Forwarded from Proxy Bar
Hi everyone! Does anyone know how to get the image base address from a remote process without using NtQueryInformationProcess? If you know, please let me know. Thanks in advance.
Amadey Malware: A Comparative Study of Static Detection vs Memory-Based Detection
#malware_analysis
@ZwLowLevel
Code Before Breach
Amadey Malware: A Comparative Study of Static Detection vs Memory-Based Detection
Using Amadey as a case study, this post compares static signature detection and memory-based detection through structure, evasion difficulty, and YARA usage.
Injecting DLLs in Rust: A Hands-On Guide to Classic Remote Thread Injection
#malware_development
#malwaredev
#maldev
@ZwLowLevel
Medium
Injecting DLLs in Rust: A Hands-On Guide to Classic Remote Thread Injection
DLL injection is a well-known Windows technique that allows one process to load a dynamic-link library (DLL) into another process’s address…
Malicious NPM Packages Deliver NodeCordRAT
#malware_analysis
#cyber_threat_intelligence
#cti
@ZwLowLevel
Zscaler
Malicious NPM Packages Deliver NodeCordRAT | ThreatLabz
ThreatLabz identified malicious NPM packages that deliver NodeCordRAT, which performs credential theft and steals cryptocurrency wallet data.
Low Level CO 🇨🇴 pinned «PatchGuard Peekaboo: Hiding Processes on Systems with PatchGuard in 2026 #windows_internals #windows_kernel #reverse_engineering #reversing @ZwLowLevel »
Tutorial: DLL Sideloading and function proxying with ShellcodePack
#malware_development
#maldev
#malwatedev
@ZwLowLevel
Medium
Tutorial: DLL Sideloading and function proxying with ShellcodePack
DLL sideloading is a technique that allows an attacker to have a legitimate signed application run some malicious code on Windows. It work…
Debugging WinDbg with WinDbg: Fixing a Ctrl-C UI Freeze
https://www.island.io/blog/debugging-windbg-with-windbg-fixing-a-ctrl-c-ui-freeze
https://www.island.io/blog/debugging-windbg-with-windbg-fixing-a-ctrl-c-ui-freeze
#reversing
#reverse_engineering
@ZwLowLevel
Island.io
Fixing the Windows Debugger freeze when copying text
Follow an Island engineer’s deep dive into fixing a years-old Windows Debugger issue - the few-second freeze when copying text from WinDbg.
Clang Hardening Cheat Sheet - Ten Years Later
https://blog.quarkslab.com/clang-hardening-cheat-sheet-ten-years-later.html
https://blog.quarkslab.com/clang-hardening-cheat-sheet-ten-years-later.html
#programming
#overrun
#rop
#memory_protection
@ZwLowLevel
Quarkslab
Clang Hardening Cheat Sheet - Ten Years Later - Quarkslab's blog
Ten years ago, we published a Clang Hardening Cheat Sheet. Since then, both the threat landscape and the Clang toolchain have evolved significantly. This blog post presents the new mitigations available in Clang to improve the security of your applications.
Golden Byte
🇮🇷 Internet blackout in Iran
El pueblo de Irán necesita de Starlink u otro medio de comunicación alternativo en momentos de tensión interna.
😁1
IDontLikeFileLocks
This technique could be (and probably is/will be) used by stealer malware to silently extract browser credentials and session tokens without killing processes or triggering obvious file access patterns.
This technique could be (and probably is/will be) used by stealer malware to silently extract browser credentials and session tokens without killing processes or triggering obvious file access patterns.
#malware_development
#malwaredev
#maldev
🆔 @ZwLowLevel
GitHub
GitHub - EvilBytecode/IDontLikeFileLocks: Title is self explaining, well theres few methods we can do to read locked file and play…
Title is self explaining, well theres few methods we can do to read locked file and play with it... - EvilBytecode/IDontLikeFileLocks