A Deep Dive into Brute Ratel C4 payloads – Part 2
https://cybergeeks.tech/a-deep-dive-into-brute-ratel-c4-payloads-part-2/
https://cybergeeks.tech/a-deep-dive-into-brute-ratel-c4-payloads-part-2/
Order of Six Angles
Writing a Debugger From Scratch - DbgRs Part 2 - Register State and Stepping (rust) https://www.timdbg.com/posts/writing-a-debugger-from-scratch-part-2/
Writing a Debugger From Scratch - DbgRs Part 5 - Breakpoints
https://www.timdbg.com/posts/writing-a-debugger-from-scratch-part-5/
https://www.timdbg.com/posts/writing-a-debugger-from-scratch-part-5/
TimDbg
Writing a Debugger From Scratch - DbgRs Part 5 - Breakpoints
(New to this series? Consider starting from part 1)
At the end of the last post, we started to get some interesting functionality with the ability to resolve addresses to names in a module. This was the last functionality missing before we could implement…
At the end of the last post, we started to get some interesting functionality with the ability to resolve addresses to names in a module. This was the last functionality missing before we could implement…
Machine Learning-based Android Malicious App Identification
https://www.liansecurity.com/#/main/news/TPqb0IoBQKl-d7iAEGuS/detail
https://www.liansecurity.com/#/main/news/TPqb0IoBQKl-d7iAEGuS/detail
Стрим, сейчас, конференции Brucon
https://www.brucon.org/2023/streaming/
Видео уже есть и еще появятся тут:
https://youtube.com/@brucontalks?si=fWKzz__ac37TD8nK
https://www.brucon.org/2023/streaming/
Видео уже есть и еще появятся тут:
https://youtube.com/@brucontalks?si=fWKzz__ac37TD8nK
Config extractor for AgentTesla - Discord/Telegram Variant
https://github.com/embee-research/AgentTesla-Config-Extractor
https://github.com/embee-research/AgentTesla-Config-Extractor
GitHub
GitHub - embee-research/AgentTesla-Config-Extractor: Config extractor for AgentTesla - Discord/Telegram Variant
Config extractor for AgentTesla - Discord/Telegram Variant - embee-research/AgentTesla-Config-Extractor
hooking Golang programs
https://blog.quarkslab.com/lets-go-into-the-rabbit-hole-part-1-the-challenges-of-dynamically-hooking-golang-program.html
https://blog.quarkslab.com/lets-go-into-the-rabbit-hole-part-1-the-challenges-of-dynamically-hooking-golang-program.html
Quarkslab
Let’s Go into the rabbit hole (part 1) — the challenges of dynamically hooking Golang programs - Quarkslab's blog
Golang is the most used programming language for developing cloud technologies. Tools such as Kubernetes, Docker, Containerd and gVisor are written in Go. Despite the fact that the code of these programs is open source, there is no way to analyze and extend…
How a simple K-TypeConfusion took me 3 months long to create a exploit? [HEVD] - Windows 11 (build 22621)
https://wafzsucks.medium.com/how-a-simple-k-typeconfusion-took-me-3-months-long-to-create-a-exploit-f643c94d445f
https://wafzsucks.medium.com/how-a-simple-k-typeconfusion-took-me-3-months-long-to-create-a-exploit-f643c94d445f
Medium
How a simple K-TypeConfusion took me 3 months long to create a exploit?
Have you ever tested something for a really long time, that it made part of your life? that’s what happen to me for the last months when a…
Competing in Pwn2Own ICS 2022 Miami: Exploiting a zero click remote memory corruption in ICONICS Genesis64
https://doar-e.github.io/blog/2023/05/05/competing-in-pwn2own-ics-2022-miami-exploiting-a-zero-click-remote-memory-corruption-in-iconics-genesis64/
https://doar-e.github.io/blog/2023/05/05/competing-in-pwn2own-ics-2022-miami-exploiting-a-zero-click-remote-memory-corruption-in-iconics-genesis64/
doar-e.github.io
Competing in Pwn2Own ICS 2022 Miami: Exploiting a zero click remote memory corruption in ICONICS Genesis64
Introduction to DotNet Configuration Extraction - RevengeRAT
https://embee-research.ghost.io/introduction-to-dotnet-configuration-extraction-revengerat/
https://embee-research.ghost.io/introduction-to-dotnet-configuration-extraction-revengerat/
Embee Research
Introduction to DotNet Configuration Extraction - RevengeRAT
Introduction to dotnet configuration extraction. Leveraging RevengeRat and Python.
A repository of telemetry domains and URLs used by mobile location tracking and analytics libraries.
https://github.com/craiu/mobiletrackers
https://github.com/craiu/mobiletrackers
GitHub
GitHub - craiu/mobiletrackers: A repository of telemetry domains and URLs used by mobile location tracking, user profiling, targeted…
A repository of telemetry domains and URLs used by mobile location tracking, user profiling, targeted marketing and aggressive ads libraries. - craiu/mobiletrackers
Attacking the Android kernel using the Qualcomm TrustZone
https://tamirzb.com/attacking-android-kernel-using-qualcomm-trustzone
https://tamirzb.com/attacking-android-kernel-using-qualcomm-trustzone
Tamir Zahavi-Brunner’s Blog
Attacking the Android kernel using the Qualcomm TrustZone
In this post I describe a somewhat unique Android kernel exploit, which utilizes the TrustZone in order to compromise the kernel.
Introducing a new service that allows you to test your Yara rules on a subset of samples uploaded and identified on MalwareBazaar. Users can upload their Yara rules, have them run against a collection of over 77’736 malicious files (and growing) and get a scanning results within minutes.
https://vulnerability.ch/2021/01/introducing-yara-scan-service-test-your-yara-rules-online/
https://riskmitigation.ch/yara-scan/
https://vulnerability.ch/2021/01/introducing-yara-scan-service-test-your-yara-rules-online/
https://riskmitigation.ch/yara-scan/
vulnerability
Introducing “Yara Scan Service” – Test Your Yara Rules Online
Did it happen to you that you wanted to quickly test a Yara rule you created, but you are missing a large enough data set to test your rule against? This is exactly what Yara Scan is designed for. …