A reverse shell is a shell initiated from the target host back to the attack box which is in a listening state to pick up the shell. A bind shell is setup on the target host and binds to a specific port to listens for an incoming connection from the attack box. In malicious software a bind shell is often revered to as a backdoor.
https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/
https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/
Hacking Tutorials
Hacking with Netcat part 2: Bind and reverse shells - Hacking Tutorials
In part 2 of hacking with Netcat we will be learning about bind shells and reverse shells on Windows and Linux using Netcat, Python, PHP, Perl and Bash.
Terminalizer – Record Your #Linux Terminal and Generate Animated GIF
https://www.tecmint.com/terminalizer-record-your-linux-terminal-in-gif/
https://www.tecmint.com/terminalizer-record-your-linux-terminal-in-gif/
Terminalizer – Record Your Linux Terminal and Generate Animated GIF
Terminalizer - Record Your Linux Terminal and Generate Animated GIF
Terminalizer is a free, open source, highly customizable and cross-platform program to record your Linux terminal session and generate animated GIF images.
Windows anti Debugging Protection Techniques With Examples
https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software
https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software
Apriorit
Anti Debugging Protection Techniques with Examples
This article considers popular anti-cracking, anti reverse engineering protection techniques, namely anti-debug methods in Windows OS.
Anti-Debugging and Anti-VM Techniques and Anti-Emulation
https://resources.infosecinstitute.com/anti-debugging-and-anti-vm-techniques-and-anti-emulation/#gref
https://resources.infosecinstitute.com/anti-debugging-and-anti-vm-techniques-and-anti-emulation/#gref
Infosecinstitute
Anti-debugging and anti-VM techniques and anti-emulation [updated 2019] | Infosec
These days malware is becoming more advanced. Malware Analysts use lots of debugging software and applications to analyze malware and spyware. Malware author
Decompiling and running flash programs using SWF file player + FFdec
EXPLORING THE PE FILE FORMAT VIA IMPORTS
DLL Name RVA: A pointer (address) to the name of the imported DLL.
Import Address Table (IAT) RVA is populated by the loader when the executable and its imported DLLs are mapped into memory, and it is a table of pointers to the imported functions. Each entry in the table is called a “thunk” and the table is referred to as a “thunk table.” With that in mind, the RVA in this field points to the address of the imported function within the IAT
https://malwology.com/2018/10/05/exploring-the-pe-file-format-via-imports/
DLL Name RVA: A pointer (address) to the name of the imported DLL.
Import Address Table (IAT) RVA is populated by the loader when the executable and its imported DLLs are mapped into memory, and it is a table of pointers to the imported functions. Each entry in the table is called a “thunk” and the table is referred to as a “thunk table.” With that in mind, the RVA in this field points to the address of the imported function within the IAT
https://malwology.com/2018/10/05/exploring-the-pe-file-format-via-imports/
PE 101/102 - a windows executable walkthrough
https://github.com/corkami/pics/tree/master/binary/pe101
https://github.com/corkami/pics/tree/master/binary/pe102
https://github.com/corkami/pics/tree/master/binary/pe101
https://github.com/corkami/pics/tree/master/binary/pe102
GitHub
pics/binary/pe101 at master · corkami/pics
File formats dissections and more... Contribute to corkami/pics development by creating an account on GitHub.
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
https://github.com/LordNoteworthy/al-khaser
https://github.com/LordNoteworthy/al-khaser
GitHub
GitHub - ayoubfaouzi/al-khaser: Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection. - GitHub - ayoubfaouzi/al-khaser: Public malware techniques used in the wild: Virtual Machine,...
Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
https://github.com/summitt/Burp-Non-HTTP-Extension
https://github.com/summitt/Burp-Non-HTTP-Extension
GitHub
GitHub - summitt/Nope-Proxy: TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite. - summitt/Nope-Proxy
Four Ways to Bypass Android SSL Verification and Certificate Pinning
https://blog.netspi.com/four-ways-bypass-android-ssl-verification-certificate-pinning/
https://blog.netspi.com/four-ways-bypass-android-ssl-verification-certificate-pinning/
NetSPI
Four Ways to Bypass Android SSL Verification and Certificate Pinning
Explore four techniques to bypass SSL certificate checks on Android in our Four Ways to Bypass Android SSL Verification and Certificate Pinning blog.