Technical analysis of NSO's Pegasus Android spyware by CyberMasterV (@GeeksCyber)
Part 1: https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-1/
Part 2: https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-2/
Part 3: https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-3/
#android #malware #nso #pegasus #infosec #cybersecurity
๐ฃ0xor0ne
๐@malwr
Part 1: https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-1/
Part 2: https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-2/
Part 3: https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-3/
#android #malware #nso #pegasus #infosec #cybersecurity
๐ฃ0xor0ne
๐@malwr
โค3
Released my sRDI (Shellcode Reflective DLL Injection) implementation.
https://github.com/daem0nc0re/TangledWinExec/tree/main/sRDI
๐ฃdaem0nc0re
๐@malwr
https://github.com/daem0nc0re/TangledWinExec/tree/main/sRDI
๐ฃdaem0nc0re
๐@malwr
๐2
Want to learn about EoP on windows? check this amazing series from @hasherezade
https://hshrzd.wordpress.com/2017/06/22/starting-with-windows-kernel-exploitation-part-3-stealing-the-access-token/
๐ฃhardik05
๐@malwr
https://hshrzd.wordpress.com/2017/06/22/starting-with-windows-kernel-exploitation-part-3-stealing-the-access-token/
๐ฃhardik05
๐@malwr
hasherezade's 1001 nights
Starting with Windows Kernel Exploitation โ part 3 โ stealing the Access Token
Recently I started learning Windows Kernel Exploitation, so I decided to share some of my notes in form of a blog. In the previous parts I shown how to set up the environment. Now we will get familโฆ
๐1
Win32 and Kernel abusing techniques for pentesters
https://github.com/matthieu-hackwitharts/Win32_Offensive_Cheatsheet
๐ฃDinosn
๐@malwr
https://github.com/matthieu-hackwitharts/Win32_Offensive_Cheatsheet
๐ฃDinosn
๐@malwr
GitHub
GitHub - matthieu-hackwitharts/Win32_Offensive_Cheatsheet: Win32 and Kernel abusing techniques for pentesters
Win32 and Kernel abusing techniques for pentesters - matthieu-hackwitharts/Win32_Offensive_Cheatsheet
๐ฅ1
Did you know that IDA Free has been updated to 8.2 and gained some new features ๐ Give it a try today ๐ https://hex-rays.com/ida-free/?utm_source=Social-Media-Post&utm_medium=Twitter&utm_campaign=ida-free-updated-8-2
#IDAFree #HexRays #ReverseEngineering #MalwareAnalysis
๐ฃHexRaysSA
๐@malwr
#IDAFree #HexRays #ReverseEngineering #MalwareAnalysis
๐ฃHexRaysSA
๐@malwr
๐1
Bypass Windows Defender with FilelessPELoader
Offensive security professional 'TheD1rkMtr' released a C++ tool, titled 'FilelessPELoader' on his Github repository earlier this year in 2023.
The publicly available tool was able to bypass the latest Windows Defender and successfully load and execute Mimikatz on a Windows system. The proof of concept along with the source code of the tool can be found in the author's Github repository over here.
As publicly available tools that claim to bypass Windows Defender are usually rapidly signatured and prevented by the AV/EDR vendors, an attempt was conducted to verify if the C++ 'FilelessPELoader' tool is still functional, and if it is still possible to bypass the latest Windows Defender on an updated Windows system.
This video posted by the Gemini Security channel on Youtube provides a step-by-step walkthrough on how to compile the C++ tool FilelessPELoader and the usage of it, demonstrating that it is STILL possible to bypass Windows Defender, loading and executing the Mimikatz.exe binary. The video also provides a demonstration on using the FilelessPELoader tool to load and execute a Meterpreter reverse shell, successfully establishing a functional reverse shell back to a Kali OS.
If you're up against Windows Defender and require a bypass, this might be the solution for you.
๐ฃcybermepls
๐@malwr
Offensive security professional 'TheD1rkMtr' released a C++ tool, titled 'FilelessPELoader' on his Github repository earlier this year in 2023.
The publicly available tool was able to bypass the latest Windows Defender and successfully load and execute Mimikatz on a Windows system. The proof of concept along with the source code of the tool can be found in the author's Github repository over here.
As publicly available tools that claim to bypass Windows Defender are usually rapidly signatured and prevented by the AV/EDR vendors, an attempt was conducted to verify if the C++ 'FilelessPELoader' tool is still functional, and if it is still possible to bypass the latest Windows Defender on an updated Windows system.
This video posted by the Gemini Security channel on Youtube provides a step-by-step walkthrough on how to compile the C++ tool FilelessPELoader and the usage of it, demonstrating that it is STILL possible to bypass Windows Defender, loading and executing the Mimikatz.exe binary. The video also provides a demonstration on using the FilelessPELoader tool to load and execute a Meterpreter reverse shell, successfully establishing a functional reverse shell back to a Kali OS.
If you're up against Windows Defender and require a bypass, this might be the solution for you.
๐ฃcybermepls
๐@malwr
GitHub
GitHub - SaadAhla/FilelessPELoader: Loading Remote AES Encrypted PE in memory , Decrypted it and run it
Loading Remote AES Encrypted PE in memory , Decrypted it and run it - GitHub - SaadAhla/FilelessPELoader: Loading Remote AES Encrypted PE in memory , Decrypted it and run it
You suspect there should be a cross-reference in the listing, but IDA isnโt showing it? See how to find it ๐ https://hex-rays.com/blog/igors-tip-of-the-week-132-finding-hidden-cross-references/?utm_source=Social-Media-Post&utm_medium=Twitter&utm_campaign=Igor-Tip-132
#IgorsTipOfTheWeek #IDAtips #IDAPro
๐ฃHexRaysSA
๐@malwr
#IgorsTipOfTheWeek #IDAtips #IDAPro
๐ฃHexRaysSA
๐@malwr
๐1
As promised earlier today, here is my writeup about a recent #Gozi campaign that was targeting the ๐ฎ๐น audience.
Covering geofence payloads handle, jscript.encode script, shellcodes analysis, APC Injection and much more!
Have fun :)
https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/gozi-italian-shellcode-dance
๐ฃ0xToxin
๐@malwr
Covering geofence payloads handle, jscript.encode script, shellcodes analysis, APC Injection and much more!
Have fun :)
https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/gozi-italian-shellcode-dance
๐ฃ0xToxin
๐@malwr
Nice blog post on using Qiling framework for automatically unpack ELF executables
https://kernemporium.github.io/posts/unpacking/
#qiling #infosec #reverseengineering #learning
๐ฃ0xor0ne
๐@malwr
https://kernemporium.github.io/posts/unpacking/
#qiling #infosec #reverseengineering #learning
๐ฃ0xor0ne
๐@malwr
โค1๐1