رودمپ پیشنهادی برای ورود به #ردتیم
https://xmind.app/m/9Zcnkq

Malware development Basics - How EDRs work, Effective techniques to circumvent them and How to compensate for EDR protection gaps..


https://conference.hitb.org/hitbsecconf2022sin/materials/D1T1%20-%20EDR%20Evasion%20Primer%20for%20Red%20Teamers%20-%20Karsten%20Nohl%20&%20Jorge%20Gimenez.pdf

@GoSecurity
#malware #edr

Linux File System Structure Explained From Root (/) to /usr

Topics covered in this video include:

1. What the root directory (/) is and how the Linux filesystem tree is structured
2. The role of essential folders like /bin and /sbin for core system commands
3. The importance of the /etc directory for configuration and system settings
4. How user-specific files and personal data are organized inside /home
5. Why /var stores logs, databases, caches, and other changing system data
6. The purpose of /tmp for temporary files and safe-to-delete data
7. A detailed look at /usr, one of the largest and most important directories in Linux
8. What lives inside /dev and how Linux represents hardware as files
9. Why /boot is required for the system to start properly
10. How all these directories interact to create a stable, flexible, and secure Linux environment


@GoSecurity
#Linux #FHS #FileSystem #root

YES ,C is easy

@GoSecurity
#C

This is why Linux succeeded as an open source project.

@GoSecurity
#linux

This cve addresses a vulnerability in sudo versions 1.9.14 to 1.9.17, enabling unauthorized local privilege escalation to root access.

https://github.com/Nowafen/CVE-2025-32463

@GoSecurity
#CVE #LPE #Linux #exploit

plz use it!

Synology BeeStation RCE & A Novel SQLite Injection RCE Technique (CVE-2024-50629~50631)

This chain is a compelling case study of how chaining seemingly low-severity primitives can bridge the gap to full system compromise. A CRLF injection reads limited file, a conditional auth bypass, and a post-auth SQL injection—while individually limited, they become critical when chained together.

• CVE-2024-50629: Synology BeeStation BST150-4T CRLF Injection Information Disclosure Vulnerability
• CVE-2024-50631: This
vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BeeStation BST150-4T devices. Authentication is required to exploit this vulnerability.

Exploit: https://github.com/kiddo-pwn/CVE-2024-50629_50631

AFFECTED PRODUCTS:
BeeStation BST150-4T

Tweet: https://x.com/kiddo_pwn/status/1995435316304588881?s=46

Search Query: service: “synology” tag: “NAS” noscript: DiskStation

‼️Smartphones worldwide were silently infected with Israeli malware via malicious ads

Simply viewing their ads was enough to get infected.

Surveillance company Intellexa gained full access to cameras, microphones, chat apps, emails, GPS locations, photos, files, and browsing activity.

@GoSecurity
#israel #malware

https://x.com/vxunderground/status/1997436073908043946?s=46

❕Updates:
vx-underground.com

@GoSecurity
#malware #underground

وقتی فکر می‌کنم که یک نفر در سال 2009 نشسته و کل سورس‌کد glibc را خط‌به‌خط تحلیل کرده تا نهایتاً به تکنیک Prime برسد، واقعاً mind‑blowing است. اینکه بتوانی از دل پیاده‌سازی داخلی allocator، یک miscalculation در fastbin_index را شناسایی کنی و نشان بدهی چگونه یک heap overflow کاملاً معمولی می‌تواند به کنترل کامل ساختار malloc_state منجر شود و مسیر را برای یک arbitrary write تضمینی باز کند… این سطح دقت و توانایی dissect کردن allocator واقعاً یک ذهن فوق‌العاده تیز می‌خواهد. بعد طرف داخل اسپلانک یک رول می‌نویسد که دو نوع مقدار را با هم مقایسه کند، فکر می‌کند ارباب حلقه‌ها شده است.

@aioooir | #hell

Mathematics ❕

@GoSecurity
#math

Age of Programming Languages

Swift (11 years old) (2014)
Kotlin (13 years old) (2011)
Rust (14 years old) (2010)
Go (15 years old) (2009)
TypeScript (12 years old) (2012)
C# (24 years old) (2000)
Ruby (29 years old) (1995)
Java (29 years old) (1995)
JavaScript (29 years old) (1995)
PHP (30 years old) (1994)
Python (34 years old) (1991)
Perl (37 years old) (1987)
C++ (39 years old) (1985)
Objective-C (40 years old) (1984)
Prolog (52 years old) (1972)
Smalltalk (52 years old) (1972)
C (52 years old) (1972)
Pascal (54 years old) (1970)
BASIC (60 years old) (1964)
COBOL (65 years old) (1959)
Lisp (66 years old) (1958)
Fortran (67 years old) (1957)
Assembly (76 years old) (1949)

@GoSecurity
#programming

LazyHook is a stealthy API hooking framework that bypasses Host Intrusion Prevention Systems (HIPS) through call stack spoofing. By leveraging CPU-level hardware breakpoints and Vectored Exception Handling, it executes arbitrary code as if it originated from trusted, Microsoft-signed modules—completely fooling behavioral analysis engines that rely on call stack inspection and module origin verification.

Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks
Uses hardware breakpoints + VEH to hijack legitimate functions and spoof module origins

│ 1. Target Function Call
│ ↓
│ 2. CPU Debug Register Triggers (DR0-DR3) │
│ ↓
│ 3. EXCEPTION_SINGLE_STEP Raised │
│ ↓
│ 4. VEH Handler Intercepts Exception │
│ ↓
│ 5. Execution Redirected to Hook Function │
│ ↓
│ 6. CallOriginal() Temporarily Disables Breakpoint
│ ↓
│ 7. Original Function Executes │
│ ↓
│ 8. Breakpoint Re-enabled

#callstackspoofing #edr