آنتی فارنزیک در حافظه
از جناب علیرضا تقی خانی
https://medium.com/@alirezataghikhani1998/memory-analysis-against-anti-forensics-methods-22dd2c37f2a
@Engineer_Computer
از جناب علیرضا تقی خانی
https://medium.com/@alirezataghikhani1998/memory-analysis-against-anti-forensics-methods-22dd2c37f2a
@Engineer_Computer
Medium
Memory Analysis Against Anti-Forensics Methods
“Exploring RAM acquisition techniques and focus on how malware uses anti-forensics techniques to evade memory acquisition”
سرتیفیکیت بیش از ۸۳ هزار دامین چرا باطل میشود؟
https://thehackernews.com/2024/07/digicert-to-revoke-83000-ssl.html
@Engineer_Computer
https://thehackernews.com/2024/07/digicert-to-revoke-83000-ssl.html
@Engineer_Computer
⭕️ قابل توجه کاربران ایرانی که از سرویس دهنده Aeza بدلیل ارزون بودن استفاده هایی مثل راه اندازی VPN میکنند .
گزارش فعالیت های هکرهای روسیه در اروپا نشون میده که در جهت گسترش منافع روسیه بحثهایی که شکل گرفته نشون میده از اسم شرکت Aeza به عنوان یکی از اهرم های اصلی تهیه زیرساخت های هکرهای روس نام برده شده است.
سرویس دهنده ای که بین کاربران ایرانی خیلی پرطرفدار است.
باید مراقب و آگاهی نسبت به ریسک های استفاده از سرورهای این سرویس دهنده رو داشته باشید.
https://correctiv.org/en/fact-checking-en/2024/07/22/inside-doppelganger-how-russia-uses-eu-companies-for-its-propaganda/
#Aeza #VPN #ru
@Engineer_Computer
گزارش فعالیت های هکرهای روسیه در اروپا نشون میده که در جهت گسترش منافع روسیه بحثهایی که شکل گرفته نشون میده از اسم شرکت Aeza به عنوان یکی از اهرم های اصلی تهیه زیرساخت های هکرهای روس نام برده شده است.
سرویس دهنده ای که بین کاربران ایرانی خیلی پرطرفدار است.
باید مراقب و آگاهی نسبت به ریسک های استفاده از سرورهای این سرویس دهنده رو داشته باشید.
https://correctiv.org/en/fact-checking-en/2024/07/22/inside-doppelganger-how-russia-uses-eu-companies-for-its-propaganda/
#Aeza #VPN #ru
@Engineer_Computer
CORRECTIV
Inside Doppelganger – How Russia uses EU companies for its propaganda
How Doppelganger, one of the biggest Russian disinformation campaigns, is using EU companies to keep spreading its propaganda – despite sanctions.
از chatGPT بهینه استفاده کنیم
مثال : سوال
As a forensic expert , Explain system call
جواب :
A system call is an essential mechanism that allows user-level processes to request services from the operating system's kernel. These services can include tasks like accessing hardware, managing files, allocating memory, or creating and managing processes. Here’s a detailed breakdown of system calls from a forensic expert's perspective:
### Basic Concept
1. Definition: A system call is a controlled entry point that allows a program to request a service from the operating system's kernel.
2. Purpose: It provides an interface between user-space applications and the kernel, enabling them to perform operations that require higher privileges.
### Categories of System Calls
System calls can be broadly categorized based on their functionality:
1. Process Control: Creating and managing processes (e.g., fork(), exec(), wait(), exit()).
2. File Management: Handling files and directories (e.g., open(), read(), write(), close(), unlink()).
3. Device Management: Interacting with hardware devices (e.g., ioctl(), read(), write()).
4. Information Maintenance: Gathering and setting system information (e.g., getpid(), alarm(), sleep()).
5. Communication: Facilitating inter-process communication (e.g., pipe(), shmget(), msgsnd(), recv()).
### System Call Lifecycle
1. Invocation: A system call is typically invoked by a user-level process through a library function (e.g., the C standard library).
