Source Byte pinned «Remember #stuxnet ? It was Dutch Erik van Sabben who planted the bug in Iran. I've seen it in Dutch news channels, will pop up internationally any minute I guess. https://nos.nl/artikel/2504114-nederlander-saboteerde-atoomcomplex-in-iran-den-haag-wist-niets…»
Forwarded from Zer0Day Lab
Please open Telegram to view this post
VIEW IN TELEGRAM
Concealed code execution: Techniques and detection
(Process Tampering)
Link
#malware_dev
@islemolecule_source
(Process Tampering)
Link
#malware_dev
@islemolecule_source
Octo Banking Botnet [ Source Code ] Leaked
Link
Note: ONLY DEBIAN 11 6 gb RAM / 100 GB / 3 cores, Server Internet speed 100 megabytes
❌open in VM
#leaked
@islemolecule_source
Link
Note: ONLY DEBIAN 11 6 gb RAM / 100 GB / 3 cores, Server Internet speed 100 megabytes
❌open in VM
#leaked
@islemolecule_source
NtDoc
Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers
https://ntdoc.m417z.com/
#windows
#win_api
@islemolecule_source
Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers
https://ntdoc.m417z.com/
#windows
#win_api
@islemolecule_source
GitHub
systeminformer/phnt at master · winsiderss/systeminformer
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-i...
Forwarded from Some Security Notes
#malware #reversing
Показано как с помощью параметра SectionAlignment создать исполняемый файл с пустым PE-заголовком.
https://secret.club/2023/06/05/spoof-pe-sections.html
Показано как с помощью параметра SectionAlignment создать исполняемый файл с пустым PE-заголовком.
https://secret.club/2023/06/05/spoof-pe-sections.html
secret club
Abusing undocumented features to spoof PE section headers
Introduction Some time ago, I accidentally came across some interesting behaviour in PE files while debugging an unrelated project. I noticed that setting the SectionAlignment value in the NT header to a value lower than the page size (4096) resulted in significant…
The Evolution of Protected Processes – Part 1
link
The Evolution of Protected Processes – Part 2
link
#windows
#threat_hunting
@islemolecule_source
link
The Evolution of Protected Processes – Part 2
link
#windows
#threat_hunting
@islemolecule_source
Microsoft Open Source Code of Conduct
(implement of DNS , AMASI ,....)
LInK
#windows
#win_api
@islemolecule_source
(implement of DNS , AMASI ,....)
LInK
#windows
#win_api
@islemolecule_source
F#ck AMSI! How to bypass Antimalware Scan Interface and infect Windows
https://hackmag.com/security/fck-amsi/
#windows
#malware_dev
@islemolecule_source
https://hackmag.com/security/fck-amsi/
#windows
#malware_dev
@islemolecule_source