Linux system call hooking using Ftrace
https://xcellerator.github.io/posts/linux_rootkits_02
@reverseengine
https://xcellerator.github.io/posts/linux_rootkits_02
@reverseengine
Linux Rootkits Part 2: Ftrace and Function Hooking
Linux Rootkits Part 2: Ftrace and Function Hooking :: TheXcellerator
Okay, so you’ve built your first kernel module, but now you want to make it do something cool - something like altering the behaviour of the running kernel. The way we do this is by function hooking, but the question is - how do we know which functions to…
❤1
Speculating the entire x86-64 Instruction Set In Seconds with This One Weird Trick
https://blog.can.ac/2021/03/22/speculating-x86-64-isa-with-one-weird-trick
https://blog.can.ac/2021/03/22/speculating-x86-64-isa-with-one-weird-trick
Can.ac
Speculating the entire x86-64 Instruction Set In Seconds with This One Weird Trick
As cheesy as the title sounds, I promise it cannot beat the cheesiness of the technique I’ll be telling you about in this post. The morning I saw Mark …
❤1
Anti_backdoor.pdf
12.6 MB
Anti-Backdoor Learning:
Training Clean Models on Poisoned Data
Training Clean Models on Poisoned Data
❤1
Modern Obfuscation Techniques
https://is.muni.cz/th/v1f9y/Modern_obfuscation_techniques.pdf
@reverseengine
https://is.muni.cz/th/v1f9y/Modern_obfuscation_techniques.pdf
@reverseengine
❤1
Abusing native Windows functions for shellcode execution
http://ropgadget.com/posts/abusing_win_functions.html
http://ropgadget.com/posts/abusing_win_functions.html
❤1
A Deep Dive Into Malicious Direct Syscall Detection
https://www.paloaltonetworks.com/blog/security-operations/a-deep-dive-into-malicious-direct-syscall-detection
https://www.paloaltonetworks.com/blog/security-operations/a-deep-dive-into-malicious-direct-syscall-detection
Palo Alto Networks Blog
A Deep Dive Into Malicious Direct Syscall Detection - Palo Alto Networks Blog
This blog explains how attackers use direct syscalls to overcome most EDR solutions, by first discussing the conventional Windows syscall flow and how most EDR solutions monitor those calls.
❤1
x64dbg plugin for simple spoofing of CPUID instruction behavior
https://github.com/jonatan1024/CpuidSpoofer
https://github.com/jonatan1024/CpuidSpoofer
GitHub
GitHub - jonatan1024/CpuidSpoofer: x64dbg plugin for simple spoofing of CPUID instruction behavior
x64dbg plugin for simple spoofing of CPUID instruction behavior - jonatan1024/CpuidSpoofer
❤1
fpicker: Fuzzing with Frida
https://insinuator.net/2021/03/fpicker-fuzzing-with-frida
https://github.com/ttdennis/fpicker
https://insinuator.net/2021/03/fpicker-fuzzing-with-frida
https://github.com/ttdennis/fpicker
GitHub
GitHub - ttdennis/fpicker: fpicker is a Frida-based fuzzing suite supporting various modes (including AFL++ in-process fuzzing)
fpicker is a Frida-based fuzzing suite supporting various modes (including AFL++ in-process fuzzing) - ttdennis/fpicker
❤1
Bypassing Frida: Advance Frida Detection Bypass
https://medium.com/@haxymad/bypassing-frida-advanced-frida-detection-bypass-part-1-cc7c1dfbad9d
https://medium.com/@haxymad/bypassing-frida-advanced-frida-detection-bypass-part-2-e3466a141a4c
https://medium.com/system-weakness/bypassing-frida-advanced-frida-detection-bypass-part-3-339aa1202c48
https://medium.com/system-weakness/bypassing-frida-advanced-frida-detection-bypass-part-4-c258e8f5aa64
https://medium.com/@haxymad/bypassing-frida-advanced-frida-detection-bypass-part-1-cc7c1dfbad9d
https://medium.com/@haxymad/bypassing-frida-advanced-frida-detection-bypass-part-2-e3466a141a4c
https://medium.com/system-weakness/bypassing-frida-advanced-frida-detection-bypass-part-3-339aa1202c48
https://medium.com/system-weakness/bypassing-frida-advanced-frida-detection-bypass-part-4-c258e8f5aa64
Medium
Bypassing Frida: Advanced Frida Detection Bypass — Part 1
Hey dude.
❤1🔥1
VM Detection Tricks, Part 1: Physical memory resource maps
In this series we’ll document a novel and as-yet-undocumented Virtual Machine detection trick for each month of 2021. These detection tricks will be focused on 64-bit Windows 10 or Windows Server 2019 guests, targeting a variety of VM platforms.
https://labs.nettitude.com/blog/vm-detection-tricks-part-1-physical-memory-resource-maps
In this series we’ll document a novel and as-yet-undocumented Virtual Machine detection trick for each month of 2021. These detection tricks will be focused on 64-bit Windows 10 or Windows Server 2019 guests, targeting a variety of VM platforms.
https://labs.nettitude.com/blog/vm-detection-tricks-part-1-physical-memory-resource-maps
LRQA
VM Detection Tricks, Part 1: Physical memory resource maps
In this series we’ll document a novel and as-yet-undocumented Virtual Machine detection trick for each month of 2021. These detection tricks will be focused on 64-bit Windows 10 or Windows Server 2019 guests, targeting a variety of VM platforms.
❤1