Explain pe file format from ARteam

#pe

Offensive Windows IPC Internals 3: ALPC

https://csandker.io/2022/05/24/Offensive-Windows-IPC-3-ALPC.html

#windows_internals , #ALPC

Debugging and Reversing ALPC

https://csandker.io/2022/05/29/Debugging-And-Reversing-ALPC.html

#windows_internals , #reversing , #debugging , #ALPC

Most PE executables only have a DOS stub, but Robert Xiao combined DOOM Dos and Windows executables into a single universal file.

Advanced merge of genuine Dos headers, relocations, DOS4/GW headers and PE file.

https://github.com/nneonneo/universal-doom

#PE

intresting google dork by coinicap which show "national IDs"

site:https://test.com/ کارت ملی

i will not share the exact dork becuase of users privacy :)

as i see it works with many websites :)

Malware Development for Dummies

In the age of EDR, red team operators cannot get away with using pre-compiled payloads anymore. As such, malware development is becoming a vital skill for any operator. This workshop will show you all you need to get started!

Slides:
https://github.com/chvancooten/maldev-for-dummies/tree/main/Slides

Exercises:
https://github.com/chvancooten/maldev-for-dummies/tree/main/Exercises

#malware_dev #csharp #nim #golang #rust

Novel Detection of Process Injection Using Network Anomalies

https://akamai.com/blog/security-research/novel-detection-methodology-process-injection-using-network-anomalies

#process_injection , #detection

list of articles on malware development.

https://ru-sfera.pw/threads/vvedenie-v-razrabotku-vredonosnyx-programm-oglavlenie.4435/

#malware_dev

Best Way to Make Malware – List of Tutorials

Link

#malware_dev

We write our own malware. Part 1: Learning to write a completely “undetectable” keylogger

https://habr.com/en/companies/varonis/articles/302458/

#malware_dev

Malware 101: Develop and Analyze our own malware

https://fareedfauzi.github.io/2021/09/20/Malware-dev-analysis.html

#malware_dev #malware_analysis

Malware analysis in Russian
(If you have En version of this pls share)
https://m.vk.com/wall-203365865_416

#malware_analysis

fork() bombing windows

https://mostwanted002.page/post/fork-bomb-windows/

Black Mass vol.1 (30.10.2022) - collection of works exclusive to the release of this zine.

#Black_Mass
#Malware_analysis

(In)direct Syscalls: A journey from high to low
RedOps | Red Team Village | DEF CON 31

https://github.com/VirtualAlllocEx/DEFCON-31-Syscalls-Workshop

#malware_dev
#defcon

⚠️ MALWARE DEVELOPMENT


https://github.com/cr-0w/maldev

#malware_dev

A technique of hiding malicious shellcode via Shannon encoding

https://github.com/kleiton0x00/Shelltropy

#malware_dev

AtlasLdr

Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls

Features:

* Retrieve of DLL and PE from a remote server
* Manual Mapping on a remote process
* Position independent code
* Use of indirect Syscalls
- ZwAllocateVirtualMemory
- ZwProtectVirtualMemory
- ZwQuerySystemInformation
- ZwFreeVirtualMemory
- ZwCreateThreadEx
* Single stub for all Syscalls
- Dynamic SSN retrieve
- Dynamic Syscall address resolution
* Atlas also uses
- LdrLoadDll
- NtWriteVirtualMemory
* Custom implementations of
- GetProcAddress
- GetModuleHandle
* API hashing
* Cleanup on error
* Variable EntryPoint