Screenshot at 2019-01-24 11-14-21.png
113.9 KB
R2 commands
agc
aga
agx
pdd
axt @@ str.*
agc
aga
agx
pdd
axt @@ str.*
amber a reflective PE packer for bypassing security products and mitigations
https://github.com/EgeBalci/Amber
https://github.com/EgeBalci/Amber
A reverse shell is a shell initiated from the target host back to the attack box which is in a listening state to pick up the shell. A bind shell is setup on the target host and binds to a specific port to listens for an incoming connection from the attack box. In malicious software a bind shell is often revered to as a backdoor.
https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/
https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/
Hacking Tutorials
Hacking with Netcat part 2: Bind and reverse shells - Hacking Tutorials
In part 2 of hacking with Netcat we will be learning about bind shells and reverse shells on Windows and Linux using Netcat, Python, PHP, Perl and Bash.
Terminalizer – Record Your #Linux Terminal and Generate Animated GIF
https://www.tecmint.com/terminalizer-record-your-linux-terminal-in-gif/
https://www.tecmint.com/terminalizer-record-your-linux-terminal-in-gif/
Terminalizer – Record Your Linux Terminal and Generate Animated GIF
Terminalizer - Record Your Linux Terminal and Generate Animated GIF
Terminalizer is a free, open source, highly customizable and cross-platform program to record your Linux terminal session and generate animated GIF images.
Windows anti Debugging Protection Techniques With Examples
https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software
https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software
Apriorit
Anti Debugging Protection Techniques with Examples
This article considers popular anti-cracking, anti reverse engineering protection techniques, namely anti-debug methods in Windows OS.
Anti-Debugging and Anti-VM Techniques and Anti-Emulation
https://resources.infosecinstitute.com/anti-debugging-and-anti-vm-techniques-and-anti-emulation/#gref
https://resources.infosecinstitute.com/anti-debugging-and-anti-vm-techniques-and-anti-emulation/#gref
Infosecinstitute
Anti-debugging and anti-VM techniques and anti-emulation [updated 2019] | Infosec
These days malware is becoming more advanced. Malware Analysts use lots of debugging software and applications to analyze malware and spyware. Malware author
Decompiling and running flash programs using SWF file player + FFdec
EXPLORING THE PE FILE FORMAT VIA IMPORTS
DLL Name RVA: A pointer (address) to the name of the imported DLL.
Import Address Table (IAT) RVA is populated by the loader when the executable and its imported DLLs are mapped into memory, and it is a table of pointers to the imported functions. Each entry in the table is called a “thunk” and the table is referred to as a “thunk table.” With that in mind, the RVA in this field points to the address of the imported function within the IAT
https://malwology.com/2018/10/05/exploring-the-pe-file-format-via-imports/
DLL Name RVA: A pointer (address) to the name of the imported DLL.
Import Address Table (IAT) RVA is populated by the loader when the executable and its imported DLLs are mapped into memory, and it is a table of pointers to the imported functions. Each entry in the table is called a “thunk” and the table is referred to as a “thunk table.” With that in mind, the RVA in this field points to the address of the imported function within the IAT
https://malwology.com/2018/10/05/exploring-the-pe-file-format-via-imports/