Function Identification in ESP32 Firmware Using Ghidra FIDB
#reverse_engineering
#reversing
#firmware_analysis
@ZwLowLevel
https://www.tarlogic.com/blog/esp32-firmware-using-ghidra-fidb/
Tarlogic Security
Function Identification in ESP32 Firmware Using Ghidra FIDB
Learn how to reverse engineer ESP32 firmware faster using Ghidra FIDB and ESP-IDF to automate function identification
The Linux kernel is just a program
#linux_kernel
#linux_internals
#ring_0
@ZwLowLevel
https://serversfor.dev/linux-inside-out/the-linux-kernel-is-just-a-program/
serversfor.dev
The Linux kernel is just a program
Most books and courses introduce Linux through shell commands, leaving the kernel as a mysterious black box doing magic behind the scenes. In this post, we will run some experiments to demystify it: the Linux kernel is just a binary that you can build and…
Silver Fox Targeting India Using Tax Themed Phishing Lures
#malware_analysis
#malware_spreading
#malware_campaing
@ZwLowLevel
Cloudsek
Silver Fox Targeting India Using Tax Themed Phishing Lures | CloudSEK
CloudSEK's TRIAD reveals a critical campaign by the Chinese "Silver Fox" APT targeting Indian entities with authentic-looking Income Tax phishing lures. While previously misattributed to SideWinder, this sophisticated attack leverages a complex kill chain…
The COM: Anatomy of an English-Speaking Cybercriminal Ecosystem And The Origins of Scattered Lapsus$ Hunters
#cyber_threat_intelligence
#cti
#threat_hunting
@ZwLowLevel
Cloudsek
The COM: Anatomy of an English-Speaking Cybercriminal Ecosystem And The Origins of Scattered Lapsus$ Hunters | CloudSEK
Over the past decade, the English-speaking cybercriminal ecosystem commonly referred to as “The COM” has undergone a profound transformation. What began as a niche subculture centered on the trading of what is called “OG Usernames (original gangster)”
DumpChromeSecrets
Extract data from modern Chrome versions, including refresh tokens, cookies, saved credentials, autofill data, browsing history, and bookmarks.
Extract data from modern Chrome versions, including refresh tokens, cookies, saved credentials, autofill data, browsing history, and bookmarks.
#offensive_tool
#red_team
@ZwLowLevel
Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain
#malware_spreading
#malware_campaing
#malware_analysis
@ZwLowLevel
https://www.bitdefender.com/en-us/blog/labs/fake-leonardo-dicaprio-movie-torrent-agent-tesla-powershell
Bitdefender Labs
Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain
Bitdefender researchers investigate a complex infection chain embedded in a fake movie torrent for One Battle After Another.
Reverse Engineering a TP-Link Router: Getting Root Access via UART Protocol
#firmware_analysis
#firmware_hacking
#reverse_engineering
@ZwLowLevel
Medium
Reverse Engineering a TP-Link Router: Getting Root Access via UART Protocol
UART, this is the main topic for today. UART protocol stands for Universal Asynchronous Receiver/Transmitter (UART). This is the protocol…
Battling The Eye: Exploring the Anti-Cheat Techniques of BattlEye
#windows_internals
#kernel_callbacks
#reverse_engineering
#anti_cheat
@ZwLowLevel
https://dl.acm.org/doi/epdf/10.1145/3733817.3762701
Indirect Syscall + Google Gemini AI = Bypass Microsoft Defender.
#edr_bypass
#edr_evasion
#malware_development
#maldev
@ZwLowLevel
https://youtu.be/Qhk2JEuWj2k?si=sZcJu6MLIInWVRTc
YouTube
Indirect Syscall + Google Gemini AI = Windows Defender Bypass (Merry Christmas)
Be better than yesterday -
Revisiting an old video published approximately 8 months ago and it was being picked up by Windows Defender. This video demonstrates a quick and straight-forward XOR encryption/decryption routine to supplement the shellcode loader…
Revisiting an old video published approximately 8 months ago and it was being picked up by Windows Defender. This video demonstrates a quick and straight-forward XOR encryption/decryption routine to supplement the shellcode loader…
VectoredOverloading in Rust
It works by manipulating the load of a legitimate DLL using Hardware Breakpoints (HWBP) and Vectored Exception Handling (VEH) to change the DLL section object on-the-fly.
It works by manipulating the load of a legitimate DLL using Hardware Breakpoints (HWBP) and Vectored Exception Handling (VEH) to change the DLL section object on-the-fly.
#malware_development
#maldev
#malwaredev
@ZwLowLevel
https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/VectoredOverloading
GitHub
Rust-for-Malware-Development/VectoredOverloading at main · Whitecat18/Rust-for-Malware-Development
Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀 - Whitecat18/Rust-for-Malware-Development
How phishing spreads malware against Ukraine
This article looks at a new wave of threats linked to a service-based model for distributing malware, which is already being used against Ukrainian organizations.
This article looks at a new wave of threats linked to a service-based model for distributing malware, which is already being used against Ukrainian organizations.
#malware_spreading
#malware_campaing
#malware_analysis
@ZwLowLevel
HackYourMom
How phishing spreads malware against Ukraine - HackYourMom
Forwarded from Source Byte
Backdoor code found in Trust Wallet browser extension, causing theft of tens of millions of dollars in assets
A new backdoor code was added to version 2.68 of the Trust Wallet cryptocurrency wallet's browser extension, which sends users' mnemonic phrases to attacker servers. Due to the automatic update mechanism, the impact was widespread. On Christmas Day, December 25th, attackers began transferring funds, and according to current estimates, more than tens of millions of dollars in assets have been stolen. The latest version 2.69 has now removed the backdoor code.
🔥1