Malware Development for Dummies
In the age of EDR, red team operators cannot get away with using pre-compiled payloads anymore. As such, malware development is becoming a vital skill for any operator. This workshop will show you all you need to get started!
Slides:
https://github.com/chvancooten/maldev-for-dummies/tree/main/Slides
Exercises:
https://github.com/chvancooten/maldev-for-dummies/tree/main/Exercises
#malware_dev #csharp #nim #golang #rust
In the age of EDR, red team operators cannot get away with using pre-compiled payloads anymore. As such, malware development is becoming a vital skill for any operator. This workshop will show you all you need to get started!
Slides:
https://github.com/chvancooten/maldev-for-dummies/tree/main/Slides
Exercises:
https://github.com/chvancooten/maldev-for-dummies/tree/main/Exercises
#malware_dev #csharp #nim #golang #rust
❤🔥2👍1
Novel Detection of Process Injection Using Network Anomalies
https://akamai.com/blog/security-research/novel-detection-methodology-process-injection-using-network-anomalies
#process_injection , #detection
https://akamai.com/blog/security-research/novel-detection-methodology-process-injection-using-network-anomalies
#process_injection , #detection
👍5
Should I share open-source tools that I find interesting? (to get ideas from them)
Anonymous Poll
89%
yes
11%
no
list of articles on malware development.
https://ru-sfera.pw/threads/vvedenie-v-razrabotku-vredonosnyx-programm-oglavlenie.4435/
#malware_dev
https://ru-sfera.pw/threads/vvedenie-v-razrabotku-vredonosnyx-programm-oglavlenie.4435/
#malware_dev
We write our own malware. Part 1: Learning to write a completely “undetectable” keylogger
https://habr.com/en/companies/varonis/articles/302458/
#malware_dev
https://habr.com/en/companies/varonis/articles/302458/
#malware_dev
❤🔥1
Malware 101: Develop and Analyze our own malware
https://fareedfauzi.github.io/2021/09/20/Malware-dev-analysis.html
#malware_dev #malware_analysis
https://fareedfauzi.github.io/2021/09/20/Malware-dev-analysis.html
#malware_dev #malware_analysis
❤🔥2
Malware analysis in Russian
(If you have En version of this pls share)
https://m.vk.com/wall-203365865_416
#malware_analysis
(If you have En version of this pls share)
https://m.vk.com/wall-203365865_416
#malware_analysis
BM_1_22.pdf
32 MB
Black Mass vol.1 (30.10.2022) - collection of works exclusive to the release of this zine.
#Black_Mass
#Malware_analysis
#Black_Mass
#Malware_analysis
👍2
(In)direct Syscalls: A journey from high to low
RedOps | Red Team Village | DEF CON 31
https://github.com/VirtualAlllocEx/DEFCON-31-Syscalls-Workshop
#malware_dev
#defcon
RedOps | Red Team Village | DEF CON 31
https://github.com/VirtualAlllocEx/DEFCON-31-Syscalls-Workshop
#malware_dev
#defcon
❤🔥1
A technique of hiding malicious shellcode via Shannon encoding
https://github.com/kleiton0x00/Shelltropy
#malware_dev
https://github.com/kleiton0x00/Shelltropy
#malware_dev
AtlasLdr
Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls
Features:
Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls
Features:
* Retrieve of DLL and PE from a remote server
* Manual Mapping on a remote process
* Position independent code
* Use of indirect Syscalls
- ZwAllocateVirtualMemory
- ZwProtectVirtualMemory
- ZwQuerySystemInformation
- ZwFreeVirtualMemory
- ZwCreateThreadEx
* Single stub for all Syscalls
- Dynamic SSN retrieve
- Dynamic Syscall address resolution
* Atlas also uses
- LdrLoadDll
- NtWriteVirtualMemory
* Custom implementations of
- GetProcAddress
- GetModuleHandle
* API hashing
* Cleanup on error
* Variable EntryPoint
❤🔥2❤1
Understanding and Abusing Process Tokens
https://securitytimes.medium.com/understanding-and-abusing-process-tokens-part-i-ee51671f2cfa
#malware_dev
#windows
https://securitytimes.medium.com/understanding-and-abusing-process-tokens-part-i-ee51671f2cfa
#malware_dev
#windows
