😈 [ Nikhil Hegde @ka1do9 ]
In this one, I go into great detail about how malware walks the Process Environment Block (PEB) to find particular DLLs and parses their export table to find address of functions.
🔗 https://nikhilh-20.github.io/blog/peb_phobos_ransomware/
🐥 [ tweet ]
In this one, I go into great detail about how malware walks the Process Environment Block (PEB) to find particular DLLs and parses their export table to find address of functions.
🔗 https://nikhilh-20.github.io/blog/peb_phobos_ransomware/
🐥 [ tweet ]
👍9🔥6
😈 [ Justin Elze @HackingLZ ]
Pwning C2 frameworks
🔗 https://blog.includesecurity.com/2024/09/vulnerabilities-in-open-source-c2-frameworks/
🐥 [ tweet ]
Pwning C2 frameworks
🔗 https://blog.includesecurity.com/2024/09/vulnerabilities-in-open-source-c2-frameworks/
🐥 [ tweet ]
👍6🔥3
😈 [ konrad @konradgajdus ]
From Theory to Code: Implementing a Neural Network in 200 Lines of C
🔗 http://x.com/i/article/1837064930832404482
🐥 [ tweet ]
From Theory to Code: Implementing a Neural Network in 200 Lines of C
🔗 http://x.com/i/article/1837064930832404482
🐥 [ tweet ]
🤯3
😈 [ Orange Cyberdefense Switzerland @orangecyberch ]
💻🛡️ In this series of blog posts, Clément Labro (itm4n) one of our ethical hacker, explores yet another avenue for bypassing LSA Protection in Userland.
Blog series:
🔗 https://itm4n.github.io/ghost-in-the-ppl-part-1/
🔗 https://itm4n.github.io/ghost-in-the-ppl-part-2/
🔗 https://itm4n.github.io/ghost-in-the-ppl-part-3/
Code:
🔗 https://github.com/itm4n/PPLrevenant
🔗 https://github.com/itm4n/Pentest-Windows/tree/main/NdrServerCallAll
🐥 [ tweet ]
💻🛡️ In this series of blog posts, Clément Labro (itm4n) one of our ethical hacker, explores yet another avenue for bypassing LSA Protection in Userland.
Blog series:
🔗 https://itm4n.github.io/ghost-in-the-ppl-part-1/
🔗 https://itm4n.github.io/ghost-in-the-ppl-part-2/
🔗 https://itm4n.github.io/ghost-in-the-ppl-part-3/
Code:
🔗 https://github.com/itm4n/PPLrevenant
🔗 https://github.com/itm4n/Pentest-Windows/tree/main/NdrServerCallAll
🐥 [ tweet ]
👍10🔥3
😈 [ Remko Weijnen @RemkoWeijnen ]
Proof of Concept to leverage Windows App to create an LSASS dump
🔗 https://github.com/rweijnen/createdump
🐥 [ tweet ]
Proof of Concept to leverage Windows App to create an LSASS dump
🔗 https://github.com/rweijnen/createdump
🐥 [ tweet ]
🥱5🔥4👍1
😈 [ DSAS by INJECT @DevSecAS ]
Recursive Loader
Explanation of code: The following code is inspired by APT Linux/Kobalos. Kobalos was malware, suspected to be tied to the Chinese government, which was fully recursive. It was novel malware.
🔗 https://github.com/Evi1Grey5/Recursive-Loader
🐥 [ tweet ]
Recursive Loader
Explanation of code: The following code is inspired by APT Linux/Kobalos. Kobalos was malware, suspected to be tied to the Chinese government, which was fully recursive. It was novel malware.
