Source Byte
decoded PowerShell noscript that perform C2 connection. The noscript decodes and executes commands received from a C2 server by using R64Decoder Function. credit : @whichbuffer this tool was used by an APT to target @bellingcat https://gist.github.com/…
Someone post it on Twitter and got 5k views and 90 likes while you don't even share post to others 👀
Source Byte pinned «Using Office VBA Macro to exploit a vulnerable driver (zam64.sys) using DeviceIoControl, to get NTAUTHORITY\SYSTEM TL;DR - Ring 0 using Office Doc} Credit: @0xDISREL https://disrel.com/posts/Ring0VBA-Getting-Ring0-Using-a-Goddamn-Word-Document/ #driver…»
Writing a simple 16 bit VM in less than 125 lines of C
https://andreinc.net/2021/12/01/writing-a-simple-vm-in-less-than-125-lines-of-c
#VM
https://andreinc.net/2021/12/01/writing-a-simple-vm-in-less-than-125-lines-of-c
#VM
creating a Rootkit to Learn C
credit : @h0mbre_
https://h0mbre.github.io/Learn-C-By-Creating-A-Rootkit/#
#rootkit ,
credit : @h0mbre_
https://h0mbre.github.io/Learn-C-By-Creating-A-Rootkit/#
#rootkit ,
🔥1
Reminder that creating a memory dump of Outlook.exe not only produces access tokens but also potentially sensitive email content.
Stealing Access Tokens From Office Desktop Applications :
https://mrd0x.com/stealing-tokens-from-office-applications/
credit : @mrd0x
#memory_dump ,
Stealing Access Tokens From Office Desktop Applications :
https://mrd0x.com/stealing-tokens-from-office-applications/
credit : @mrd0x
#memory_dump ,
C2 development guide
https://www.soheilsec.com/توسعه-بدافزار-c2
Language: Persian
credit: @soheilsec
#c2 ,
@islemolecule_source
https://www.soheilsec.com/توسعه-بدافزار-c2
Language: Persian
credit: @soheilsec
#c2 ,
@islemolecule_source
GitBook
Building C2 Implants in C++: A Primer: Introduction
https://shogunlab.gitbook.io
#c2
@islemolecule_source
Building C2 Implants in C++: A Primer: Introduction
https://shogunlab.gitbook.io
#c2
@islemolecule_source
Fuzzing the TCP/IP stack
Credit: Ilja van Sprundel
https://media.ccc.de/v/37c3-12235-fuzzing_the_tcp_ip_stack
#fuzzing, #tcp
—-
@islemolecule_source
Credit: Ilja van Sprundel
https://media.ccc.de/v/37c3-12235-fuzzing_the_tcp_ip_stack
#fuzzing, #tcp
—-
@islemolecule_source
x86 Nirvana Hooks & Manual Syscall Detection
credit : @xenosCR
https://blog.xenoscr.net/2022/01/17/x86-Nirvana-Hooks.html
#syscall ,
———
@islemolecule_source
credit : @xenosCR
https://blog.xenoscr.net/2022/01/17/x86-Nirvana-Hooks.html
#syscall ,
———
@islemolecule_source
Quickly develop malware and bypass 90% of anti-virus software
Credit: Yu Cuan
Link
#malware_dev
_-------
@islemolecule_source
Credit: Yu Cuan
Link
#malware_dev
_-------
@islemolecule_source
10 Underrated Resources about Malware Techniques
Credit: Thomas Roccia
Link
#malware_dev #malware_analysis
----------------------------------
@islemolecule_source
Credit: Thomas Roccia
Link
#malware_dev #malware_analysis
----------------------------------
@islemolecule_source
cff51698592467.pdf
11.7 MB
Black Mass" Volume 2 - Malware Development Guide
#Black_Mass
#VX_Underground
#malware_dev
@islemolecule_source
#Black_Mass
#VX_Underground
#malware_dev
@islemolecule_source
[ EDRSilencer ]
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
EDR list:
Microsoft Defender for Endpoint and Microsoft Defender Antivirus
"MsMpEng.exe",
"MsSense.exe",
Elastic EDR
"elastic-agent.exe",
"elastic-endpoint.exe",
"filebeat.exe",
Trellix EDR
"xagt.exe"
https://github.com/netero1010/EDRSilencer
#EDR
@islemolecule_source
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
EDR list:
Microsoft Defender for Endpoint and Microsoft Defender Antivirus
"MsMpEng.exe",
"MsSense.exe",
Elastic EDR
"elastic-agent.exe",
"elastic-endpoint.exe",
"filebeat.exe",
Trellix EDR
"xagt.exe"
https://github.com/netero1010/EDRSilencer
#EDR
@islemolecule_source