Order of Six Angles
rebol - значит малварь лол
Хотел рассказать про вредоносное использование Rebol, но времени не было и так лень, что пока я рожал, уже написали тут и тут. В целом ничего сверхъестественного. Могу лишь дополнить, что на Rebol, используя SDK, документацию и пример можно написать полноценный шифровальщик.
Есть еще REd и boron на которых тоже скорей всего пишется малварь. Или уже написана, кто знает...
Есть еще REd и boron на которых тоже скорей всего пишется малварь. Или уже написана, кто знает...
Order of Six Angles
Offensive WMI - Reconnaissance & Enumeration (Part 4) https://0xinfection.github.io/posts/wmi-recon-enum/
Offensive WMI - Active Directory Enumeration (Part 5)
https://0xinfection.github.io/posts/wmi-ad-enum/
https://0xinfection.github.io/posts/wmi-ad-enum/
execute binary payloads stored in password-protected zip files without extracting them
https://github.com/Tylous/ZipExec
https://github.com/Tylous/ZipExec
GitHub
GitHub - Tylous/ZipExec: A unique technique to execute binaries from a password protected zip
A unique technique to execute binaries from a password protected zip - Tylous/ZipExec
Enumerate Windows Defender ExclusionPath
https://stmxcsr.com/micro/winapi-snippets.html#enumerate-windows-defender-exclusionpath
https://stmxcsr.com/micro/winapi-snippets.html#enumerate-windows-defender-exclusionpath
Writing Disassemblers for VM-based Obfuscators
https://synthesis.to/2021/10/21/vm_based_obfuscation.html
https://synthesis.to/2021/10/21/vm_based_obfuscation.html
Reproduction and analysis of Windows local privilege escalation vulnerability (CVE-2021-40449) used in targeted attacks in the wild
https://translate.google.com/translate?sl=zh-CN&tl=en&u=https://mp.weixin.qq.com/s/AcFS0Yn9SDuYxFnzbBqhkQ
https://translate.google.com/translate?sl=zh-CN&tl=en&u=https://mp.weixin.qq.com/s/AcFS0Yn9SDuYxFnzbBqhkQ
cs-decrypt-metadata[.]py is a new tool, developed to decrypt the metadata of a Cobalt Strike beacon
https://blog.didierstevens.com/2021/10/22/new-tool-cs-decrypt-metadata-py/
https://blog.didierstevens.com/2021/10/22/new-tool-cs-decrypt-metadata-py/
Didier Stevens
New Tool: cs-decrypt-metadata.py
cs-decrypt-metadata.py is a new tool, developed to decrypt the metadata of a Cobalt Strike beacon. An active beacon regularly checks in with its team server, transmitting medata (like the AES key, …
APT Groups and Operations
https://docs.google.com/spreadsheets/u/1/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml#
https://docs.google.com/spreadsheets/u/1/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml#
How to exploit a double free and get a shell. "Use-After-Free for dummies"
https://github.com/stong/how-to-exploit-a-double-free
https://github.com/stong/how-to-exploit-a-double-free
GitHub
GitHub - stong/how-to-exploit-a-double-free: How to exploit a double free vulnerability in 2021. Use After Free for Dummies
How to exploit a double free vulnerability in 2021. Use After Free for Dummies - stong/how-to-exploit-a-double-free
DRIDEX: Analysing API Obfuscation Through VEH
https://www.0ffset.net/reverse-engineering/malware-analysis/dridex-veh-api-obfuscation/
https://www.0ffset.net/reverse-engineering/malware-analysis/dridex-veh-api-obfuscation/
0ffset Training Solutions | Practical and Affordable Cyber Security Training
DRIDEX: Analysing API Obfuscation Through VEH | 0ffset
DRIDEX is one of the most famous and prevalent banking Trojans that dates back to around late 2014. Throughout its improvement and variations, DRIDEX has been successful in targeting the financial services sector to steal banking information and crucial user…