🔗 https://github.com/Evi1Grey5/Recursive-Loader
🐥 [ tweet ]
👍11
😈 [ Will @BushidoToken ]
I am happy to share another new resource I recently made called The Russian APT Tool Matrix 🇷🇺
🔗 https://blog.bushidotoken.net/2024/09/the-russian-apt-tool-matrix.html
🔗 https://github.com/BushidoUK/Russian-APT-Tool-Matrix
🐥 [ tweet ]
I am happy to share another new resource I recently made called The Russian APT Tool Matrix 🇷🇺
🔗 https://blog.bushidotoken.net/2024/09/the-russian-apt-tool-matrix.html
🔗 https://github.com/BushidoUK/Russian-APT-Tool-Matrix
🐥 [ tweet ]
ищем себя, пацаны👍8🥱6😁3🍌3😢1
😈 [ Check Point Research @_CPResearch_ ]
10 years of DLL hijacking - featuring abused executables that shouldn't have existed, exported and malicious DLLs with discount bin "packing." Includes a PoC for app developers to pre-emptively stop hijacking without dealing with a certificate authority.
🔗 https://research.checkpoint.com/2024/10-years-of-dll-hijacking-and-what-we-can-do-to-prevent-10-more/
🐥 [ tweet ]
10 years of DLL hijacking - featuring abused executables that shouldn't have existed, exported and malicious DLLs with discount bin "packing." Includes a PoC for app developers to pre-emptively stop hijacking without dealing with a certificate authority.
🔗 https://research.checkpoint.com/2024/10-years-of-dll-hijacking-and-what-we-can-do-to-prevent-10-more/
🐥 [ tweet ]
👍6
😈 [ Fox-IT @foxit ]
Check out our latest blog from our Red Team about EDR evasion through malware virtualisation:
🔗 https://blog.fox-it.com/2024/09/25/red-teaming-in-the-age-of-edr-evasion-of-endpoint-detection-through-malware-virtualisation/
🐥 [ tweet ]
Check out our latest blog from our Red Team about EDR evasion through malware virtualisation:
🔗 https://blog.fox-it.com/2024/09/25/red-teaming-in-the-age-of-edr-evasion-of-endpoint-detection-through-malware-virtualisation/
🐥 [ tweet ]
🔥2
This media is not supported in your browser
VIEW IN TELEGRAM
UnderConf. От сообщества – для сообщества
Keynote-спикеры и докладчики крупных конференций, авторы ваших любимых телеграм-каналов про ИБ, ведущие самых известных воркшопов и легенды индустрии в одном месте – на UnderConf, 29.09.
@crytech7, Сергей Голованов a.k.a. @sk1ks, @n0nvme и другие представят свои последние разработки и исследования, а Сергей Норд, локпикеры Autopsy Will Tell и хардварщики “Танец Роботов” параллельно проведут для вас топовые воркшопы.
На конференции также будет развернута лаборатория Pentest Lab, где можно будет разобраться в сценариях различных атак на части сетевой инфраструктуры компании.
В середине дня пройдут дебаты между Алексеем Гришиным и @i_bo0om о том, как расходятся интересы специалистов и бизнеса.
Подробная программа уже доступна на сайте.
Канал | Чат
Keynote-спикеры и докладчики крупных конференций, авторы ваших любимых телеграм-каналов про ИБ, ведущие самых известных воркшопов и легенды индустрии в одном месте – на UnderConf, 29.09.
@crytech7, Сергей Голованов a.k.a. @sk1ks, @n0nvme и другие представят свои последние разработки и исследования, а Сергей Норд, локпикеры Autopsy Will Tell и хардварщики “Танец Роботов” параллельно проведут для вас топовые воркшопы.
На конференции также будет развернута лаборатория Pentest Lab, где можно будет разобраться в сценариях различных атак на части сетевой инфраструктуры компании.
В середине дня пройдут дебаты между Алексеем Гришиным и @i_bo0om о том, как расходятся интересы специалистов и бизнеса.
Подробная программа уже доступна на сайте.
