Когда-то давно составлял для себя заметку по лайфхакам анализа .NET малвари, делюсь ей с вами.
Советы для исследования .NET малвари
Советы для исследования .NET малвари
Order Of Six Angles
Советы для исследования .NET малвари
У нас есть малварь, которая декодирует ресурс DE. С помощью скрипта stego можно расшифровать картинку. Результат декодирования: Также этот скрипт способен производить обратную операцию - превращать файл в стеганографическое изображение. Может использоваться…
💋
pwn.college - ctf задания для начинающих
Commonly Abused Linux Initial Access Techniques and Detection Strategies
GoogleCTF 2024 Writeups
An unexpected journey into Microsoft Defender's signature World.
Static deobfuscator for Themida/WinLicense/Code Virtualizer's mutation-based obfuscation.
Persistence with GPO Item Level Targeting
Эксплуатация CVE-2024-29943 (слайды)
The Ultimate Aim of Kernel Exploitation - Process Credentials
Learning LLVM (Part-1) - Writing a simple LLVM pass
Exploiting V8 at openECSC
Hypervisor-enforced Paging Translation - The end of non data-driven Kernel Exploits (Recon2024) слайды pptx
Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust
A Tale of Reverse Engineering 1001 GPTs: The good, the bad And the ugly
OSED materials (twit)
PgC: Garbage collecting Patchguard away
pwn.college - ctf задания для начинающих
Commonly Abused Linux Initial Access Techniques and Detection Strategies
GoogleCTF 2024 Writeups
An unexpected journey into Microsoft Defender's signature World.
Static deobfuscator for Themida/WinLicense/Code Virtualizer's mutation-based obfuscation.
Persistence with GPO Item Level Targeting
Эксплуатация CVE-2024-29943 (слайды)
The Ultimate Aim of Kernel Exploitation - Process Credentials
Learning LLVM (Part-1) - Writing a simple LLVM pass
Exploiting V8 at openECSC
Hypervisor-enforced Paging Translation - The end of non data-driven Kernel Exploits (Recon2024) слайды pptx
Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust
A Tale of Reverse Engineering 1001 GPTs: The good, the bad And the ugly
OSED materials (twit)
PgC: Garbage collecting Patchguard away
Learning LLVM (Part-2) (сурсы)
ZDI-24-821: A Remote UAF in The Kernel's net/tipc
A Short Tale of Sysctl
The Art of Malware C2 Scanning - How to Reverse and Emulate Protocol Obfuscated by Compiler
Chrome exploitation
Evading Event Tracing for Windows (ETW)-Based Detections
JTAG debug of windows Hyper V
ZDI-24-821: A Remote UAF in The Kernel's net/tipc
A Short Tale of Sysctl
The Art of Malware C2 Scanning - How to Reverse and Emulate Protocol Obfuscated by Compiler
Chrome exploitation
Evading Event Tracing for Windows (ETW)-Based Detections
JTAG debug of windows Hyper V
sh4dy's blog
Learning LLVM (Part-2)
IntroductionIn the first part of my blog series on compilers and LLVM, I provided a brief introduction to compiler fundamentals and LLVM. We also wrote a simple LLVM analysis pass to print function na
A bare minimum hypervisor on AMD and Intel processors for learners
Introduction to Intel VT-x
Recovering Rust stripped symbols on MinGW targets
Advanced CyberChef Techniques For Malware Analysis - Detailed Walkthrough and Examples
Hardware Hacking with a Raspberry Pi - Configuring the PiFex
Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge Remote-Code Execution
A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.
Writing a Frida-based VBS API monitor
c# obfuscation: making your code undetectable
Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws
A decompiler-agnostic plugin for interacting with AI in your decompiler. GPT-4, Claude, and local models supported!
Bootkits and kernel patching
Emulating Obfuscated Code
Слайды по различной эксплуатации
Introduction to Intel VT-x
Recovering Rust stripped symbols on MinGW targets
Advanced CyberChef Techniques For Malware Analysis - Detailed Walkthrough and Examples
Hardware Hacking with a Raspberry Pi - Configuring the PiFex
Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge Remote-Code Execution
A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.