2. Transition to Kernel Mode: The CPU switches from user mode to kernel mode to execute the system call. This transition is often triggered by a software interrupt or trap.
3. Kernel Execution: The kernel executes the requested service using its internal resources and privileged instructions.
4. Return to User Mode: The results of the system call are returned to the user process, and the CPU switches back to user mode.
### Forensic Relevance
From a forensic perspective, understanding system calls is crucial for several reasons:
1. Activity Monitoring: System calls provide insights into what a process is doing. By monitoring system calls, forensic experts can track file access, process creation, and other critical activities.
2. Malware Analysis: Malicious software often relies on system calls to perform its actions. By analyzing the sequence of system calls, experts can understand the behavior of malware.
3. Incident Response: During an incident, system call logs can help reconstruct the events leading up to the security breach.
4. Digital Evidence: System call traces can serve as digital evidence in investigations, revealing unauthorized access or data manipulation.
### Tools and Techniques
1. Strace: A widely used tool in Unix-like systems to trace system calls made by a process.
2. Auditd: The Linux Auditing System, which can log system calls for security monitoring and compliance purposes.
3. Sysmon: A Windows system service that logs system calls and other system events for detailed monitoring.
### Example
Here’s a simple example of how a system call works:
In this C program:
- The read() system call reads data from the standard input.
- The write() system call writes data to the standard output.
By understanding and analyzing such system calls, forensic experts can gain insights into the actions performed by processes on a system.
@Engineer_Computer
مثال : سوال
As a forensic expert , Explain system call
جواب :
A system call is an essential mechanism that allows user-level processes to request services from the operating system's kernel. These services can include tasks like accessing hardware, managing files, allocating memory, or creating and managing processes. Here’s a detailed breakdown of system calls from a forensic expert's perspective:
### Basic Concept
1. Definition: A system call is a controlled entry point that allows a program to request a service from the operating system's kernel.
2. Purpose: It provides an interface between user-space applications and the kernel, enabling them to perform operations that require higher privileges.
### Categories of System Calls
System calls can be broadly categorized based on their functionality:
1. Process Control: Creating and managing processes (e.g., fork(), exec(), wait(), exit()).
2. File Management: Handling files and directories (e.g., open(), read(), write(), close(), unlink()).
3. Device Management: Interacting with hardware devices (e.g., ioctl(), read(), write()).
4. Information Maintenance: Gathering and setting system information (e.g., getpid(), alarm(), sleep()).
5. Communication: Facilitating inter-process communication (e.g., pipe(), shmget(), msgsnd(), recv()).
### System Call Lifecycle
1. Invocation: A system call is typically invoked by a user-level process through a library function (e.g., the C standard library).
2. Transition to Kernel Mode: The CPU switches from user mode to kernel mode to execute the system call. This transition is often triggered by a software interrupt or trap.
3. Kernel Execution: The kernel executes the requested service using its internal resources and privileged instructions.
4. Return to User Mode: The results of the system call are returned to the user process, and the CPU switches back to user mode.
### Forensic Relevance
From a forensic perspective, understanding system calls is crucial for several reasons:
1. Activity Monitoring: System calls provide insights into what a process is doing. By monitoring system calls, forensic experts can track file access, process creation, and other critical activities.
2. Malware Analysis: Malicious software often relies on system calls to perform its actions. By analyzing the sequence of system calls, experts can understand the behavior of malware.
3. Incident Response: During an incident, system call logs can help reconstruct the events leading up to the security breach.
4. Digital Evidence: System call traces can serve as digital evidence in investigations, revealing unauthorized access or data manipulation.
