#cryptominig #cryptojacking
#malware_spreading #malware_campaing
@ZwLowLevel
https://cyble.com/blog/v3g4-mirai-botnet-evolves/
Please open Telegram to view this post
VIEW IN TELEGRAM
Cyble
V3G4 Mirai Botnet Evolves
CRIL has uncovered an active V3G4 campaign using a Mirai-derived botnet alongside a fileless, runtime-configured cryptominer.
#offensive_tool #windows
#powershell
@ZwLowLevel
https://hackmag.com/security/powershell-secrets-2
Please open Telegram to view this post
VIEW IN TELEGRAM
HackMag
PowerShell Secrets: Building a Graphical User Interface (GUI) for Your Scripts
Tech magazine for cybersecurity specialists
A sophisticated proof-of-concept demonstrating advanced in-memory evasion techniques that cyclically encrypts and decrypts shellcode while fluctuating between different memory protection states to evade detection by memory scanners.
#malware_development #maldev
@ZwLowLevel
Please open Telegram to view this post
VIEW IN TELEGRAM
Advanced Anti-Sandboxing virtual machine
#anti_debugging
#anti_analysis
#hypervisor
@ZwLowLevel
https://github.com/Laeteth/advanced-anti-sandbox-Virtual-Machine
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - Laeteth/advanced-anti-sandbox-Virtual-Machine: Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti…
Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox - Laeteth/advanced-anti-sandbox-Virtual-Machine
Singular Access
A kernel-mode syscall wrapper that enables privileged process operations without requiring handles. Uses
A kernel-mode syscall wrapper that enables privileged process operations without requiring handles. Uses
xKdEnumerateDebuggingDevices pointer hooking for kernel-usermode communication.#windows_kernel #windows_internals
#ring0 #ring_0
#syscall #system_call
@ZwLowLevel
https://github.com/bromoket/access_updated
GitHub
GitHub - bromoket/access_updated: Kernel-mode syscall wrapper with Zydis-based dynamic pattern finding for Windows 10/11
Kernel-mode syscall wrapper with Zydis-based dynamic pattern finding for Windows 10/11 - bromoket/access_updated
LOLRMM
LOLRMM is a curated list of Remote Monitoring and Management (RMM) tools that could potentially be abused by threat actors. #windows_internals #sysmon
@ZwLowLevel
https://lolrmm.io/
#malware_analysis
#malware_campaing
#malware_spreading
@ZwLowLevel
https://www.group-ib.com/blog/turning-apps-into-gold/
Please open Telegram to view this post
VIEW IN TELEGRAM
Group-IB
Hook for Gold: Inside GoldFactory's Сampaign That Turns Apps Into Goldmines
A deep dive into GoldFactory’s evolving mobile fraud campaigns across APAC, including modified banking apps, new malware variants such as Gigaflower, shared criminal infrastructure, and insights from the Group-IB Fraud Matrix, with recommendations for organizations…
BRICKSTORM is a custom Executable and Linkable Format (ELF) Go-based backdoor. The analyzed
samples differ in function, but all enable cyber actors to maintain stealthy access and provide capabilities
for initiation, persistence, and secure command and control (C2). Even though the analyzed samples were
for VMware vSphere environments, there is reporting about Windows versions.
#malware_analysis
@ZwLowLevel
Please open Telegram to view this post
VIEW IN TELEGRAM
#reverse_engineering
#reversing
@ZwLowLevel
https://research.eye.security/consent-and-compromise/
Please open Telegram to view this post
VIEW IN TELEGRAM
Eye Research
Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications
The Eye Security Research team has uncovered a new critical misconfiguration that exposed sensitive data at internal Microsoft applications.
"VX-API", el cual tiene fragmentos de técnicas que se utilizan en MalwareDev.#malware_development #maldev
#malwaredev
@ZwLowLevel
https://vx-api.gitbook.io/vx-api/code-base/markdown
Please open Telegram to view this post
VIEW IN TELEGRAM
vx-api.gitbook.io
CRT Recreation | vx-api
ShellCode
Advanced Windows shellcode development framework with position-independent code generation, dynamic API resolution, and cross-architecture support for security research and penetration testing.
Advanced Windows shellcode development framework with position-independent code generation, dynamic API resolution, and cross-architecture support for security research and penetration testing.
#malware_development
#maldev
#malwaredev
@ZwLowLevel
GitHub
GitHub - Ylxmy/Windows-Shellcode-Generator-Loader: Advanced Windows shellcode development framework with position-independent code…
Advanced Windows shellcode development framework with position-independent code generation, dynamic API resolution, and cross-architecture support for security research and penetration testing. - Y...
elfpeek
Minimal ELF inspector with interactive REPL for quick binary analysis
Minimal ELF inspector with interactive REPL for quick binary analysis
#malware_analysis
@ZwLowLevel
https://github.com/Oblivionsage/elfpeek
GitHub
GitHub - Oblivionsage/elfpeek: Minimal ELF inspector written in C for quick binary layout inspection
Minimal ELF inspector written in C for quick binary layout inspection - Oblivionsage/elfpeek
SAMDump
Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation
Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation
#malwaredev
#malware_development
#maldev
@ZwLowLevel
https://github.com/ricardojoserf/SAMDump
GitHub
GitHub - ricardojoserf/SAMDump: Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and…
Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation - ricardojoserf/SAMDump
Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
#malware_analysis
@ZwLowLevel
https://cloud.google.com/blog/topics/threat-intelligence/intellexa-zero-day-exploits-continue
Google Cloud Blog
Intellexa’s Prolific Zero-Day Exploits Continue | Google Cloud Blog
Commercial surveillance vendor Intellexa continues to thrive and exploit mobile zero-day vulnerabilities.
Cooolis-ms
Cooolis-ms is a tool that incorporates the Metasploit Payload Loader, Cobalt Strike External C2 Loader, and Reflective DLL injection.
Cooolis-ms is a tool that incorporates the Metasploit Payload Loader, Cobalt Strike External C2 Loader, and Reflective DLL injection.
#malware_development
#maldev
#malwaredev
@ZwLowLevel
https://github.com/otuhsgcasg/Cooolis-ms-C2-Loader-Metasploit
The stack circuitry of the Intel 8087 floating point chip, reverse-engineered
#reverse_engineering
#reversing
@ZwLowLevel
Righto
The stack circuitry of the Intel 8087 floating point chip, reverse-engineered
Early microprocessors were very slow when operating with floating-point numbers. But in 1980, Intel introduced the 8087 floating-point copro...