Anti_backdoor.pdf
12.6 MB
Anti-Backdoor Learning:
Training Clean Models on Poisoned Data
Training Clean Models on Poisoned Data
❤1
Modern Obfuscation Techniques
https://is.muni.cz/th/v1f9y/Modern_obfuscation_techniques.pdf
@reverseengine
https://is.muni.cz/th/v1f9y/Modern_obfuscation_techniques.pdf
@reverseengine
❤1
Abusing native Windows functions for shellcode execution
http://ropgadget.com/posts/abusing_win_functions.html
http://ropgadget.com/posts/abusing_win_functions.html
❤1
A Deep Dive Into Malicious Direct Syscall Detection
https://www.paloaltonetworks.com/blog/security-operations/a-deep-dive-into-malicious-direct-syscall-detection
https://www.paloaltonetworks.com/blog/security-operations/a-deep-dive-into-malicious-direct-syscall-detection
Palo Alto Networks Blog
A Deep Dive Into Malicious Direct Syscall Detection - Palo Alto Networks Blog
This blog explains how attackers use direct syscalls to overcome most EDR solutions, by first discussing the conventional Windows syscall flow and how most EDR solutions monitor those calls.
❤1
x64dbg plugin for simple spoofing of CPUID instruction behavior
https://github.com/jonatan1024/CpuidSpoofer
https://github.com/jonatan1024/CpuidSpoofer
GitHub
GitHub - jonatan1024/CpuidSpoofer: x64dbg plugin for simple spoofing of CPUID instruction behavior
x64dbg plugin for simple spoofing of CPUID instruction behavior - jonatan1024/CpuidSpoofer
❤1
fpicker: Fuzzing with Frida
https://insinuator.net/2021/03/fpicker-fuzzing-with-frida
https://github.com/ttdennis/fpicker
https://insinuator.net/2021/03/fpicker-fuzzing-with-frida
https://github.com/ttdennis/fpicker
GitHub
GitHub - ttdennis/fpicker: fpicker is a Frida-based fuzzing suite supporting various modes (including AFL++ in-process fuzzing)
fpicker is a Frida-based fuzzing suite supporting various modes (including AFL++ in-process fuzzing) - ttdennis/fpicker
❤1
Bypassing Frida: Advance Frida Detection Bypass
https://medium.com/@haxymad/bypassing-frida-advanced-frida-detection-bypass-part-1-cc7c1dfbad9d
https://medium.com/@haxymad/bypassing-frida-advanced-frida-detection-bypass-part-2-e3466a141a4c
https://medium.com/system-weakness/bypassing-frida-advanced-frida-detection-bypass-part-3-339aa1202c48
https://medium.com/system-weakness/bypassing-frida-advanced-frida-detection-bypass-part-4-c258e8f5aa64
https://medium.com/@haxymad/bypassing-frida-advanced-frida-detection-bypass-part-1-cc7c1dfbad9d
https://medium.com/@haxymad/bypassing-frida-advanced-frida-detection-bypass-part-2-e3466a141a4c
https://medium.com/system-weakness/bypassing-frida-advanced-frida-detection-bypass-part-3-339aa1202c48
https://medium.com/system-weakness/bypassing-frida-advanced-frida-detection-bypass-part-4-c258e8f5aa64
Medium
Bypassing Frida: Advanced Frida Detection Bypass — Part 1
Hey dude.
❤1🔥1
VM Detection Tricks, Part 1: Physical memory resource maps
In this series we’ll document a novel and as-yet-undocumented Virtual Machine detection trick for each month of 2021. These detection tricks will be focused on 64-bit Windows 10 or Windows Server 2019 guests, targeting a variety of VM platforms.
https://labs.nettitude.com/blog/vm-detection-tricks-part-1-physical-memory-resource-maps
In this series we’ll document a novel and as-yet-undocumented Virtual Machine detection trick for each month of 2021. These detection tricks will be focused on 64-bit Windows 10 or Windows Server 2019 guests, targeting a variety of VM platforms.
https://labs.nettitude.com/blog/vm-detection-tricks-part-1-physical-memory-resource-maps
LRQA
VM Detection Tricks, Part 1: Physical memory resource maps
In this series we’ll document a novel and as-yet-undocumented Virtual Machine detection trick for each month of 2021. These detection tricks will be focused on 64-bit Windows 10 or Windows Server 2019 guests, targeting a variety of VM platforms.
❤1
Decompilation Debugging
https://clearbluejar.github.io/posts/decompilation-debugging-pretending-all-binaries-come-with-source-code
https://clearbluejar.github.io/posts/decompilation-debugging-pretending-all-binaries-come-with-source-code
clearbluejar
Decompilation Debugging
Debugging an application can provide the insight needed troubleshoot a subtle bug in your software. Normally, when debugging, you have source code and data type information (aka symbols) to help navigate your application. In the world of Reverse Engineering…
❤1
❤1
IDA Pro 9.3 KeyGen.py
10.7 KB
IDA Pro 9.3 KeyGen
pip install + privilege escalation on Win (ShellExecuteW(..., "runas", ...) + generation of JSON license and signature + copying idapro.hexlic to %APPDATA%\Hex-Rays\Ida Pro\idapro.hexlic + of course editing the registry HKCU\SOFTWARE\Hex-Rays\IDA\Licenses\ + patching IDA binaries
On *nix/mac - it searches for libida.so, libida32.so, .dylib in the current directory and patches them
@reverseengine
pip install + privilege escalation on Win (ShellExecuteW(..., "runas", ...) + generation of JSON license and signature + copying idapro.hexlic to %APPDATA%\Hex-Rays\Ida Pro\idapro.hexlic + of course editing the registry HKCU\SOFTWARE\Hex-Rays\IDA\Licenses\ + patching IDA binaries
On *nix/mac - it searches for libida.so, libida32.so, .dylib in the current directory and patches them
@reverseengine
❤5