The Red Team gets all the cool toys. Like GTFOBins and LOLBAS. But what about the Blue team, huh? Where's their cool stuff?
WTFBin(n): a binary that behaves exactly like malware, except, somehow, it's not?
https://wtfbins.wtf/
WTFBin(n): a binary that behaves exactly like malware, except, somehow, it's not?
https://wtfbins.wtf/
wtfbins.wtf
WTFBins: benign applications that exhibit suspicious behavior
Order of Six Angles
https://blog.didierstevens.com/2023/01/22/analyzing-malicious-onenote-documents/
GitHub
GitHub - DissectMalware/pyOneNote: A python library to parse OneNote (.one) files
A python library to parse OneNote (.one) files. Contribute to DissectMalware/pyOneNote development by creating an account on GitHub.
Detecting crypto-ransomware in IoT networks based on energy consumption footprint
https://www.researchgate.net/publication/319252402_Detecting_crypto-ransomware_in_IoT_networks_based_on_energy_consumption_footprint
https://www.researchgate.net/publication/319252402_Detecting_crypto-ransomware_in_IoT_networks_based_on_energy_consumption_footprint
ResearchGate
(PDF) Detecting crypto-ransomware in IoT networks based on energy consumption footprint
PDF | An Internet of Things (IoT) architecture generally consists of a wide range of Internet-connected devices or things such as Android devices, and... | Find, read and cite all the research you need on ResearchGate
Deus x64 is a series of increasingly difficult computer security challenges pertaining to reverse-engineering and binary exploitation.
deusx64.ai
deusx64.ai
Consider the following sample x86 assembly
code, with the assumption that byte in the AL register is
under attacker control:
0: add al, al
1: sub al, 0x0f
2: test al, al
3: jz 5
4: ...
5: jmp 7
6: ...
If we represent the input byte as b0, and create a new
variable bn on each write to a variable, then at address
6 the path condition for the byte in AL is the following
conjunction of clauses
b1 = b0 + b0 ∧ b2 = b1 − 15 ∧ b2 = 0
whereas at address 4 the path condition is
b1 = b0 + b0 ∧ b2 = b1 − 15 ∧ b2 6= 0
One can then use a SMT solver to ask queries about the
states represented by these formulae by appending con-
straints and looking for satisfying assignments. For ex-
ample, if we wanted to check at address 4 whether the
value 11 can be in the AL register we would create the
formula:
b1 = b0 + b0 ∧ b2 = b1 − 15 ∧ b2 6= 0 ∧ b2 = 11
An SMT solver will then return a satisfying assignment,
if one exists, such as b0 = 13 in this case.Интересная тема, поиск rop gadget с помощью smt solvers и автоматическая генерация вредоносных шелкодов