Malware development trick - part 32. Syscalls - part 1. Simple C++ example. https://cocomelonc.github.io/malware/2023/06/07/syscalls-1.html #Pentesting #Malware #CyberSecurity #Infosec
π£ptracesecurity
π@malwr
π£ptracesecurity
π@malwr
π₯1
It's an okay language.
https://tishina.in/execution/golang-winmaldev-basics
π£zimnyaatishina
π@malwr
https://tishina.in/execution/golang-winmaldev-basics
π£zimnyaatishina
π@malwr
tishina.in
golang-winmaldev-basics
tl;dr Golang is no C, but its OK. disclaimer: This is a personal opinion. C-nile people please do not hurt me. why would anyone want to do that This is debatable, but: C2 communication is way easier β¦
π₯1
Fantastic Rootkits: And Where to Find Them (Part 1) https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-1
π£reverseame
π@malwr
π£reverseame
π@malwr
Cyberark
Fantastic Rootkits: And Where to Find Them (Part 1)
Introduction In this blog series, we will cover the topic of rootkits β how they are built and the basics of kernel driver analysis β specifically on the Windows platform. In this first part, we...
π₯1
SharpWSUS. CSharp tool for lateral movement through WSUS
https://github.com/nettitude/SharpWSUS
π£DirectoryRanger
π@malwr
https://github.com/nettitude/SharpWSUS
π£DirectoryRanger
π@malwr
GitHub
GitHub - nettitude/SharpWSUS
Contribute to nettitude/SharpWSUS development by creating an account on GitHub.
π₯1
Unlimited Advanced Hunting for Microsoft 365 Defender with Azure Data Explorer #DFIR
Part 1 https://koosg.medium.com/unlimited-advanced-hunting-for-microsoft-365-defender-with-azure-data-explorer-646b08307b75
Part 2 https://koosg.medium.com/unlimited-advanced-hunting-for-microsoft-365-defender-with-azure-data-explorer-4fc30574cf29
π£DirectoryRanger
π@malwr
Part 1 https://koosg.medium.com/unlimited-advanced-hunting-for-microsoft-365-defender-with-azure-data-explorer-646b08307b75
Part 2 https://koosg.medium.com/unlimited-advanced-hunting-for-microsoft-365-defender-with-azure-data-explorer-4fc30574cf29
π£DirectoryRanger
π@malwr
Medium
Unlimited Advanced Hunting for Microsoft 365 Defender with Azure Data Explorer
β Part I
YARA 4.3.2 has been released. Fixes a bug reported by Huawei that makes YARA crash while scanning arbitrary files with certain hex patterns.
https://github.com/VirusTotal/yara
π£plusvic
π@malwr
https://github.com/VirusTotal/yara
π£plusvic
π@malwr
GitHub
GitHub - VirusTotal/yara: The pattern matching swiss knife
The pattern matching swiss knife. Contribute to VirusTotal/yara development by creating an account on GitHub.
Trend Micro researchers present the first of a three-part technical research series taking an in-depth look at the continuing evolution of the highly evasive batch obfuscation engine BatCloak. https://www.trendmicro.com/en_us/research/23/f/analyzing-the-fud-malware-obfuscation-engine-batcloak.html
π£virusbtn
π@malwr
π£virusbtn
π@malwr
π₯1
My friend @dfirence created an awesome app called Mitre Assistant where you can visualize all the techniques used by a threat actor and more! Check this out! π#infosec
https://ma-insights.vercel.app/
π£fr0gger_
π@malwr
https://ma-insights.vercel.app/
π£fr0gger_
π@malwr
The slides of our talk at Recon 2023 "Dissecting the Modern Android Data Encryption Scheme" are now available online.
Thanks @reconmtl for organizing this great event.
https://github.com/quarkslab/conf-presentations/blob/master/Recon23/Recon23-Android-FBE-mrossibellom-dmelotti.pdf
π£max_r_b
π@malwr
Thanks @reconmtl for organizing this great event.
https://github.com/quarkslab/conf-presentations/blob/master/Recon23/Recon23-Android-FBE-mrossibellom-dmelotti.pdf
π£max_r_b
π@malwr
"windows-api-function-cheatsheets: A reference of Windows API function calls, including functions for file operations, process..."
#infosec #pentest #redteam
https://github.com/snowcra5h/windows-api-function-cheatsheets
π£CyberWarship
π@malwr
#infosec #pentest #redteam
https://github.com/snowcra5h/windows-api-function-cheatsheets
π£CyberWarship
π@malwr
"BLACKHAT_Asia2023: Black Hat Asia 2023 PDF Public"
#infosec #pentest #redteam
https://github.com/Mr-xn/BLACKHAT_Asia2023
π£CyberWarship
π@malwr
#infosec #pentest #redteam
https://github.com/Mr-xn/BLACKHAT_Asia2023
π£CyberWarship
π@malwr
Manually 'reconstruct' a packed PE file from a crash dump in IDA. https://youtu.be/A0qC2Um6gsA
π£allthingsida
π@malwr
π£allthingsida
π@malwr
YouTube
Manually reconstructing a PE file from a crash dump in IDA
In this episode, we start with a Windows user mode crash dump file. Our goal is to grab the main executable's segments, clean the segments, find/create the imports table, find the entry point and the original entry point, apply signatures, and other discussions.β¦
Escaping Parallels Desktop with Plist Injection https://pwn.win/2023/05/08/parallels-escape.html
π£reverseame
π@malwr
π£reverseame
π@malwr
pwn.win
Escaping Parallels Desktop with Plist Injection
This post details two bugs I found, a plist injection (CVE-2023-27328) and a race condition (CVE-2023-27327), which could be used to escape from a guest Parallels Desktop virtual machine. In this post Iβll break down the findings.
π₯1
Bypass-Sandbox-Evasion - Bypass Malware Sandbox Evasion Ram Check https://www.kitploit.com/2023/06/bypass-sandbox-evasion-bypass-malware.html #Pentesting #Bypass #Malware #Sandbox #CyberSecurity #Infosec
π£ptracesecurity
π@malwr
π£ptracesecurity
π@malwr
π₯1
Mandiant's Alexander Marvi, Brad Slaybaugh, Ron Craft & Rufus Brown have discovered additional techniques utilized by UNC3886 across multiple organizations to keep out of the sights of EDR solutions. https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass
π£virusbtn
π@malwr
π£virusbtn
π@malwr
π1π₯1
First Look: Ghidra 10.3 Emulator https://medium.com/@cy1337/first-look-ghidras-10-3-emulator-7f74dd55e12d
π£reverseame
π@malwr
π£reverseame
π@malwr
Medium
First Look: Ghidra 10.3 Emulator
Ghidra 10.3 dropped this week with a dedicated Emulator tool! Iβve been eagerly anticipating such a feature and so I am very excited thatβ¦
KasperskyLab/TinyCheckPublic
TinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them.
https://github.com/KasperskyLab/TinyCheck
π£Tinolle
π@malwr
TinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them.
https://github.com/KasperskyLab/TinyCheck
π£Tinolle
π@malwr