Канал | Чат
Не рекламы ради, а просто поделиться, куда я решил заглянуть в честь начала отпуска👍5🥱1
😈 [ Mandiant (part of Google Cloud) @Mandiant ]
🚨 Mandiant observed #LummaC2 stealers leveraging a new obfuscation technique to thwart analysis tools and stifle reverse engineering efforts.
Read about this tactic, and how we developed an automated method for removing this protection layer →
🔗 https://cloud.google.com/blog/topics/threat-intelligence/lummac2-obfuscation-through-indirect-control-flow/
🐥 [ tweet ]
🚨 Mandiant observed #LummaC2 stealers leveraging a new obfuscation technique to thwart analysis tools and stifle reverse engineering efforts.
Read about this tactic, and how we developed an automated method for removing this protection layer →
🔗 https://cloud.google.com/blog/topics/threat-intelligence/lummac2-obfuscation-through-indirect-control-flow/
🐥 [ tweet ]
🔥6👍2
Offensive Xwitter
😈 [ Will Harris @parityzero ] With Chrome 127 on Windows, we're introducing enhanced encryption to protect sensitive data, starting with your cookies🍪! This helps protect your personal information and keeps your online accounts secure from hackers. Read more…
👹 [ sn🥶vvcr💥sh @snovvcrash ]
Got curious how the new App-Bound Chromium Encryption can be bypassed, so here’s a minimal PoC for decrypting the Local State key as a non-elevated user via an RPC call to the elevator service (path validation must still be taken into account though):
🔗 https://gist.github.com/snovvcrash/caded55a318bbefcb6cc9ee30e82f824
🐥 [ tweet ]
Got curious how the new App-Bound Chromium Encryption can be bypassed, so here’s a minimal PoC for decrypting the Local State key as a non-elevated user via an RPC call to the elevator service (path validation must still be taken into account though):
🔗 https://gist.github.com/snovvcrash/caded55a318bbefcb6cc9ee30e82f824
🐥 [ tweet ]
🔥18
😈 [ trickster0 @trickster012 ]
I just released my C2 I was working on, on my free time. Feel free to play around make your own forks if you like it. It needs a lot of work but it is a fully rust one with small implant and working sleep obfuscation.
🔗 https://github.com/trickster0/NamelessC2
🐥 [ tweet ]
I just released my C2 I was working on, on my free time. Feel free to play around make your own forks if you like it. It needs a lot of work but it is a fully rust one with small implant and working sleep obfuscation.
🔗 https://github.com/trickster0/NamelessC2
🐥 [ tweet ]
🥱4👍3😁3
😈 [ Soufiane @S0ufi4n3 ]
The (Anti-)EDR Compendium
EDR functionality and bypasses in 2024, with focus on undetected shellcode loader.
🔗 https://blog.deeb.ch/posts/how-edr-works/
🐥 [ tweet ]
The (Anti-)EDR Compendium
EDR functionality and bypasses in 2024, with focus on undetected shellcode loader.
🔗 https://blog.deeb.ch/posts/how-edr-works/
🐥 [ tweet ]
👍9🔥5
Поговорили с Cyber Media о пентесте внутренних сетей, редтимах и рисках, получилось очень лампово:
🔗 https://securitymedia.org/articles/interview/sergey-yashin-positive-technologies-grezy-o-zashchishchennosti-infrastruktury-iz-za-ee-nedostupnosti.html
🔗 https://securitymedia.org/articles/interview/sergey-yashin-positive-technologies-grezy-o-zashchishchennosti-infrastruktury-iz-za-ee-nedostupnosti.html
Telegram
Cyber Media
🗣 Сергей Яшин, Positive Technologies: Грезы о защищенности инфраструктуры из-за ее недоступности из интернета могут привести к плачевным последствиям
Сергей Яшин (snovvcrash), рукoводитель Red Team Development Group Positive Technologies и автор блога Offensive…
Сергей Яшин (snovvcrash), рукoводитель Red Team Development Group Positive Technologies и автор блога Offensive…
🔥21👍5🍌3🥱2