Trainsec - MAoS – Malware Analysis on Steroids Bundle

🔗 Download

Info : https://trainsec.net/courses/maos-malware-analysis-on-steroids-bundle/

@offenciveSec

CLR Unhooking Tool

Note: For this to have the effect of a clean CLR, you’d need to manually map the DLL from disk into memory. You cannot use LoadLibraryA/W, because antivirus solutions will detect the DLL load event and may hook it immediately. If you want this behavior, you can look up existing manual mappers on GitHub and integrate one into your codebase. I’m not including one here, as AV vendors generally don’t appreciate that

A native C++ utility that bypasses EDR/AV hooks in the .NET Common Language Runtime by restoring the original nLoadImage function implementation.

Matthew Graeber (@mattifestation) - Reverse engineering InternalCall methods and CLR internals


#clr #bypass #rev

LazyHook is a stealthy API hooking framework that bypasses Host Intrusion Prevention Systems (HIPS) through call stack spoofing. By leveraging CPU-level hardware breakpoints and Vectored Exception Handling, it executes arbitrary code as if it originated from trusted, Microsoft-signed modules—completely fooling behavioral analysis engines that rely on call stack inspection and module origin verification.

Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks
Uses hardware breakpoints + VEH to hijack legitimate functions and spoof module origins

│ 1. Target Function Call
│ ↓
│ 2. CPU Debug Register Triggers (DR0-DR3) │
│ ↓
│ 3. EXCEPTION_SINGLE_STEP Raised │
│ ↓
│ 4. VEH Handler Intercepts Exception │
│ ↓
│ 5. Execution Redirected to Hook Function │
│ ↓
│ 6. CallOriginal() Temporarily Disables Breakpoint
│ ↓
│ 7. Original Function Executes │
│ ↓
│ 8. Breakpoint Re-enabled

#callstackspoofing #edr

APT15 Cyber Espionage: Campaigns and TTPs Analysis

My favorite Group 😁

#ttp #china

Malware Just Got Its Free Passes Back!

#callstack #edr

Prince of Persia: A Decade of Iranian Nation-State APT Campaign Activity under the Microscope

See how a SafeBreach researcher tracked the malicious threat actor to achieve unprecedented visibility into the group’s ongoing operations, including activity as recently as December 2025.



According to Cybersecurity Ventures, if Cybercrime were a country it would be the world's third largest Economy

Cybercrime is predicted to cost the world $10.5 trillion USD in 2025, according to Cybersecurity Ventures. If it were measured as a country, then cybercrime would be the world’s third largest economy after the U.S. and China.

This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.

Source

#analytics

🔴 هک سیستم با زیرنویس فیلم One Battle After Another جعلی

محققای Bitdefender در گزارشی نشون دادن که چطوری هکرها، از طریق زیرنویس فیلم One Battle After Another، اقدام به توزیع Agent Tesla کردن.

#بدافزار #آنالیز_بدافزار #پاورشل

#AgentTesla #Poweshell

🆔 @onhex_ir
🌍 ONHEXGROUP (Official Links)

Browser Hijacking: Three Technique Studies
https://www.gdatasoftware.com/blog/2025/11/38298-learning-about-browser-hijacking

#source #stealer

😇Elastic:Call Stacks: No More Free Passes For Malware


😈klezVirus: Malware Just Got Its Free Passes Back!


#callstack #edr