Understanding PEB and LDR Structures using IDA and LummaStealer
https://viuleeenz.github.io/posts/2024/02/understanding-peb-and-ldr-structures-using-ida-and-lummastealer/
https://viuleeenz.github.io/posts/2024/02/understanding-peb-and-ldr-structures-using-ida-and-lummastealer/
Security Undisguised
Understanding PEB and LDR Structures using IDA and LummaStealer
In this post I’m going to explain how Process Environment Block (PEB) is parsed by malware devs and how that structure is abused. Instead of going too deep into a lot of details, I would like to follow an easier approach pairing the theory with a practical…
Exploiting a vulnerable Minifilter Driver to create a process killer
https://antonioparata.blogspot.com/2024/02/exploiting-vulnerable-minifilter-driver.html
https://github.com/enkomio/s4killer
https://antonioparata.blogspot.com/2024/02/exploiting-vulnerable-minifilter-driver.html
https://github.com/enkomio/s4killer
Skrapa is a zero dependency and customizable Python library for scanning Windows and Linux process memory.
https://research.nccgroup.com/2024/01/25/memory-scanning-for-the-masses/
https://github.com/fox-it/skrapa
https://research.nccgroup.com/2024/01/25/memory-scanning-for-the-masses/
https://github.com/fox-it/skrapa
Study of an Android runtime (ART) hijacking mechanism for bytecode injection through a step-by-step analysis of the packer used to protect the DJI Pilot Android application.
https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
Quarkslab
DJI - The ART of obfuscation - Quarkslab's blog
Study of an Android runtime (ART) hijacking mechanism for bytecode injection through a step-by-step analysis of the packer used to protect the DJI Pilot Android application.
Send phishing messages and attachments to Microsoft Teams users
https://github.com/Octoberfest7/TeamsPhisher
https://github.com/Octoberfest7/TeamsPhisher
GitHub
GitHub - Octoberfest7/TeamsPhisher: Send phishing messages and attachments to Microsoft Teams users
Send phishing messages and attachments to Microsoft Teams users - Octoberfest7/TeamsPhisher
This media is not supported in your browser
VIEW IN TELEGRAM
Обновления в Windows
A Deep Dive Into Exploiting Windows Thread Pools
https://urien.gitbook.io/diago-lima/a-deep-dive-into-exploiting-windows-thread-pools
https://urien.gitbook.io/diago-lima/a-deep-dive-into-exploiting-windows-thread-pools
urien.gitbook.io
A Deep Dive Into Exploiting Windows Thread Pools | Diago Lima
This media is not supported in your browser
VIEW IN TELEGRAM
После недели байтоёбства
. This project aims at collecting the details of the certificates that are known to be abused in the wild by malicious actors.
https://github.com/WithSecureLabs/lolcerts
https://github.com/WithSecureLabs/lolcerts
GitHub
GitHub - ReversecLabs/lolcerts: A repository of code signing certificates known to have been leaked or stolen, then abused by threat…
A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors - ReversecLabs/lolcerts
Nidhogg is a multi-functional rootkit to showcase the variety of operations that can be done from kernel space. The goal of Nidhogg is to provide an all-in-one and easy-to-use rootkit with multiple helpful functionalities for operations. Besides that, it can also easily be integrated with your C2 framework.
https://github.com/Idov31/Nidhogg/tree/master
https://github.com/Idov31/Nidhogg/tree/master
GitHub
GitHub - Idov31/Nidhogg: Nidhogg is an all-in-one simple to use windows kernel rootkit.
Nidhogg is an all-in-one simple to use windows kernel rootkit. - Idov31/Nidhogg
Analyzing Mutation-Coded - VM Protect and Alcatraz
https://keowu.re/posts/Analyzing-Mutation-Coded-VM-Protect-and-Alcatraz-English/
https://keowu.re/posts/Analyzing-Mutation-Coded-VM-Protect-and-Alcatraz-English/
ебейшая статья по внутренностям питона, китаец просто разьебал таск
https://evilpan.com/2020/10/11/protected-python/#%e7%a4%ba%e4%be%8b
кстати в его блоге есть еще охуеные статьи
https://evilpan.com/2020/10/11/protected-python/#%e7%a4%ba%e4%be%8b
кстати в его блоге есть еще охуеные статьи
有价值炮灰
如何破解一个Python虚拟机壳并拿走12300元ETH
之前在群里看到有人发了一个挑战,号称将 5 ETH 的私钥放在了加密的代码中,只要有人能解密就可以取走,所以我又管不住自己这双手了。