Someone published the source code of the GAPZ bootkit:
Bootkit: https://github.com/Darkabode/zerokit
Usermode Part: https://github.com/Darkabode/possessor
Server Controller Part: https://github.com/Darkabode/0ctrl
Some shared Code: https://github.com/Darkabode/0lib
Analysis GAPZ Bootkit: https://www.welivesecurity.com/wp-content/uploads/2013/04/gapz-bootkit-whitepaper.pdf
@reverseengine
Bootkit: https://github.com/Darkabode/zerokit
Usermode Part: https://github.com/Darkabode/possessor
Server Controller Part: https://github.com/Darkabode/0ctrl
Some shared Code: https://github.com/Darkabode/0lib
Analysis GAPZ Bootkit: https://www.welivesecurity.com/wp-content/uploads/2013/04/gapz-bootkit-whitepaper.pdf
@reverseengine
GitHub
GitHub - Darkabode/zerokit: Zerokit/GAPZ rootkit (non buildable and only for researching)
Zerokit/GAPZ rootkit (non buildable and only for researching) - Darkabode/zerokit
❤1
Linux Kernel Exploitation
https://blog.k3170makan.com/2020/11/linux-kernel-exploitation-0x1-smashing.html?m=1
@reverseengine
https://blog.k3170makan.com/2020/11/linux-kernel-exploitation-0x1-smashing.html?m=1
@reverseengine
❤1
IDA Pro 9.2 Beta3 +Keygen
Win x64
Linux x64
Mac x64, arm
Download 2.4GB
Link1
Link2
Link3
magnet:?xt=urn:btih:ce86306a417dd64fab8d26a4983a58412008a9e&dn=ida92
@reverseengine
Win x64
Linux x64
Mac x64, arm
Download 2.4GB
Link1
Link2
Link3
magnet:?xt=urn:btih:ce86306a417dd64fab8d26a4983a58412008a9e&dn=ida92
@reverseengine
❤1
Hack-cessibility: When DLL Hijacks Meet Windows Helpers
https://trustedsec.com/blog/hack-cessibility-when-dll-hijacks-meet-windows-helpers
@reverseengine
https://trustedsec.com/blog/hack-cessibility-when-dll-hijacks-meet-windows-helpers
@reverseengine
TrustedSec
Hack-cessibility: When DLL Hijacks Meet Windows Helpers
❤2
The art of Breaking Through
https://0xdbgman.github.io/posts/sec-controls-the-art-of-breaking-through
@reverseengine
https://0xdbgman.github.io/posts/sec-controls-the-art-of-breaking-through
@reverseengine
DbgMan
Sec Controls: The Art of Breaking Through
The definitive red team guide to understanding and bypassing Windows security controls: Windows Defender (static + AMSI + behavioral), AppLocker, WDAC, SmartScreen, ASR Rules, Credential Guard (VBS/LSAIso), Sysmon, PPL, and a comprehensive EDR deep-dive covering…
❤2
EDR Killer
Exploits a vulnerability in the wsftprm.sys driver to disable antivirus and EDR
https://github.com/ThanniKudam/TopazTerminator
@reverseengine
Exploits a vulnerability in the wsftprm.sys driver to disable antivirus and EDR
https://github.com/ThanniKudam/TopazTerminator
@reverseengine
GitHub
GitHub - ThanniKudam/TopazTerminator: Just another EDR killer
Just another EDR killer. Contribute to ThanniKudam/TopazTerminator development by creating an account on GitHub.
❤3