Awesome HyperDbg: A list of awesome resources about HyperDbg
https://github.com/HyperDbg/awesome
@reverseengine
https://github.com/HyperDbg/awesome
@reverseengine
GitHub
GitHub - HyperDbg/awesome: A list of awesome resources about HyperDbg
A list of awesome resources about HyperDbg. Contribute to HyperDbg/awesome development by creating an account on GitHub.
❤3
Linux kernel heap feng shui in 2022
https://duasynt.com/blog/linux-kernel-heap-feng-shui-2022
@reverseengine
https://duasynt.com/blog/linux-kernel-heap-feng-shui-2022
@reverseengine
Duasynt
Linux kernel heap feng shui in 2022 - Michael S, Vitaly Nikolenko
❤3
From Windows drivers to a almost fully working EDR
https://blog.whiteflag.io/blog/from-windows-drivers-to-a-almost-fully-working-edr
@reverseengine
https://blog.whiteflag.io/blog/from-windows-drivers-to-a-almost-fully-working-edr
@reverseengine
blog.whiteflag.io
From Windows drivers to a almost fully working EDR
In this article we will see how Windows drivers work, how to create one and, in the end, we will develope a custom EDR that will rely on kernel callback functions, static analysis and API hooking.
❤2
FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares
https://github.com/FirmWire/FirmWire
@reverseengine
https://github.com/FirmWire/FirmWire
@reverseengine
GitHub
GitHub - FirmWire/FirmWire: FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause…
FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares - FirmWire/FirmWire
❤2
Debugging and Reversing ALPC
https://csandker.io/2022/05/29/Debugging-And-Reversing-ALPC.html
@reverseengine
https://csandker.io/2022/05/29/Debugging-And-Reversing-ALPC.html
@reverseengine
csandker.io
Debugging and Reversing ALPC
This post is an addendum to my journey to discover and verify the internals of ALPC, which I've documented in Offensive Windows IPC Internals 3: ALPC. While preparing this blog I figured a second post, explaining the debugging steps I took to verify and discover…
🔥2
DJI - The ART of obfuscation
https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
@reverseengine
https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
@reverseengine
Quarkslab
DJI - The ART of obfuscation - Quarkslab's blog
Study of an Android runtime (ART) hijacking mechanism for bytecode injection through a step-by-step analysis of the packer used to protect the DJI Pilot Android application.
🔥2
LayeredSyscall – Abusing VEH to Bypass EDRs
https://whiteknightlabs.com/2024/07/31/layeredsyscall-abusing-veh-to-bypass-edrs
@reverseengine
https://whiteknightlabs.com/2024/07/31/layeredsyscall-abusing-veh-to-bypass-edrs
@reverseengine
White Knight Labs
LayeredSyscall - Abusing VEH to Bypass EDRs | White Knight Labs
Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.
🔥2
Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)
https://github.com/memN0ps/bootkit-rs
@reverseengine
https://github.com/memN0ps/bootkit-rs
@reverseengine
GitHub
GitHub - memN0ps/redlotus-rs: Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)
Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus) - memN0ps/redlotus-rs
❤2
A Linux eBPF rootkit with a backdoor C2 library injection execution hijacking persistence and stealth capabilities
https://github.com/h3xduck/TripleCross
@reverseengine
https://github.com/h3xduck/TripleCross
@reverseengine
GitHub
GitHub - h3xduck/TripleCross: A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and…
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities. - h3xduck/TripleCross
❤2
Forwarded from Sec Note
G3tSyst3m's Infosec Blog
PIC Shellcode from the Ground up - Part 2
Let’s PIC back up where we left off shall we? 😸 I gave you the framework for developing PIC friendly shellcode back in Part 1. We went from the original code written in a high level language (C++), down to a pseudo low level representation of that C++ code.…
❤2
Forwarded from Source Byte
Morphisec Thwarts Russian-Linked StealC V2 Campaign Targeting Blender Users via Malicious .blend Files
https://www.morphisec.com/blog/morphisec-thwarts-russian-linked-stealc-v2-campaign-targeting-blender-users-via-malicious-blend-files/
https://www.morphisec.com/blog/morphisec-thwarts-russian-linked-stealc-v2-campaign-targeting-blender-users-via-malicious-blend-files/
❤3
Binary Ninja 3.0 The Next Chapter (Pseudo C decompile!)
https://binary.ninja/2022/01/27/3.0-the-next-chapter.html
@reverseengine
https://binary.ninja/2022/01/27/3.0-the-next-chapter.html
@reverseengine
Binary Ninja
Binary Ninja - 3.0 The Next Chapter
Binary Ninja is a modern reverse engineering platform with a noscriptable and extensible decompiler.
❤3
HashDB is a free community-sourced library of hashing algorithms used in malware, with an IDA plugin!
API
https://hashdb.openanalysis.net/
IDA Plugin
https://github.com/OALabs/hashdb-ida
Add Custom Algorithms
https://github.com/OALabs/hashdb
@reverseengine
API
https://hashdb.openanalysis.net/
IDA Plugin
https://github.com/OALabs/hashdb-ida
Add Custom Algorithms
https://github.com/OALabs/hashdb
@reverseengine
GitHub
GitHub - OALabs/hashdb-ida: HashDB API hash lookup plugin for IDA Pro
HashDB API hash lookup plugin for IDA Pro. Contribute to OALabs/hashdb-ida development by creating an account on GitHub.
❤4
❤4
Forwarded from Fuzzing ZONE (0x0F1)
Analysis of Encryption Structure of Yurei Ransomware Go-based Builder
https://asec.ahnlab.com/en/90975/
@FUZZ0x
https://asec.ahnlab.com/en/90975/
@FUZZ0x
ASEC
Analysis of Encryption Structure of Yurei Ransomware Go-based Builder - ASEC
Analysis of Encryption Structure of Yurei Ransomware Go-based Builder ASEC
❤4
File Tunnel
https://github.com/fiddyschmitt/File-Tunnel
Bypassing a firewall:
Tunnel TCP through RDP:
@reverseengine
https://github.com/fiddyschmitt/File-Tunnel
Bypassing a firewall:
# Host A
ft.exe -L 5000:127.0.0.1:3389 --write "\\server\share\1.dat" --read "\\server\share\2.dat"
# Host B
ft.exe --read "\\server\share\1.dat" --write "\\server\share\2.dat"Tunnel TCP through RDP:
# Host A
ft.exe -L 5000:192.168.1.50:8888 --write "C:\Temp\1.dat" --read "C:\Temp\2.dat"
# Host B
ft.exe --read "\\tsclient\c\Temp\1.dat" --write "\\tsclient\c\Temp\2.dat"@reverseengine
GitHub
GitHub - fiddyschmitt/File-Tunnel: Tunnel TCP connections through a file
Tunnel TCP connections through a file. Contribute to fiddyschmitt/File-Tunnel development by creating an account on GitHub.
❤4