document the process of reverse engineering and devirtualising a binary protected with virtualisation obfuscation and various anti-debugging techniques
https://blog.deobfuscate.io/reversing-vmcrack
https://blog.deobfuscate.io/reversing-vmcrack
Reverse Engineering Blog
Reversing VMCrack
Reverse engineering a binary obfuscated with virtual machine obfuscation. The challenge is vmcrack from Hack The Box.
Binary Ninja plugin for extracting files from container formats
https://github.com/Vector35/blob_extractor
https://github.com/Vector35/blob_extractor
GitHub
GitHub - Vector35/blob_extractor: Identify and extract files from container formats using unblob.
Identify and extract files from container formats using unblob. - Vector35/blob_extractor
NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-build support
https://github.com/BlackSnufkin/NyxInvoke
https://github.com/BlackSnufkin/NyxInvoke
GitHub
GitHub - BlackSnufkin/NyxInvoke: NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless…
NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-build support - BlackSnufkin/NyxInvoke
Using AI-assisted decompilation of Radare2
https://cryptax.medium.com/using-ai-assisted-decompilation-of-radare2-e81a882863c9
https://cryptax.medium.com/using-ai-assisted-decompilation-of-radare2-e81a882863c9
Medium
Using AI-assisted decompilation of Radare2
A few months ago, Radare2 (aka r2), an open source disassembler which can be entirely used by command line, started implementing AI plugins…
Reverse Engineering the Eufy Ecosystem: A Deep Dive into Security Vulnerabilities and Proprietary Protocols
https://www.usenix.org/system/files/woot24-goeman.pdf
https://www.usenix.org/system/files/woot24-goeman.pdf
Через два дня стартует FLARE ON, а пока можно чекнуть инфу и врайтапы по предыдущему году:
https://cloud.google.com/blog/topics/threat-intelligence/flareon10-challenge-solutions/
https://cloud.google.com/blog/topics/threat-intelligence/flareon10-challenge-solutions/
.NET Crash Dump Analysis
ML for binary diffing (слайды)
A step-by-step guide to writing an iOS kernel exploit
The Art of Fuzzing: A Deep Dive into Software Security
Learning Binary Ninja for Reverse Engineering
Opaque Predicates and How to Hunt Them
PoC Windows kernel driver for detect DMA devices
Improve Your Forensic Analyses with hashlookup
Блог
Windows kernel debugger for Linux hosts running Windows under KVM/QEMU
Windows Kernel Pool Exploitation CVE-2021-31956 - Part 2
Linux RCU internal
Unidbg to production
Hunting for CVE-2024-38063 by diffing Tcpip.sys with Ghidra
ML for binary diffing (слайды)
A step-by-step guide to writing an iOS kernel exploit
The Art of Fuzzing: A Deep Dive into Software Security
Learning Binary Ninja for Reverse Engineering
Opaque Predicates and How to Hunt Them
PoC Windows kernel driver for detect DMA devices
Improve Your Forensic Analyses with hashlookup
Блог
Windows kernel debugger for Linux hosts running Windows under KVM/QEMU
Windows Kernel Pool Exploitation CVE-2021-31956 - Part 2
Linux RCU internal
Unidbg to production
Hunting for CVE-2024-38063 by diffing Tcpip.sys with Ghidra
Охуенная статья
Red Teaming in the age of EDR: Evasion of Endpoint Detection Through Malware Virtualisation
https://blog.fox-it.com/2024/09/25/red-teaming-in-the-age-of-edr-evasion-of-endpoint-detection-through-malware-virtualisation/
Red Teaming in the age of EDR: Evasion of Endpoint Detection Through Malware Virtualisation
https://blog.fox-it.com/2024/09/25/red-teaming-in-the-age-of-edr-evasion-of-endpoint-detection-through-malware-virtualisation/
Fox-IT International blog
Red Teaming in the age of EDR: Evasion of Endpoint Detection Through Malware Virtualisation
Authors: Boudewijn Meijer && Rick Veldhoven Introduction As defensive security products improve, attackers must refine their craft. Gone are the days of executing malicious binaries from di…
Deciphering Ransomware in Virtual Machines
UEFI Reverse Engineering, Vulnerability Discovery, and Exploit Development: Part 0
Malware Analysis - ConfuserEx 2 Deobfuscation with Python and dnlib, BBTok Loader
Identifying Human-operated Ransomware through Windows Event Logs
APT-C-00 (OceanLotus) Dual Loader and Homologous VMP Loader
poc for CVE-2024-45383
Collection of Docker honeypot logs from 2021 - 2024
UEFI Reverse Engineering, Vulnerability Discovery, and Exploit Development: Part 0
Malware Analysis - ConfuserEx 2 Deobfuscation with Python and dnlib, BBTok Loader
Identifying Human-operated Ransomware through Windows Event Logs
APT-C-00 (OceanLotus) Dual Loader and Homologous VMP Loader
poc for CVE-2024-45383
Collection of Docker honeypot logs from 2021 - 2024
Low-Level Development on Retail Android Hardware - Reconnaissance and Prototyping a Bootloader
https://blog.timschumi.net/2024/10/05/lldorah-bootloader-prototype.html
https://blog.timschumi.net/2024/10/05/lldorah-bootloader-prototype.html
timschumi’s low-traffic blog
Low-Level Development on Retail Android Hardware - Reconnaissance and Prototyping a Bootloader
Many months ago, a slightly younger Tim thought that porting mainline Linux to his old Android phone for the purpose of experimentation would be a great way to pass time. (In hindsight it was, but not for the reasons imagined.)
VMK extractor for BitLocker with TPM and PIN
https://post-cyberlabs.github.io/Offensive-security-publications/posts/2024_09_tpmandpin/
https://post-cyberlabs.github.io/Offensive-security-publications/posts/2024_09_tpmandpin/
post-cyberlabs.github.io
VMK extractor for BitLocker with TPM and PIN
Jacky's privesc
LSASS memory dumper using only NTAPIs, creating a minimal minidump, built in Rust
https://github.com/safedv/RustiveDump
https://github.com/safedv/RustiveDump
GitHub
GitHub - safedv/RustiveDump: LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode…
LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and remote file transmission. - safedv/RustiveDump
64-bit, position-independent implant template for Windows in Rust.
https://github.com/safedv/Rustic64
https://github.com/safedv/Rustic64
GitHub
GitHub - safedv/Rustic64: 64-bit, position-independent implant template for Windows in Rust.
64-bit, position-independent implant template for Windows in Rust. - safedv/Rustic64