(In)direct Syscalls: A journey from high to low
RedOps | Red Team Village | DEF CON 31
https://github.com/VirtualAlllocEx/DEFCON-31-Syscalls-Workshop
#malware_dev
#defcon
RedOps | Red Team Village | DEF CON 31
https://github.com/VirtualAlllocEx/DEFCON-31-Syscalls-Workshop
#malware_dev
#defcon
❤🔥1
A technique of hiding malicious shellcode via Shannon encoding
https://github.com/kleiton0x00/Shelltropy
#malware_dev
https://github.com/kleiton0x00/Shelltropy
#malware_dev
AtlasLdr
Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls
Features:
Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls
Features:
* Retrieve of DLL and PE from a remote server
* Manual Mapping on a remote process
* Position independent code
* Use of indirect Syscalls
- ZwAllocateVirtualMemory
- ZwProtectVirtualMemory
- ZwQuerySystemInformation
- ZwFreeVirtualMemory
- ZwCreateThreadEx
* Single stub for all Syscalls
- Dynamic SSN retrieve
- Dynamic Syscall address resolution
* Atlas also uses
- LdrLoadDll
- NtWriteVirtualMemory
* Custom implementations of
- GetProcAddress
- GetModuleHandle
* API hashing
* Cleanup on error
* Variable EntryPoint
❤🔥2❤1
Understanding and Abusing Process Tokens
https://securitytimes.medium.com/understanding-and-abusing-process-tokens-part-i-ee51671f2cfa
#malware_dev
#windows
https://securitytimes.medium.com/understanding-and-abusing-process-tokens-part-i-ee51671f2cfa
#malware_dev
#windows
SMTP Smuggling - Spoofing E-Mails Worldwide
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
#smtp , #spoofing , #smuggling
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
#smtp , #spoofing , #smuggling
Cobalt Strike Aggressor Callbacks
https://rastamouse.me/cobalt-strike-aggressor-callbacks/
#Cobalt_Strike ,
https://rastamouse.me/cobalt-strike-aggressor-callbacks/
#Cobalt_Strike ,
Windows CLFS and five exploits used by ransomware operators
https://securelist.com/windows-clfs-exploits-ransomware/111560/
#windows_internls , #CLFS
https://securelist.com/windows-clfs-exploits-ransomware/111560/
#windows_internls , #CLFS
Forwarded from Art of Engineering (Mohsen)
Name: Shellcoder's Handbook
Requirements: C, C++, Assembly
Level: Basics to Intermediate
Authors: Chris Anley, John Heasman, Felix "FX" Lindner, Gerardo Richarte
Chapters:
1- Before You Begin
2- Stack Overflows
3- Shellcode
4- Introduction to Format String Bugs
5- Introduction to Heap Overflows
6- The Wild World of Windows
7- Windows Shellcode
8- Windows Overflows
9- Overcoming Filters
10- Introduction to Solaris Exploitation
11- Advanced Solaris Exploitation
12- OS X Shellcode
13- Cisco IOS Exploitation
14- Protection Mechanisms
15- Establishing a Working Environment
16- Fault Injection
17- The Art of Fuzzing
18- Source Code Auditing
19- Instrumented Investigation: A Manual Approach
20- Tracing for Vulnerabilities
21- Binary Auditing
22- Alternative Payload Strategies
23- Writing Exploits that Work in the Wild
24- Attacking Database Software
25- Unix Kernel Overflows
26- Exploiting Unix Kernel Vulnerabilities
27- Hacking the Windows Kernel
#binary #exploitation #book #resource
Requirements: C, C++, Assembly
Level: Basics to Intermediate
Authors: Chris Anley, John Heasman, Felix "FX" Lindner, Gerardo Richarte
Chapters:
1- Before You Begin
2- Stack Overflows
3- Shellcode
4- Introduction to Format String Bugs
5- Introduction to Heap Overflows
6- The Wild World of Windows
7- Windows Shellcode
8- Windows Overflows
9- Overcoming Filters
10- Introduction to Solaris Exploitation
11- Advanced Solaris Exploitation
12- OS X Shellcode
13- Cisco IOS Exploitation
14- Protection Mechanisms
15- Establishing a Working Environment
16- Fault Injection
17- The Art of Fuzzing
18- Source Code Auditing
19- Instrumented Investigation: A Manual Approach
20- Tracing for Vulnerabilities
21- Binary Auditing
22- Alternative Payload Strategies
23- Writing Exploits that Work in the Wild
24- Attacking Database Software
25- Unix Kernel Overflows
26- Exploiting Unix Kernel Vulnerabilities
