This is a four day Rust course developed by the Android team
https://google.github.io/comprehensive-rust/
https://google.github.io/comprehensive-rust/
Inside the IcedID BackConnect Protocol
https://www.team-cymru.com/post/inside-the-icedid-backconnect-protocol
https://www.team-cymru.com/post/inside-the-icedid-backconnect-protocol
Team-Cymru
Unveiling the IcedID BackConnect Protocol: Team Cymru Reveals
Discover the inner workings of the IcedID BackConnect Protocol with insights from a leading technology company. Uncover the intricate details in our blog post!
Evading Detection: A Beginner's Guide to Obfuscation - 2022
https://www.youtube.com/watch?v=wvKwk1wcXvM
https://www.youtube.com/watch?v=wvKwk1wcXvM
YouTube
Evading Detection: A Beginner's Guide to Obfuscation - 2022
Have you wanted to learn some more advanced Windows evasion techniques? Here is your chance to learn from the experts. This 2-hour long webinar will cover the basics of Windows Defenses such as Event and Script Block Logging, Anti-Malware Scan Interface (AMSI)…
basics for creating Yara rules
https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/101/Yara.md
https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/101/Yara.md
GitHub
CyberThreatIntel/101/Yara.md at master · StrangerealIntel/CyberThreatIntel
Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups - StrangerealIntel/CyberThreatIntel
Forwarded from vx-underground
This media is not supported in your browser
VIEW IN TELEGRAM
The government tried to ban me from the dark web,
I downloaded Tor browser and got back in,
I downloaded Tor browser and got back in,
BugChecker is a SoftICE-like kernel and user debugger for Windows 11 (and Windows XP as well: it supports Windows versions from XP to 11, both x86 and x64).
https://github.com/vitoplantamura/BugChecker
https://github.com/vitoplantamura/BugChecker
GitHub
GitHub - vitoplantamura/BugChecker: SoftICE-like kernel debugger for Windows 11
SoftICE-like kernel debugger for Windows 11. Contribute to vitoplantamura/BugChecker development by creating an account on GitHub.
Forwarded from RME-DisCo @ UNIZAR [www.reversea.me]
Fuzzing Golang msgpack for fun and panic https://redcanary.com/blog/fuzzing/
Red Canary
Fuzzing Golang msgpack for fun and panic | Red Canary
How the Red Canary Product Security Team found a vulnerability in a Go programming language MessagePack implementation.
лайфхак, как в idapython ставить комментарии на декомпилированный код, работает даже в 7.0+ версиях
https://github.com/GDATAAdvancedAnalytics/IDA-Python/blob/81614b5f2596b5319ff55f2e5c41c07c2bba2985/Trickbot/stringDecryption.py#L104
https://github.com/GDATAAdvancedAnalytics/IDA-Python/blob/81614b5f2596b5319ff55f2e5c41c07c2bba2985/Trickbot/stringDecryption.py#L104
GitHub
IDA-Python/Trickbot/stringDecryption.py at 81614b5f2596b5319ff55f2e5c41c07c2bba2985 · GDATAAdvancedAnalytics/IDA-Python
Contribute to GDATAAdvancedAnalytics/IDA-Python development by creating an account on GitHub.
detonate real malware samples within an instance of Elastic Security with all the prebuilt security rules
https://ohmymalware.com/
https://ohmymalware.com/
Kasablanka Group Probably Conducted Compaigns Targeting Russia
https://ti.qianxin.com/blog/articles/Kasablanka-Group-Probably-Conducted-Compaigns-Targeting-Russia/
https://ti.qianxin.com/blog/articles/Kasablanka-Group-Probably-Conducted-Compaigns-Targeting-Russia/
Qianxin
奇安信威胁情报中心
Nuxt.js project
Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
https://research.nccgroup.com/2023/01/20/technical-advisory-u-boot-unchecked-download-size-and-direction-in-usb-dfu-cve-2022-2347/
https://research.nccgroup.com/2023/01/20/technical-advisory-u-boot-unchecked-download-size-and-direction-in-usb-dfu-cve-2022-2347/
бля помню в го ковырялся внутренностях немного, погружался, если не лень скину ссылок, но вот статья тоже на эту тему
https://www.mandiant.com/resources/blog/golang-internals-symbol-recovery
https://www.mandiant.com/resources/blog/golang-internals-symbol-recovery
Google Cloud Blog
Ready, Set, Go — Golang Internals and Symbol Recovery | Google Cloud Blog
Order of Six Angles
бля помню в го ковырялся внутренностях немного, погружался, если не лень скину ссылок, но вот статья тоже на эту тему https://www.mandiant.com/resources/blog/golang-internals-symbol-recovery
долбление в эти исходники дало понять многое, по сути в малваре го, если из специфичного, не так уж и много посути, понять как сисколы напрямую вызываются, один раз сесть, посидеть часов 5, и будет понятно как го работает со стеком и тогда никакой даже декомпилятор не нужен, уже без страха сразу хуяришь бинарь в дебагер и медитируешь над инструкциями чисто
https://github.com/C-Sto/BananaPhone
https://github.com/C-Sto/BananaPhone
GitHub
GitHub - C-Sto/BananaPhone: It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)
It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!) - C-Sto/BananaPhone