SMTP Smuggling - Spoofing E-Mails Worldwide
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
#smtp , #spoofing , #smuggling
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
#smtp , #spoofing , #smuggling
Cobalt Strike Aggressor Callbacks
https://rastamouse.me/cobalt-strike-aggressor-callbacks/
#Cobalt_Strike ,
https://rastamouse.me/cobalt-strike-aggressor-callbacks/
#Cobalt_Strike ,
Windows CLFS and five exploits used by ransomware operators
https://securelist.com/windows-clfs-exploits-ransomware/111560/
#windows_internls , #CLFS
https://securelist.com/windows-clfs-exploits-ransomware/111560/
#windows_internls , #CLFS
Forwarded from Art of Engineering (Mohsen)
Name: Shellcoder's Handbook
Requirements: C, C++, Assembly
Level: Basics to Intermediate
Authors: Chris Anley, John Heasman, Felix "FX" Lindner, Gerardo Richarte
Chapters:
1- Before You Begin
2- Stack Overflows
3- Shellcode
4- Introduction to Format String Bugs
5- Introduction to Heap Overflows
6- The Wild World of Windows
7- Windows Shellcode
8- Windows Overflows
9- Overcoming Filters
10- Introduction to Solaris Exploitation
11- Advanced Solaris Exploitation
12- OS X Shellcode
13- Cisco IOS Exploitation
14- Protection Mechanisms
15- Establishing a Working Environment
16- Fault Injection
17- The Art of Fuzzing
18- Source Code Auditing
19- Instrumented Investigation: A Manual Approach
20- Tracing for Vulnerabilities
21- Binary Auditing
22- Alternative Payload Strategies
23- Writing Exploits that Work in the Wild
24- Attacking Database Software
25- Unix Kernel Overflows
26- Exploiting Unix Kernel Vulnerabilities
27- Hacking the Windows Kernel
#binary #exploitation #book #resource
Requirements: C, C++, Assembly
Level: Basics to Intermediate
Authors: Chris Anley, John Heasman, Felix "FX" Lindner, Gerardo Richarte
Chapters:
1- Before You Begin
2- Stack Overflows
3- Shellcode
4- Introduction to Format String Bugs
5- Introduction to Heap Overflows
6- The Wild World of Windows
7- Windows Shellcode
8- Windows Overflows
9- Overcoming Filters
10- Introduction to Solaris Exploitation
11- Advanced Solaris Exploitation
12- OS X Shellcode
13- Cisco IOS Exploitation
14- Protection Mechanisms
15- Establishing a Working Environment
16- Fault Injection
17- The Art of Fuzzing
18- Source Code Auditing
19- Instrumented Investigation: A Manual Approach
20- Tracing for Vulnerabilities
21- Binary Auditing
22- Alternative Payload Strategies
23- Writing Exploits that Work in the Wild
24- Attacking Database Software
25- Unix Kernel Overflows
26- Exploiting Unix Kernel Vulnerabilities
27- Hacking the Windows Kernel
#binary #exploitation #book #resource
Forwarded from Art of Engineering (Mohsen)
Art of Engineering
Name: Shellcoder's Handbook Requirements: C, C++, Assembly Level: Basics to Intermediate Authors: Chris Anley, John Heasman, Felix "FX" Lindner, Gerardo Richarte Chapters: 1- Before You Begin 2- Stack Overflows 3- Shellcode 4- Introduction to Format…
The Shellcoder’s Handbook.pdf
8.7 MB
Forwarded from Art of Engineering (Mohsen)
Name: Portable Format Specification (ELF32)
Requirements: Compiling Steps, C Programming
Level: Intermediate
Author: Tools Interface Standards (TIS)
Chapters:
1- Object Files
1- Introduction
2- ELF Header
3- Sections
4- String Table
5- Symbol Table
6- Relocation
2- Program Loading and Dynamic Linking
1- Introduction
2- Program Header
3- Program Loading
4- Dynamic Linking
3- C Library
1- C Library
#elf #reverse_engineering #binary #paper #resource
Requirements: Compiling Steps, C Programming
Level: Intermediate
Author: Tools Interface Standards (TIS)
Chapters:
1- Object Files
1- Introduction
2- ELF Header
3- Sections
4- String Table
5- Symbol Table
6- Relocation
2- Program Loading and Dynamic Linking
1- Introduction
2- Program Header
3- Program Loading
4- Dynamic Linking
3- C Library
1- C Library
#elf #reverse_engineering #binary #paper #resource