### Tools and Techniques
1. Strace: A widely used tool in Unix-like systems to trace system calls made by a process.
2. Auditd: The Linux Auditing System, which can log system calls for security monitoring and compliance purposes.
3. Sysmon: A Windows system service that logs system calls and other system events for detailed monitoring.
### Example
Here’s a simple example of how a system call works:
#include <unistd.h>
#include <stdio.h>
int main() {
char buffer[128];
int bytesRead;
// System call: read from standard input (file denoscriptor 0)
bytesRead = read(0, buffer, 128);
// System call: write to standard output (file denoscriptor 1)
write(1, buffer, bytesRead);
return 0;
}
In this C program:
- The read() system call reads data from the standard input.
- The write() system call writes data to the standard output.
By understanding and analyzing such system calls, forensic experts can gain insights into the actions performed by processes on a system.
@Engineer_Computer
🔥1
تحلیل رفتاری گروه UNC4393
https://cloud.google.com/blog/topics/threat-intelligence/unc4393-goes-gently-into-silentnight?linkId=10528541
@Engineer_Computer
https://cloud.google.com/blog/topics/threat-intelligence/unc4393-goes-gently-into-silentnight?linkId=10528541
@Engineer_Computer
Google Cloud Blog
UNC4393 Goes Gently into the SILENTNIGHT | Google Cloud Blog
We detail the evolution of UNC4393's operational tactics and malware usage throughout its active lifespan.
👍1
پیرو مقالات هانت
تغییر نام پراسس ها در لینوکس برای غیر مشکوک سازی
https://doubleagent.net/process-name-stomping/
@Engineer_Computer
تغییر نام پراسس ها در لینوکس برای غیر مشکوک سازی
https://doubleagent.net/process-name-stomping/
@Engineer_Computer
haxrob
Hiding in plain sight: Modifying process names in UNIX-like systems (part 1)
Exploring ways malware on Linux and other UNIX-like systems can disguise their process names.
🔐 OWASP_ Security Code Review Guide!.pdf
2.3 MB
راهنمای مرور امنیت کد از OWASP
@Engineer_Computer
@Engineer_Computer
TheHackersHardwareToolkit.pdf
6 MB
💎 کتاب جعبه ابزار سخت افزاری برای هکرها
➖در این کتاب 133 گجت سخت افزاری معرفی شده است که در هک و نفوذ کاربرد دارند.
@Engineer_Computer
➖در این کتاب 133 گجت سخت افزاری معرفی شده است که در هک و نفوذ کاربرد دارند.
@Engineer_Computer
#Adobe Reader 2018 #Zeroday Exploit Analysis
در تصویر شماره 0 در فایل فرمت PDF و در زبان ActionScript مهاجم اقدام به صدا زدن مفسر JavaScript میکنه، و بواسطه یک دکمه میاد و تابع trigger رو به اجرا در میاره.
قبل از به اجرا در اومدن تابع، یک دکمه ساخته میشه که از نوع display.visible هستش که اینکار باعث میشه JIT Compiler برنامه Adobe Reader بیاد و پردازشگر JPEG2000 رو صدا کنه و به طبع اون کتابخونه (JP2KLib.dll) پردازشگر این Object رو فراخوانی خواهد کرد.
در تصویر 3 مهاجم میاد تکنیک Heap Spray رو اجرا میکنه که موجب میشه در حافظه Heap طول بافر 10 هزار رزرو بشه، بعد میاد همون حافظه Alloc شده رو آزاد میکنه، بعد میاد بواسطه Object که f.display ساخته بود (JP2KLib) به رو از همون منطقه اشاره میکنه بعد میاد index رو بدست میاره و طول بافر 250 رو آزاد میکنه، بعد محاسبه میکنه از از 10 هزار 249 تا بره بالا چه آدرسی خواهد بود، بعد میاد بواسطه یه sprayarr دقیقا به همون اندازه که آزاد کرده بود به بالا، یعنی 0x400 اشاره میکنه که اینجا OOB Read اتفاق می افته...
هک بواسطه یک PDF !
