Панишер
https://github.com/ginger51011/pandoras_pot
Inspired by HellPot, pandoras_pot aims to bring even more misery on unruly web crawlers that don't respect your robots.txt.
The goal with pandoras_pot is to have maximum data output, while not using up all the resources of your webserver that probably could be doing better things with its time.
https://github.com/ginger51011/pandoras_pot
GitHub
GitHub - ginger51011/pandoras_pot: HTTP honeypot to punish and educate unruly web crawlers, written in Rust (🚀)
HTTP honeypot to punish and educate unruly web crawlers, written in Rust (🚀) - ginger51011/pandoras_pot
Xworm Loader Analysis - Unravelling Multi-stage Loaders with CyberChef and DnSpy
https://www.youtube.com/watch?v=tenNFzM-MM0
https://www.youtube.com/watch?v=tenNFzM-MM0
YouTube
Defeating Multi-stage Malware with CyberChef and DnSpy (Xworm)
Investigating and Decoding an Xworm Loader noscript. Leveraging CyberChef and Dnspy to perform AES Decryption and C2 Extraction.
SHA256:e5dac6f6d2ab4c479c5c3e91064f335de141c8399bd93f8267e13f134c578c0f
SHA256:e5dac6f6d2ab4c479c5c3e91064f335de141c8399bd93f8267e13f134c578c0f
Modern implant design: position independent malware development
https://5pider.net/blog/2024/01/27/modern-shellcode-implant-design/
https://5pider.net/blog/2024/01/27/modern-shellcode-implant-design/
5pider.net
/5pider.net
Hello friend, friendly neighborhood 5pider here
Understanding PEB and LDR Structures using IDA and LummaStealer
https://viuleeenz.github.io/posts/2024/02/understanding-peb-and-ldr-structures-using-ida-and-lummastealer/
https://viuleeenz.github.io/posts/2024/02/understanding-peb-and-ldr-structures-using-ida-and-lummastealer/
Security Undisguised
Understanding PEB and LDR Structures using IDA and LummaStealer
In this post I’m going to explain how Process Environment Block (PEB) is parsed by malware devs and how that structure is abused. Instead of going too deep into a lot of details, I would like to follow an easier approach pairing the theory with a practical…
Exploiting a vulnerable Minifilter Driver to create a process killer
https://antonioparata.blogspot.com/2024/02/exploiting-vulnerable-minifilter-driver.html
https://github.com/enkomio/s4killer
https://antonioparata.blogspot.com/2024/02/exploiting-vulnerable-minifilter-driver.html
https://github.com/enkomio/s4killer
Skrapa is a zero dependency and customizable Python library for scanning Windows and Linux process memory.
https://research.nccgroup.com/2024/01/25/memory-scanning-for-the-masses/
https://github.com/fox-it/skrapa
https://research.nccgroup.com/2024/01/25/memory-scanning-for-the-masses/
https://github.com/fox-it/skrapa
Study of an Android runtime (ART) hijacking mechanism for bytecode injection through a step-by-step analysis of the packer used to protect the DJI Pilot Android application.
https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
Quarkslab
DJI - The ART of obfuscation - Quarkslab's blog
Study of an Android runtime (ART) hijacking mechanism for bytecode injection through a step-by-step analysis of the packer used to protect the DJI Pilot Android application.