Let's Create Some Polymorphic PIC Shellcode

https://g3tsyst3m.com/shellcode/pic/Let's-Create-Some-Polymorphic-PIC-Shellcode!/

@reverseengine

Repurpose EDR as an Offensive Tool

https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

@reverseengine

A Collection of incredible Malware Analysis and Reverse Engineering

https://x.com/embee_research/status/1674001545476861954

@reverseengine

GoogleCTF 2024 Writeups

https://blog.huli.tw/2024/06/28/en/google-ctf-2024-writeup/

@reverseengine

PWN

https://pwn.college/dojos

@reverseengine

Adaptix C2

https://github.com/Adaptix-Framework/Extension-Kit


Blogs:
https://adaptix-framework.gitbook.io/adaptix-framework/blogs



https://github.com/Adaptix-Framework/AdaptixC2

sudo apt install mingw-w64 make

wget https://go.dev/dl/go1.24.4.linux-amd64.tar.gz -O /tmp/go1.24.4.linux-amd64.tar.gz
sudo rm -rf /usr/local/go /usr/local/bin/go
sudo tar -C /usr/local -xzf /tmp/go1.24.4.linux-amd64.tar.gz
sudo ln -s /usr/local/go/bin/go /usr/local/bin/go

sudo apt install gcc g++ build-essential cmake libssl-dev qt6-base-dev qt6-websockets-dev qt6-declarative-dev

git clone https://github.com/Adaptix-Framework/AdaptixC2.git
cd AdaptixC2
make server
make extenders
make client
cd dist
chmod +x ssl_gen.sh
./ssl_gen.sh

./adaptixserver -profile profile.json
./AdaptixClient

Document:
https://adaptix-framework.gitbook.io/adaptix-framework

@reverseengine

BypassAV

https://github.com/matro7sh/BypassAV

@reverseengine

Linux Rootkit Malware

https://www.fortinet.com/blog/threat-research/deep-dive-into-a-linux-rootkit-malware?utm_source=chatgpt.com

@reverseengine

Learn Binary Exploitation

https://github.com/Adamkadaban/LearnPwn

@reverseengine

Rootkit Technique to Hook the SSDT via Alt Syscalls

https://fluxsec.red/hells-hollow-a-new-SSDT-hooking-technique-with-alt-syscalls-rootkit

Poc: https://github.com/0xflux/Hells-Hollow

@reverseengine

Kill EDR Processes Permanently

User-Mode Code and Its Rootkit

https://github.com/SaadAhla/dark-kill

@reverseengine

Root Shell on Credit Card Terminal

Reverse Engineer Payment card Terminals

https://stefan-gloor.ch/yomani-hack

@reverseengine

تمام اموزشات جنبه ی آموزشی دارن و هرگونه استفاده نادرست مسئولیتش با خودتونه لطفا درست استفاده کنید

All training is for educational purposes only and any misuse is your responsibility. Please use it correctly.

A .NET Assembly Tracer Using Harmony for Runtime Method Interception

https://github.com/eversinc33/NetRunner

@reverseengine

Windows API Arsenal

Reverse Engineering Reference

https://blog.fautl.com/api-list.html

@reverseengine

Streamlining Vulnerability Research with the Idalib Rust Bindings for IDA 9.2

https://hex-rays.com/blog/streamlining-vulnerability-research-idalib-rust-bindings

@reverseengine

An introduction to reverse engineering .NET AOT applications

https://harfanglab.io/en/insidethelab/reverse-engineering-ida-pro-aot-net

@reverseengine

Learning Binary Ninja for Reverse Engineering - Scripting Basics and More Part 1

https://www.youtube.com/watch?v=RVyZBqjLrE0

@reverseengine

WORKSHOP
Reversing with Ghidra

https://www.youtube.com/watch?v=CO70I0813Gk

@reverseengine

بخش چهارم بافر اورفلو

توضیح heap overflow

هیپ جایی که برای تخصیص حافظه پویا با malloc calloc یا new
heap overflow زمانی رخ میده که داده ای زیاد در بلاک های heap نوشته بشه
متادیتای allocator یا بلاک های همجوار رو خراب میکنه
خطاهای heap معمولا با کرش در توابع libc یا هنگام free کردن حافظه دیده میشن و ردگیری اونها با tools مثل valgrind یا heap debugger مفیده


کد هیپ
در این کد یک بلوک روی heap اختصاص داده شده و بعد با memset مقدار بیشتری از اندازه نوشته میشه
هدف دیدن خطا در زمان free یا گزارش valgrind هست

کد هیپ فایل any_heap.c:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main() {
    char *p = malloc(32);
    if (!p) return 1;
    printf("allocated 32 bytes on heap\n");
    /* intentionally overflow the heap block for any_heap
       do not use this pattern in real code */
    memset(p, 'A', 64);
    free(p);
    printf("freed block\n");
    return 0;
}

دستورات اجرا و بررسی heap
از valgrind یا malloc debug استفاده کنید تا متادیتا یا خطاها رو ببینید

gcc -g any_heap.c -o any_heap
valgrind --leak-check=full ./
any_heap

# یا اجرا در محیطی با malloc debug فعال

نکات که هنگام نوشتن کد باید بدونیم خطاهای هیپ ممکنه فوری کرش نکنن و اغلب در زمان free یا عملیات بعدی ظاهر میشن
از ابزارهایی مثل valgrind یا malloc debug برای ردگیری استفاده کنید

Part 4 Buffer Overflow

Heap Overflow Explanation
Heap where to allocate dynamic memory with malloc calloc or new
Heap overflow occurs when too much data is written to heap blocks
Corrupts allocator metadata or adjacent blocks
Heap errors are usually seen with crashes in libc functions or when freeing memory and are useful to trace with tools like valgrind or heap debugger

Heap Code
In this code, a block is allocated on the heap and then written with memset more than the size
The goal is to see the error at free time or in valgrind reports

Heap Code File any_heap.c:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main() {
char *p = malloc(32);
if (!p) return 1;
printf("allocated 32 bytes on heap\n");
/* intentionally overflow the heap block for any_heap
do not use this pattern in real code */
memset(p, 'A', 64);
free(p);
printf("freed block\n");
return 0;
}

Heap execution and inspection commands
Use valgrind or malloc debug to see metadata or errors

gcc -g any_heap.c -o any_heap
valgrind --leak-check=full ./
any_heap

# or run in an environment with malloc debug enabled

Things to know when writing code Heap errors may not crash immediately and often appear during free or subsequent operations
Use tools like valgrind or malloc debug for tracing


@reverseengine