27- Hacking the Windows Kernel
#binary #exploitation #book #resource
Forwarded from Art of Engineering (Mohsen)
Art of Engineering
Name: Shellcoder's Handbook Requirements: C, C++, Assembly Level: Basics to Intermediate Authors: Chris Anley, John Heasman, Felix "FX" Lindner, Gerardo Richarte Chapters: 1- Before You Begin 2- Stack Overflows 3- Shellcode 4- Introduction to Format…
The Shellcoder’s Handbook.pdf
8.7 MB
Forwarded from Art of Engineering (Mohsen)
Name: Portable Format Specification (ELF32)
Requirements: Compiling Steps, C Programming
Level: Intermediate
Author: Tools Interface Standards (TIS)
Chapters:
1- Object Files
1- Introduction
2- ELF Header
3- Sections
4- String Table
5- Symbol Table
6- Relocation
2- Program Loading and Dynamic Linking
1- Introduction
2- Program Header
3- Program Loading
4- Dynamic Linking
3- C Library
1- C Library
#elf #reverse_engineering #binary #paper #resource
Requirements: Compiling Steps, C Programming
Level: Intermediate
Author: Tools Interface Standards (TIS)
Chapters:
1- Object Files
1- Introduction
2- ELF Header
3- Sections
4- String Table
5- Symbol Table
6- Relocation
2- Program Loading and Dynamic Linking
1- Introduction
2- Program Header
3- Program Loading
4- Dynamic Linking
3- C Library
1- C Library
#elf #reverse_engineering #binary #paper #resource
Forwarded from Art of Engineering (Mohsen)
Art of Engineering
Name: Portable Format Specification (ELF32) Requirements: Compiling Steps, C Programming Level: Intermediate Author: Tools Interface Standards (TIS) Chapters: 1- Object Files 1- Introduction 2- ELF Header 3- Sections 4- String Table 5- Symbol…
elf.pdf
337.1 KB
Forwarded from Art of Engineering (Mohsen)
Name: Portable Format Specification (PE/EXE)
Requirements: Compiling Steps, C Programming
Level: Intermediate
Author: Tools Interface Standards (TIS)
Chapters:
1 - Overview
2 - PE Header
3 - Object Table
4 - Image Pages
5 - Exports
6 - Imports
7 - Thread Local Storage
8 - Resources
9 - Fixup Table
10 - Debug Information
#pe #exe #reverse_engineering #binary #paper #resource
Requirements: Compiling Steps, C Programming
Level: Intermediate
Author: Tools Interface Standards (TIS)
Chapters:
1 - Overview
2 - PE Header
3 - Object Table
4 - Image Pages
5 - Exports
6 - Imports
7 - Thread Local Storage
8 - Resources
9 - Fixup Table
10 - Debug Information
#pe #exe #reverse_engineering #binary #paper #resource
Forwarded from Art of Engineering (Mohsen)
Art of Engineering
Name: Portable Format Specification (PE/EXE) Requirements: Compiling Steps, C Programming Level: Intermediate Author: Tools Interface Standards (TIS) Chapters: 1 - Overview 2 - PE Header 3 - Object Table 4 - Image Pages 5 - Exports 6 - Imports…
PE_EXE.pdf
391.7 KB
Interesting writeup on how to increase the chances to hit a race condition window in Linux kernel
Credits Google Project Zero
googleprojectzero.blogspot.c…
#linux , #race_condition , #white_paper
Credits Google Project Zero
googleprojectzero.blogspot.c…
#linux , #race_condition , #white_paper
❤🔥1
Forwarded from OnHex
Implant.ARM_.iLOBleed.a-fa-1.pdf
985.2 KB
🔴 گزارش شرکت امن پرداز، در خصوص کشف اولین روت کیت در فریمورهای ILO سرورهای HP در شبکه ی ایران
🆔 @onhex_ir
➡️ ALL Link
🆔 @onhex_ir
➡️ ALL Link
👍1
Amnpardaz-iLOBleed.pdf
761.5 KB
Take the lights-out Implant.ARM.iLOBleed.a
The first rootkit discovered infecting HP iLO firmware
English Version
*from vx-underground *
The first rootkit discovered infecting HP iLO firmware
English Version
*from vx-underground *
How to Write Shellcode for Shellcode Injection and Simplify Assembly Code Development
https://medium.com/@muchiemma/how-to-write-shellcode-for-shellcode-injection-and-simplify-assembly-code-development-703c3f214c46
#malware_dev #shellcode
https://medium.com/@muchiemma/how-to-write-shellcode-for-shellcode-injection-and-simplify-assembly-code-development-703c3f214c46
#malware_dev #shellcode
17065-manual-shellcode.pdf
1.3 MB
manual-shellcode.pdf
#shellcode
#shellcode