jart/cosmopolitan
π£binitamshah
π@malwr
cosmopolitan : build-once run-anywhere c library : https://github.com/jart/cosmopolitan
π£binitamshah
π@malwr
Modern x64 Assembly ( 16 Part video series) : https://www.youtube.com/watch?v=rxsBghsrvpI&list=PLKK11Ligqitg9MOX3-0tFT1Rmh3uJp7kA
π£binitamshah
π@malwr
π£binitamshah
π@malwr
YouTube
Modern x64 Assembly 1: Beginning Assembly Programming
A new series on x64 Assembly language. In this vid, we'll look at few general aspects of ASM, before diving in and coding a few simple examples.
I wanted to redo my early ASM vids for a while, and I hope this series is as fun as the original one was, plusβ¦
I wanted to redo my early ASM vids for a while, and I hope this series is as fun as the original one was, plusβ¦
Win32 Offensive Cheatsheet
Win32 and Kernel abusing techniques for pentesters & red-teamers.
https://github.com/matthieu-hackwitharts/Win32_Offensive_Cheatsheet
#pentesting #redteam https://t.me/hackgit/7899
π£hack_git
π@malwr
Win32 and Kernel abusing techniques for pentesters & red-teamers.
https://github.com/matthieu-hackwitharts/Win32_Offensive_Cheatsheet
#pentesting #redteam https://t.me/hackgit/7899
π£hack_git
π@malwr
π₯2
Technical analysis of NSO's Pegasus Android spyware by CyberMasterV (@GeeksCyber)
Part 1: https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-1/
Part 2: https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-2/
Part 3: https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-3/
#android #malware #nso #pegasus #infosec #cybersecurity
π£0xor0ne
π@malwr
Part 1: https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-1/
Part 2: https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-2/
Part 3: https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-3/
#android #malware #nso #pegasus #infosec #cybersecurity
π£0xor0ne
π@malwr
β€3
Released my sRDI (Shellcode Reflective DLL Injection) implementation.
https://github.com/daem0nc0re/TangledWinExec/tree/main/sRDI
π£daem0nc0re
π@malwr
https://github.com/daem0nc0re/TangledWinExec/tree/main/sRDI
π£daem0nc0re
π@malwr
π2
Want to learn about EoP on windows? check this amazing series from @hasherezade
https://hshrzd.wordpress.com/2017/06/22/starting-with-windows-kernel-exploitation-part-3-stealing-the-access-token/
π£hardik05
π@malwr
https://hshrzd.wordpress.com/2017/06/22/starting-with-windows-kernel-exploitation-part-3-stealing-the-access-token/
π£hardik05
π@malwr
hasherezade's 1001 nights
Starting with Windows Kernel Exploitation β part 3 β stealing the Access Token
Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. In the previous parts I shown how to set up the environment. Now we will get familβ¦
π1
Win32 and Kernel abusing techniques for pentesters
https://github.com/matthieu-hackwitharts/Win32_Offensive_Cheatsheet
π£Dinosn
π@malwr
https://github.com/matthieu-hackwitharts/Win32_Offensive_Cheatsheet
π£Dinosn
π@malwr
GitHub
GitHub - matthieu-hackwitharts/Win32_Offensive_Cheatsheet: Win32 and Kernel abusing techniques for pentesters
Win32 and Kernel abusing techniques for pentesters - matthieu-hackwitharts/Win32_Offensive_Cheatsheet
π₯1
Did you know that IDA Free has been updated to 8.2 and gained some new features π Give it a try today π https://hex-rays.com/ida-free/?utm_source=Social-Media-Post&utm_medium=Twitter&utm_campaign=ida-free-updated-8-2
#IDAFree #HexRays #ReverseEngineering #MalwareAnalysis
π£HexRaysSA
π@malwr
#IDAFree #HexRays #ReverseEngineering #MalwareAnalysis
π£HexRaysSA
π@malwr
π1
Bypass Windows Defender with FilelessPELoader
Offensive security professional 'TheD1rkMtr' released a C++ tool, titled 'FilelessPELoader' on his Github repository earlier this year in 2023.
The publicly available tool was able to bypass the latest Windows Defender and successfully load and execute Mimikatz on a Windows system. The proof of concept along with the source code of the tool can be found in the author's Github repository over here.
As publicly available tools that claim to bypass Windows Defender are usually rapidly signatured and prevented by the AV/EDR vendors, an attempt was conducted to verify if the C++ 'FilelessPELoader' tool is still functional, and if it is still possible to bypass the latest Windows Defender on an updated Windows system.
This video posted by the Gemini Security channel on Youtube provides a step-by-step walkthrough on how to compile the C++ tool FilelessPELoader and the usage of it, demonstrating that it is STILL possible to bypass Windows Defender, loading and executing the Mimikatz.exe binary. The video also provides a demonstration on using the FilelessPELoader tool to load and execute a Meterpreter reverse shell, successfully establishing a functional reverse shell back to a Kali OS.
If you're up against Windows Defender and require a bypass, this might be the solution for you.
π£cybermepls
π@malwr
Offensive security professional 'TheD1rkMtr' released a C++ tool, titled 'FilelessPELoader' on his Github repository earlier this year in 2023.
The publicly available tool was able to bypass the latest Windows Defender and successfully load and execute Mimikatz on a Windows system. The proof of concept along with the source code of the tool can be found in the author's Github repository over here.
As publicly available tools that claim to bypass Windows Defender are usually rapidly signatured and prevented by the AV/EDR vendors, an attempt was conducted to verify if the C++ 'FilelessPELoader' tool is still functional, and if it is still possible to bypass the latest Windows Defender on an updated Windows system.
This video posted by the Gemini Security channel on Youtube provides a step-by-step walkthrough on how to compile the C++ tool FilelessPELoader and the usage of it, demonstrating that it is STILL possible to bypass Windows Defender, loading and executing the Mimikatz.exe binary. The video also provides a demonstration on using the FilelessPELoader tool to load and execute a Meterpreter reverse shell, successfully establishing a functional reverse shell back to a Kali OS.
If you're up against Windows Defender and require a bypass, this might be the solution for you.
π£cybermepls
π@malwr
GitHub
GitHub - SaadAhla/FilelessPELoader: Loading Remote AES Encrypted PE in memory , Decrypted it and run it
Loading Remote AES Encrypted PE in memory , Decrypted it and run it - GitHub - SaadAhla/FilelessPELoader: Loading Remote AES Encrypted PE in memory , Decrypted it and run it
You suspect there should be a cross-reference in the listing, but IDA isnβt showing it? See how to find it π https://hex-rays.com/blog/igors-tip-of-the-week-132-finding-hidden-cross-references/?utm_source=Social-Media-Post&utm_medium=Twitter&utm_campaign=Igor-Tip-132
#IgorsTipOfTheWeek #IDAtips #IDAPro
π£HexRaysSA
π@malwr
#IgorsTipOfTheWeek #IDAtips #IDAPro
π£HexRaysSA
π@malwr
π1