Catching Your Favorite C2 In Memory Using Stack & Thread Telemetry.
https://sabotagesec.com/gotta-catch-em-all-catching-your-favorite-c2-in-memory-using-stack-thread-telemetry/
https://sabotagesec.com/gotta-catch-em-all-catching-your-favorite-c2-in-memory-using-stack-thread-telemetry/
PE-LiteScan (or PELS) is a simple heuristic analyzer for common PE-anomalies, specifically focusing on the detection of packers and protectors. Designed for Windows and Linux.
https://github.com/DosX-dev/PE-LiteScan
https://github.com/DosX-dev/PE-LiteScan
GitHub
GitHub - DosX-dev/PE-LiteScan: A simple crossplatform heuristic PE-analyzer
A simple crossplatform heuristic PE-analyzer. Contribute to DosX-dev/PE-LiteScan development by creating an account on GitHub.
TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution
https://arxiv.org/abs/2406.08719
https://arxiv.org/abs/2406.08719
arXiv.org
TikTag: Breaking ARM's Memory Tagging Extension with...
ARM Memory Tagging Extension (MTE) is a new hardware feature introduced in ARMv8.5-A architecture, aiming to detect memory corruption vulnerabilities. The low overhead of MTE makes it an...
This vulnerability exploits the nuances of the OAuth protocol and iOS’s handling of Custom URL Schemes and Safari browser sessions to steal OAuth Authentication Codes from vulnerable OAuth implementations, thereby allowing an attacker to gain access to a victim’s account.
https://evanconnelly.github.io/post/ios-oauth/
https://evanconnelly.github.io/post/ios-oauth/
Evan Connelly
Mobile OAuth Attacks - iOS URL Scheme Hijacking Revamped
Summary
We (Julien Ahrens @MrTuxracer and myself @Evan_Connelly) identified nearly 30 popular apps, as well as a feature within iOS itself, vulnerable to an attack in which any installed iOS app from the Apple App Store could perform an account takeover of…
We (Julien Ahrens @MrTuxracer and myself @Evan_Connelly) identified nearly 30 popular apps, as well as a feature within iOS itself, vulnerable to an attack in which any installed iOS app from the Apple App Store could perform an account takeover of…
How to Keep Your Cool and Write Powerful Incident Response Reports
https://www.youtube.com/watch?v=fMWUDZOkRR4
https://www.youtube.com/watch?v=fMWUDZOkRR4
YouTube
How to Keep Your Cool and Write Powerful Incident Response Reports
Presenter: Lenny Zeltser, CISO, Axonius
Learn how to create stronger incident response reports that get read and drive action. We’ll cover report structure, enhancing clarity, capturing crucial technical and business details, and writing summaries decision…
Learn how to create stronger incident response reports that get read and drive action. We’ll cover report structure, enhancing clarity, capturing crucial technical and business details, and writing summaries decision…
"Becoming a Vulnerability Researcher roadmap: my personal experience"
https://gist.github.com/tin-z/a469e996f8107a5ca8d3c858a2a4b65f
https://gist.github.com/tin-z/a469e996f8107a5ca8d3c858a2a4b65f
Gist
Becoming a Vulnerability Researcher roadmap: my personal experience
Becoming a Vulnerability Researcher roadmap: my personal experience - VR_roadmap.md
Про обфускацию Control Flow Flattening
https://nerodesu017.github.io/posts/2023-12-01-antibots-part-8
https://nerodesu017.github.io/posts/2023-12-01-antibots-part-8
Nerodesu017
ANTIBOTS - PART VIII - Geetest - CFF
In-Depth Control-Flow-Flattening Analysis
Только что вышла книга Windows Native API Programming от крутого автора Pavel Yosifovich!
Я ее купил для вас и выложил бесплатно. Качайте!
EPUB
PDF
Я ее купил для вас и выложил бесплатно. Качайте!
EPUB
Свежак! Каждый найдет для себя что-то интересное
Collection of Golang projects designed specifically for red teamers
x86 Real-Mode MS-DOS Emulator using Windows Hypervisor Platform
How a Clever 1960s Memory Trick Changed Computing (видео)
Provides automated reverse engineering assistance through the use of local large language models (LLMs) on consumer hardware.
Fuzzer Development 4: Snapshots, Code-Coverage, and Fuzzing
My iOS Web Hacking Setup - Surge, Termius, and Caido
LLM for automated hacking (набор ссылок)
Exploiting Trend Micro EDR
ChatGPT's Advanced Data Analysis and Code Execution - Experiments
Офигеная статья по внутренностям китайского иб
Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation
How To Use Dumpulator For Malware Analysis
Writing an IR (intermidiate representation) from Scratch ( Android analysis tool)
Obfuscate the payload while simultaneously lowering its entropy
Incremental Symbolic Execution for the Clang Static Analyzer (видео) (слайды)
Collection of Golang projects designed specifically for red teamers
x86 Real-Mode MS-DOS Emulator using Windows Hypervisor Platform
How a Clever 1960s Memory Trick Changed Computing (видео)
Provides automated reverse engineering assistance through the use of local large language models (LLMs) on consumer hardware.
Fuzzer Development 4: Snapshots, Code-Coverage, and Fuzzing
My iOS Web Hacking Setup - Surge, Termius, and Caido
LLM for automated hacking (набор ссылок)
Exploiting Trend Micro EDR
ChatGPT's Advanced Data Analysis and Code Execution - Experiments
Офигеная статья по внутренностям китайского иб
Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation
How To Use Dumpulator For Malware Analysis
Writing an IR (intermidiate representation) from Scratch ( Android analysis tool)
Obfuscate the payload while simultaneously lowering its entropy
Incremental Symbolic Execution for the Clang Static Analyzer (видео) (слайды)
Обновленная статья от известного в узких кругах DebugPrivilege про исследование crash dump
GitHub
InsightEngineering/Debugging 101/Section 9: Triaging a Crash Dump at main · DebugPrivilege/InsightEngineering
Hardcore Debugging. Contribute to DebugPrivilege/InsightEngineering development by creating an account on GitHub.
Сокрытие пейлода в памяти gpu, для антиав
https://raw.githubusercontent.com/vxunderground/VXUG-Papers/main/GpuMemoryAbuse.cpp
https://raw.githubusercontent.com/vxunderground/VXUG-Papers/main/GpuMemoryAbuse.cpp