Analyzing AsyncRAT's Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases
trendmicro.com/en_us/researc…
#AsyncRAT , #code_injection , #analysis
trendmicro.com/en_us/researc…
#AsyncRAT , #code_injection , #analysis
👍4
Needles Without The Thread: Threadless Process Injection
https://m.youtube.com/watch?si=UlFxll8AwTtMM0Cz&v=z8GIjk0rfbI&feature=youtu.be
Credit : @_EthicalChaos_
#thread , #process_injection
https://m.youtube.com/watch?si=UlFxll8AwTtMM0Cz&v=z8GIjk0rfbI&feature=youtu.be
Credit : @_EthicalChaos_
#thread , #process_injection
How GitLab's Red Team automates C2 testing
Credit: @eip_4141
https://about.gitlab.com/blog/2023/11/28/how-gitlabs-red-team-automates-c2-testing/
#c2 ,
Credit: @eip_4141
https://about.gitlab.com/blog/2023/11/28/how-gitlabs-red-team-automates-c2-testing/
#c2 ,
Using Office VBA Macro to exploit a vulnerable driver (zam64.sys) using DeviceIoControl, to get NTAUTHORITY\SYSTEM
TL;DR - Ring 0 using Office Doc}
Credit: @0xDISREL
https://disrel.com/posts/Ring0VBA-Getting-Ring0-Using-a-Goddamn-Word-Document/
#driver , #exploitation, #VBA
TL;DR - Ring 0 using Office Doc}
Credit: @0xDISREL
https://disrel.com/posts/Ring0VBA-Getting-Ring0-Using-a-Goddamn-Word-Document/
#driver , #exploitation, #VBA
HexBuddy-Leaked-Courses-Backup.txt
6.2 KB
Here is a list of update courses from various telegram channels gathered by our friend HexBuddy
Source Byte
decoded PowerShell noscript that perform C2 connection. The noscript decodes and executes commands received from a C2 server by using R64Decoder Function. credit : @whichbuffer this tool was used by an APT to target @bellingcat https://gist.github.com/…
Someone post it on Twitter and got 5k views and 90 likes while you don't even share post to others 👀
Source Byte pinned «Using Office VBA Macro to exploit a vulnerable driver (zam64.sys) using DeviceIoControl, to get NTAUTHORITY\SYSTEM TL;DR - Ring 0 using Office Doc} Credit: @0xDISREL https://disrel.com/posts/Ring0VBA-Getting-Ring0-Using-a-Goddamn-Word-Document/ #driver…»
Writing a simple 16 bit VM in less than 125 lines of C
https://andreinc.net/2021/12/01/writing-a-simple-vm-in-less-than-125-lines-of-c
#VM
https://andreinc.net/2021/12/01/writing-a-simple-vm-in-less-than-125-lines-of-c
#VM
creating a Rootkit to Learn C
credit : @h0mbre_
https://h0mbre.github.io/Learn-C-By-Creating-A-Rootkit/#
#rootkit ,
credit : @h0mbre_
https://h0mbre.github.io/Learn-C-By-Creating-A-Rootkit/#
#rootkit ,
🔥1
Reminder that creating a memory dump of Outlook.exe not only produces access tokens but also potentially sensitive email content.
Stealing Access Tokens From Office Desktop Applications :
https://mrd0x.com/stealing-tokens-from-office-applications/
credit : @mrd0x
#memory_dump ,
Stealing Access Tokens From Office Desktop Applications :
https://mrd0x.com/stealing-tokens-from-office-applications/
credit : @mrd0x
#memory_dump ,
C2 development guide
https://www.soheilsec.com/توسعه-بدافزار-c2
Language: Persian
credit: @soheilsec
#c2 ,
@islemolecule_source
https://www.soheilsec.com/توسعه-بدافزار-c2
Language: Persian
credit: @soheilsec
#c2 ,
@islemolecule_source
GitBook
Building C2 Implants in C++: A Primer: Introduction
https://shogunlab.gitbook.io
#c2
@islemolecule_source
Building C2 Implants in C++: A Primer: Introduction
https://shogunlab.gitbook.io
#c2
@islemolecule_source
Fuzzing the TCP/IP stack
Credit: Ilja van Sprundel
https://media.ccc.de/v/37c3-12235-fuzzing_the_tcp_ip_stack
#fuzzing, #tcp
—-
@islemolecule_source
Credit: Ilja van Sprundel
https://media.ccc.de/v/37c3-12235-fuzzing_the_tcp_ip_stack
#fuzzing, #tcp
—-
@islemolecule_source
x86 Nirvana Hooks & Manual Syscall Detection
credit : @xenosCR
https://blog.xenoscr.net/2022/01/17/x86-Nirvana-Hooks.html
#syscall ,
———
@islemolecule_source
credit : @xenosCR
https://blog.xenoscr.net/2022/01/17/x86-Nirvana-Hooks.html
#syscall ,
———
@islemolecule_source