@Engineer_Computer
در تصویر شماره 0 در فایل فرمت PDF و در زبان ActionScript مهاجم اقدام به صدا زدن مفسر JavaScript میکنه، و بواسطه یک دکمه میاد و تابع trigger رو به اجرا در میاره.
قبل از به اجرا در اومدن تابع، یک دکمه ساخته میشه که از نوع display.visible هستش که اینکار باعث میشه JIT Compiler برنامه Adobe Reader بیاد و پردازشگر JPEG2000 رو صدا کنه و به طبع اون کتابخونه (JP2KLib.dll) پردازشگر این Object رو فراخوانی خواهد کرد.
در تصویر 3 مهاجم میاد تکنیک Heap Spray رو اجرا میکنه که موجب میشه در حافظه Heap طول بافر 10 هزار رزرو بشه، بعد میاد همون حافظه Alloc شده رو آزاد میکنه، بعد میاد بواسطه Object که f.display ساخته بود (JP2KLib) به رو از همون منطقه اشاره میکنه بعد میاد index رو بدست میاره و طول بافر 250 رو آزاد میکنه، بعد محاسبه میکنه از از 10 هزار 249 تا بره بالا چه آدرسی خواهد بود، بعد میاد بواسطه یه sprayarr دقیقا به همون اندازه که آزاد کرده بود به بالا، یعنی 0x400 اشاره میکنه که اینجا OOB Read اتفاق می افته...
هک بواسطه یک PDF !
@Engineer_Computer
❤1
برای رسیدن به محرمانگی هنگام استفاده از LLM ها
میتوانید از لینک زیر برای خود لوکال LLM بالا بیاورید
حوزه استفاده : مهندسی معکوس
Core Features
Offline Operation: Runs LLMs entirely on local CPU/GPU, ensuring data privacy and security.
Automatic Function Naming: Automatically suggests semantically meaningful function names from decompiler output.
Binary Ninja Integration: Seamlessly integrates as a plugin with Binary Ninja.
Modular Architecture: Designed for easy extension to support other reverse engineering tools like IDA and Ghidra.
Consumer Hardware Compatibility: Optimized to run on consumer-grade hardware, such as Apple silicon architectures.
Enhanced AI with Static Analysis: Improves AI-based analysis and suggestions by incorporating insights from static analysis, providing a richer context and more accurate results.
https://github.com/mrphrazer/reverser_ai
@Engineer_Computer
میتوانید از لینک زیر برای خود لوکال LLM بالا بیاورید
حوزه استفاده : مهندسی معکوس
Core Features
Offline Operation: Runs LLMs entirely on local CPU/GPU, ensuring data privacy and security.
Automatic Function Naming: Automatically suggests semantically meaningful function names from decompiler output.
Binary Ninja Integration: Seamlessly integrates as a plugin with Binary Ninja.
Modular Architecture: Designed for easy extension to support other reverse engineering tools like IDA and Ghidra.
Consumer Hardware Compatibility: Optimized to run on consumer-grade hardware, such as Apple silicon architectures.
Enhanced AI with Static Analysis: Improves AI-based analysis and suggestions by incorporating insights from static analysis, providing a richer context and more accurate results.
https://github.com/mrphrazer/reverser_ai
@Engineer_Computer
GitHub
GitHub - mrphrazer/reverser_ai: Provides automated reverse engineering assistance through the use of local large language models…
Provides automated reverse engineering assistance through the use of local large language models (LLMs) on consumer hardware. - mrphrazer/reverser_ai
تهدیدات ریز پرنده ها
https://www.asisonline.org/security-management-magazine/articles/2023/05/uncrewed-aerial-systems/security-implications-drones/
@Engineer_Computer
https://www.asisonline.org/security-management-magazine/articles/2023/05/uncrewed-aerial-systems/security-implications-drones/
@Engineer_Computer
www.asisonline.org
The Security Implications of Drone Threats
While drones can be used for good, there are a variety of nefarious uses of the technology that threaten both physical and national security.