Practical Windows Forensics Training https://github.com/bluecapesecurity/PWF #Pentesting #Windows #CyberSecurity #Infosec
π£ptracesecurity
π@malwr
π£ptracesecurity
π@malwr
Stealth Soldier Backdoor Used in Targeted Espionage Attacks in North Africa https://research.checkpoint.com/2023/stealth-soldier-backdoor-used-in-targeted-espionage-attacks-in-north-africa/
π£Dinosn
π@malwr
π£Dinosn
π@malwr
Check Point Research
Stealth Soldier Backdoor Used in Targeted Espionage Attacks in North Africa - Check Point Research
Key findings Introduction Check Point Research identified an ongoing operation against targets in North Africa involving a previously undisclosed multi-stage backdoor called Stealth Soldier. The malware Command and Control (C&C) network is part of a largerβ¦
https://cocomelonc.github.io/malware/2023/06/07/syscalls-1.html my intro to syscalls. I love introductory posts =^..^= #cybersec #cybersecurity #informationsecurity #malware #malwaredev #malwareanalysis #redteam #blueteam #purpleteam #hacking #ethicalhacking #windows #winapi #win32api #programming #cpp #assembly #asm
π£cocomelonckz
π@malwr
π£cocomelonckz
π@malwr
cocomelonc
Malware development trick - part 32. Syscalls - part 1. Simple C++ example.
ο·½
Digital Forensics Tools Cheat Sheet
π·Full HD Image: https://github.com/Ignitetechnologies/Mindmap/tree/main/Forensics
#infosec #cybersecurity #cybersecuritytips #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosecurity #cyberattacks #cybersecurityawareness #bugbounty #bugbountytips
π£hackinarticles
π@malwr
π·Full HD Image: https://github.com/Ignitetechnologies/Mindmap/tree/main/Forensics
#infosec #cybersecurity #cybersecuritytips #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosecurity #cyberattacks #cybersecurityawareness #bugbounty #bugbountytips
π£hackinarticles
π@malwr
Windows Memory Dump Analysis With Volatility #DFIR
https://digitalinvestigator.blogspot.com/2022/07/windows-memory-dump-analysis-with.html
π£DirectoryRanger
π@malwr
https://digitalinvestigator.blogspot.com/2022/07/windows-memory-dump-analysis-with.html
π£DirectoryRanger
π@malwr
Digital Investigator
Windows Memory Dump Analysis With Volatility
These volatility modules parse these structures and substructures within them and presents the examiner a beautiful tabular view for analysis
A new open source tool to check the integrity of an iPhone without jailbreaking it. Great work from @ddurvaux Aaron Kaplan and Emilien.
#DFIR #FIRSTCON23
https://github.com/EC-DIGIT-CSIRC/sysdiagnose
π£adulau
π@malwr
#DFIR #FIRSTCON23
https://github.com/EC-DIGIT-CSIRC/sysdiagnose
π£adulau
π@malwr
GitHub
GitHub - EC-DIGIT-CSIRC/sysdiagnose: Forensic toolkit for iOS sysdiagnose feature
Forensic toolkit for iOS sysdiagnose feature. Contribute to EC-DIGIT-CSIRC/sysdiagnose development by creating an account on GitHub.
π1
Rust Binary Analysis, Feature By Feature https://research.checkpoint.com/2023/rust-binary-analysis-feature-by-feature/ #Pentesting #CyberSecurity #Infosec
π£ptracesecurity
π@malwr
π£ptracesecurity
π@malwr
Vulnerability Analysis with Ghidra Scripting https://medium.com/@cy1337/vulnerability-analysis-with-ghidra-scripting-ccf416cfa56d
π£reverseame
π@malwr
π£reverseame
π@malwr
Medium
Vulnerability Analysis with Ghidra Scripting
As some of you may have seen, I posted a challenge to use Ghidra to identify a vulnerability in a WarGames themed game. There has been aβ¦
Basic introduction to patch diffing in Ghidra by @qkaiser
(Cisco RV110W)
Part 1: https://quentinkaiser.be/exploitdev/2020/09/23/ghetto-patch-diffing-cisco/
Part 2: https://quentinkaiser.be/exploitdev/2020/10/01/patch-diffing-cisco-rv110/
#reverseengineering #patch #infosec #cybersecurity
π£0xor0ne
π@malwr
(Cisco RV110W)
Part 1: https://quentinkaiser.be/exploitdev/2020/09/23/ghetto-patch-diffing-cisco/
Part 2: https://quentinkaiser.be/exploitdev/2020/10/01/patch-diffing-cisco-rv110/
#reverseengineering #patch #infosec #cybersecurity
π£0xor0ne
π@malwr
Let's work with function flow charts in IDAPython. https://youtu.be/y9WEtTmZibY
π£allthingsida
π@malwr
π£allthingsida
π@malwr
YouTube
IDAPython: Working with function flow charts and basic blocks
In this video, we build upon the introductory video on function flowcharts and delve deeper into the topic. Our focus is on the qflow_chart_t class, where we demonstrate how to enumerate basic blocks along with their predecessors and successors. Lastly, weβ¦
IDA PRO 8.3 finally has the Goomba plugin built-in! De-obfuscate simple MBAs out-of-the-box! @HexRaysSA https://github.com/HexRaysSA/goombaπ
π£enovella_
π@malwr
π£enovella_
π@malwr
π₯1
[Blog] No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
An analysis of AddressOfEntryPoint and the 'new' ThreadQuerySetWin32StartAddress (ThreadQuery) process injection techniques
https://bohops.com/2023/06/09/no-alloc-no-problem-leveraging-program-entry-points-for-process-injection/
π£bohops
π@malwr
An analysis of AddressOfEntryPoint and the 'new' ThreadQuerySetWin32StartAddress (ThreadQuery) process injection techniques
https://bohops.com/2023/06/09/no-alloc-no-problem-leveraging-program-entry-points-for-process-injection/
π£bohops
π@malwr
bohops
No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
Introduction Process Injection is a popular technique used by Red Teams and threat actors for defense evasion, privilege escalation, and other interesting use cases. At the time of this publishing,β¦
Since using legit drivers to kill processes seems to be a thing π€·ββοΈ
Here's my crappy script to identify potential process killer drivers on LOLDrivers
https://github.com/xalicex/LOLDrivers_finder
π£AliceCliment
π@malwr
Here's my crappy script to identify potential process killer drivers on LOLDrivers
https://github.com/xalicex/LOLDrivers_finder
π£AliceCliment
π@malwr
GitHub
GitHub - xalicex/LOLDrivers_finder
Contribute to xalicex/LOLDrivers_finder development by creating an account on GitHub.
Check Point researchers observed a wave of highly targeted espionage attacks in Libya that utilize a new custom modular backdoor. Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions. https://research.checkpoint.com/2023/stealth-soldier-backdoor-used-in-targeted-espionage-attacks-in-north-africa/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Applying #yara rules on Time Travel Debugging (#ttd) traces : Welcome yara-ttd !!! #SSTIC
https://github.com/airbus-cert/yara-ttd
π£citronneur
π@malwr
https://github.com/airbus-cert/yara-ttd
π£citronneur
π@malwr
GitHub
GitHub - airbus-cert/yara-ttd: Use YARA rules on Time Travel Debugging traces
Use YARA rules on Time Travel Debugging traces. Contribute to airbus-cert/yara-ttd development by creating an account on GitHub.