Reverse Dungeon
Must read https://exploitreversing.com/2023/04/11/exploiting-reversing-er-series
Exploiting Reversing (ER) series:
Part 1 - Windows kernel drivers (1)
Part 2 - Windows kernel drivers (2)
Part 3 - Chrome
Part 4 - macOS/iOS
Part 5 - Hyper-V
Part 1 - Windows kernel drivers (1)
Part 2 - Windows kernel drivers (2)
Part 3 - Chrome
Part 4 - macOS/iOS
Part 5 - Hyper-V
Exploit Reversing
Exploiting Reversing (ER) series: article 01 | Windows kernel drivers – part 01
The first article (109 pages) in the Exploiting Reversing (ER) series, a step-by-step vulnerability research series on Windows, macOS, hypervisors and browsers, is available for reading on: (PDF): …
❤🔥2🐳2❤1
Forwarded from CyberSecurityTechnologies
red_report_2025.pdf
6.7 MB
#Analytics
#Threat_Research
"Red Report 2025:
The Top 10 Most Prevalent MITRE ATT&CK Techniques. SneakThief and The Perfect Heist".
// This year's findings highlight a new era of adversarial sophistication in infostealer attacks, epitomized by malware like "SneakThief," which executed in a kill chain what has come to be known as "The Perfect Heist." Although the SneakThief malware is a fictitious name in this scenario, its attack patterns reflect real-world incidents. This advanced threat leverages stealth, persistence, and automation to infiltrate networks, bypass defenses, and exfiltrate critical data
#Threat_Research
"Red Report 2025:
The Top 10 Most Prevalent MITRE ATT&CK Techniques. SneakThief and The Perfect Heist".
// This year's findings highlight a new era of adversarial sophistication in infostealer attacks, epitomized by malware like "SneakThief," which executed in a kill chain what has come to be known as "The Perfect Heist." Although the SneakThief malware is a fictitious name in this scenario, its attack patterns reflect real-world incidents. This advanced threat leverages stealth, persistence, and automation to infiltrate networks, bypass defenses, and exfiltrate critical data
❤1
Reverse Dungeon
https://www.youtube.com/watch?v=MsRo12h0mrg
YouTube
DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro
Four years ago, Chris found a vulnerability with a murder for hire site on the dark net. He could exploit that vulnerability to intercept the murder orders that were being placed: names, addresses, pattern of life information, photos, and, in some cases,…
🐳3
Forwarded from CyberSecurityTechnologies
#Malware_analysis
1⃣ Scattered Spider Attacks
https://www.team-cymru.com/post/scattered-spider-attacks-infrastructure-profile
2⃣ KazakRAT
https://ctrlaltintel.com/threat%20research/KazakRAT
3⃣ A Shared Arsenal:
Identifying Common TTPs Across RATs
https://www.splunk.com/en_us/blog/security/common-ttps-rats-malware-analysis.html
4⃣ Decrypting View State Messages
https://zeroed.tech/blog/decrypting-viewstate-messages
]-> VSRipper decrypt tool
5⃣ TrueSightKiller: 2,500+ Weaponized Security Tool Variants Bypassing Microsoft's Defenses
https://www.magicsword.io/blog/truesightkiller-edr-killer-driver-abuse
1⃣ Scattered Spider Attacks
https://www.team-cymru.com/post/scattered-spider-attacks-infrastructure-profile
2⃣ KazakRAT
https://ctrlaltintel.com/threat%20research/KazakRAT
3⃣ A Shared Arsenal:
Identifying Common TTPs Across RATs
https://www.splunk.com/en_us/blog/security/common-ttps-rats-malware-analysis.html
4⃣ Decrypting View State Messages
https://zeroed.tech/blog/decrypting-viewstate-messages
]-> VSRipper decrypt tool
5⃣ TrueSightKiller: 2,500+ Weaponized Security Tool Variants Bypassing Microsoft's Defenses
https://www.magicsword.io/blog/truesightkiller-edr-killer-driver-abuse
Forwarded from Order of Six Angles
On the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025
https://www.synacktiv.com/en/publications/on-the-clock-escaping-vmware-workstation-at-pwn2own-berlin-2025
https://www.synacktiv.com/en/publications/on-the-clock-escaping-vmware-workstation-at-pwn2own-berlin-2025
Synacktiv
On the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025
❤🔥4
Forwarded from Order of Six Angles
Malware Analysis - Malicious MS Office files without Macros
https://www.youtube.com/watch?v=RtHHckH5IsI
https://www.youtube.com/watch?v=RtHHckH5IsI
YouTube
Malware Analysis - Malicious MS Office files without Macros
We look at two techniques for MS Office files to load and execute malicious code without Macros, namely VSTO Add-ins and External Templates. At the end I provide a checklist for analyzing office files to determine if they are clean.
Discord: https://dis…
Discord: https://dis…
❤4
Forwarded from Source Byte
Virus disguised Sogou input method, malicious noscript embedded in formal signature
https://zhuanlan.zhihu.com/p/1949553669189116360
https://zhuanlan.zhihu.com/p/1949553669189116360
❤2
Forwarded from Order of Six Angles
Defeating Anti-Reverse Engineering: A Deep Dive into the 'Trouble' Binary
https://binary.ninja/2026/01/23/reversing-linux-anti-re.html
https://binary.ninja/2026/01/23/reversing-linux-anti-re.html
Binary Ninja
Binary Ninja - Defeating Anti-Reverse Engineering: A Deep Dive into the 'Trouble' Binary
Binary Ninja is a modern reverse engineering platform with a noscriptable and extensible decompiler.
❤2
Forwarded from Linux Kernel Security (Andrey Konovalov)
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
Article by Seth Jenkins about exploiting a use-after-free in the driver for BigWave — an AV1 decoding hardware component present on Pixel SOCs.
Seth used the bug to escalate privileges from the mediacodec SELinux context and obtain root on Pixel 9.
This exploit is a part of an RCE chain developed by Seth and Natalie Silvanovich.
Article by Seth Jenkins about exploiting a use-after-free in the driver for BigWave — an AV1 decoding hardware component present on Pixel SOCs.
Seth used the bug to escalate privileges from the mediacodec SELinux context and obtain root on Pixel 9.
This exploit is a part of an RCE chain developed by Seth and Natalie Silvanovich.
❤1
Forwarded from HyperDbg News & Updates
Slides and recordings for our @FOSDEM talks are up! Join [Björn Ruytenberg] and [Sina Karvandi] for an in-depth introduction into @HyperDbg 's features and internals, or find out what's the latest in anti-anti-debugging techniques and HV transparency for malware reversing:
- https://fosdem.org/2026/schedule/event/APB9WC-mbec_slat_and_hyperdbg_hypervisor-based_kernel-_and_user-mode_debugging/
- https://fosdem.org/2026/schedule/event/CDPRDX-invisible_hypervisors_debugging_with_hyperdbg/
- https://fosdem.org/2026/schedule/event/APB9WC-mbec_slat_and_hyperdbg_hypervisor-based_kernel-_and_user-mode_debugging/
- https://fosdem.org/2026/schedule/event/CDPRDX-invisible_hypervisors_debugging_with_hyperdbg/
❤5
Forwarded from Source Byte
❤5
Forwarded from W1R3L355
banteg - Resurrecting Crimsonland
https://banteg.xyz/posts/crimsonland/
https://banteg.xyz/posts/crimsonland/
banteg.xyz
banteg - Resurrecting Crimsonland
Decompiling and preserving a cult 2003 classic game
❤1