MuddyWater APT 🇮🇷 targeting telecoms orgs in North and East Africa with custom tools.
credit : @1ZRR4H
Tracking #MuddyC2Go servers with:
- Shodan: LINK
- Censys: LINK
Active C&C servers:
http://94.131.98[.]14:443/
http://95.164.38[.]99:443/
http://94.131.109[.]65:443/
http://45.67.230[.]91:443/
http://45.150.64[.]39:443/
[+] MuddyC2Go PowerShell launcher: LINK
REF: LINK
credit : @1ZRR4H
Tracking #MuddyC2Go servers with:
- Shodan: LINK
- Censys: LINK
Active C&C servers:
http://94.131.98[.]14:443/
http://95.164.38[.]99:443/
http://94.131.109[.]65:443/
http://45.67.230[.]91:443/
http://45.150.64[.]39:443/
[+] MuddyC2Go PowerShell launcher: LINK
REF: LINK
Internals of compilers, linkers, JITs and assemblers with focus on software security hardening)
Low-Level Software Security for Compiler Developers:
https://llsoftsec.github.io/llsoftsecbook/
#internals , #linker
———
@islemolecule_source
Low-Level Software Security for Compiler Developers:
https://llsoftsec.github.io/llsoftsecbook/
#internals , #linker
———
@islemolecule_source
IPv6 Security & Capability Testing series
credit : @enno_insinuator
[ 1 ] : https://theinternetprotocolblog.wordpress.com/2020/05/24/ipv6-security-capability-testing-part-1/
[ 2 ] : https://theinternetprotocolblog.wordpress.com/2020/05/26/ipv6-security-capability-testing-part-2/
———
@islemolecule_source
credit : @enno_insinuator
[ 1 ] : https://theinternetprotocolblog.wordpress.com/2020/05/24/ipv6-security-capability-testing-part-1/
[ 2 ] : https://theinternetprotocolblog.wordpress.com/2020/05/26/ipv6-security-capability-testing-part-2/
———
@islemolecule_source
IPv6 Security on the Stack Level
credit : @enno_insinuator
https://theinternetprotocolblog.wordpress.com/2020/08/02/ipv6-security-on-the-stack-level/
———
@islemolecule_source
credit : @enno_insinuator
https://theinternetprotocolblog.wordpress.com/2020/08/02/ipv6-security-on-the-stack-level/
———
@islemolecule_source
Remember #stuxnet ? It was Dutch Erik van Sabben who planted the bug in Iran. I've seen it in Dutch news channels, will pop up internationally any minute I guess.
https://nos.nl/artikel/2504114-nederlander-saboteerde-atoomcomplex-in-iran-den-haag-wist-niets
#tweet
credit : @CisoDiagonal
https://nos.nl/artikel/2504114-nederlander-saboteerde-atoomcomplex-in-iran-den-haag-wist-niets
#tweet
credit : @CisoDiagonal
Source Byte pinned «Remember #stuxnet ? It was Dutch Erik van Sabben who planted the bug in Iran. I've seen it in Dutch news channels, will pop up internationally any minute I guess. https://nos.nl/artikel/2504114-nederlander-saboteerde-atoomcomplex-in-iran-den-haag-wist-niets…»
Forwarded from Zer0Day Lab
Please open Telegram to view this post
VIEW IN TELEGRAM
Concealed code execution: Techniques and detection
(Process Tampering)
Link
#malware_dev
@islemolecule_source
(Process Tampering)
Link
#malware_dev
@islemolecule_source
Octo Banking Botnet [ Source Code ] Leaked
Link
Note: ONLY DEBIAN 11 6 gb RAM / 100 GB / 3 cores, Server Internet speed 100 megabytes
❌open in VM
#leaked
@islemolecule_source
Link
Note: ONLY DEBIAN 11 6 gb RAM / 100 GB / 3 cores, Server Internet speed 100 megabytes
❌open in VM
#leaked
@islemolecule_source
NtDoc
Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers
https://ntdoc.m417z.com/
#windows
#win_api
@islemolecule_source
Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers
https://ntdoc.m417z.com/
#windows
#win_api
@islemolecule_source
GitHub
systeminformer/phnt at master · winsiderss/systeminformer
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-i...
Forwarded from Some Security Notes
#malware #reversing
Показано как с помощью параметра SectionAlignment создать исполняемый файл с пустым PE-заголовком.
https://secret.club/2023/06/05/spoof-pe-sections.html
Показано как с помощью параметра SectionAlignment создать исполняемый файл с пустым PE-заголовком.
https://secret.club/2023/06/05/spoof-pe-sections.html
secret club
Abusing undocumented features to spoof PE section headers
Introduction Some time ago, I accidentally came across some interesting behaviour in PE files while debugging an unrelated project. I noticed that setting the SectionAlignment value in the NT header to a value lower than the page size (4096) resulted in significant…
The Evolution of Protected Processes – Part 1
link
The Evolution of Protected Processes – Part 2
link
#windows
#threat_hunting
@islemolecule_source
link
The Evolution of Protected Processes – Part 2
link
#windows
#threat_hunting
@islemolecule_source