Writing a Frida-based VBS API monitor
c# obfuscation: making your code undetectable
Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws
A decompiler-agnostic plugin for interacting with AI in your decompiler. GPT-4, Claude, and local models supported!
Bootkits and kernel patching
Emulating Obfuscated Code
Слайды по различной эксплуатации
а вот это интересно! доводилось реверсить cpython и я его не познал
10 часовой разбор cpython
https://youtube.com/playlist?list=PLWkTsO24LpD-k7AgYKEpb2M2SZn-NlKTo&si=F2eOcU1l-yVYdySJ
10 часовой разбор cpython
https://youtube.com/playlist?list=PLWkTsO24LpD-k7AgYKEpb2M2SZn-NlKTo&si=F2eOcU1l-yVYdySJ
YouTube
CPython internals: A ten-hour codewalk through the Python interpreter source code
Share your videos with friends, family, and the world
This media is not supported in your browser
VIEW IN TELEGRAM
взял кота из приюта. Назвал Шелл
Order of Six Angles
Infecting android applications - The new way (English version) https://orderofsixangles.com/en/2020/04/07/android-infection-the-new-way.html Новый способ внедрения вредоносного кода в андроид приложения (Русская версия) https://orderofsixangles.com/ru/…
вернулся к своему старому проекту, допилил его двумя фичами, написал почти статью об этом, скоро скину либо возможно ее опубликуют в vxunderground blackmass 3
Вышла статья Injecting Java in-memory payloads for post-exploitation. Я спросил мнение о ней у одного знающего чувака, он сказал "использование remote agents - это старая тема, еще 4 года назад я делал подобное". В любом случае очень интересно
Synacktiv
Injecting Java in-memory payloads for post-exploitation
Uncovering Hardcoded Root Password in VStarcam CB73 Security Camera
https://brownfinesecurity.com/blog/vstarcam-cb73-hardcoded-root-password/
https://brownfinesecurity.com/blog/vstarcam-cb73-hardcoded-root-password/
Brown Fine Security
Uncovering Hardcoded Root Password in VStarcam CB73 Security Camera
Firmware extraction and reverse engineering of VStarcam CB73 root password
Turning Outlook Into a C2 With One Registry Change
https://trustedsec.com/blog/specula-turning-outlook-into-a-c2-with-one-registry-change
https://trustedsec.com/blog/specula-turning-outlook-into-a-c2-with-one-registry-change
TrustedSec
Specula - Turning Outlook Into a C2 With One Registry Change
glibc malloc internals and some heap exploitation tricks that can be used for getting a shell!
https://blog.quarkslab.com/heap-exploitation-glibc-internals-and-nifty-tricks.html
https://blog.quarkslab.com/heap-exploitation-glibc-internals-and-nifty-tricks.html
Quarkslab
Heap exploitation, glibc internals and nifty tricks. - Quarkslab's blog
This is a writeup of a heap pwn challenge at HitconCTF Qualifiers 2024, which explains some glibc malloc internals and some heap exploitation tricks that can be used for getting a shell!
Chinese cybersecurity firm 360 Security Technology has helped Beijing uncover 54 “overseas, state-level” hacking groups, including operatives from the US Central Intelligence Agency (CIA) and National Security Agency (NSA),
https://www.scmp.com/tech/tech-trends/article/3272819/chinese-cybersecurity-firm-links-us-sanctions-its-role-uncovering-hackers-targeting-china
https://www.scmp.com/tech/tech-trends/article/3272819/chinese-cybersecurity-firm-links-us-sanctions-its-role-uncovering-hackers-targeting-china
South China Morning Post
Qihoo 360 CEO links US sanctions to its role in outing hackers targeting China
Chinese firm 360 Security Technology has helped Beijing uncover 54 hacking groups, including operatives from the CIA and NSA, its founder Zhou Hongyi said.