VT Query - behaviour:Local\\Kasimir_* AND behaviour:Local\\azov AND tag:64bits AND (behaviour_files:RESTORE_FILES OR behaviour_registry:rdpclient.exe)

X86 Opcode and Instruction Reference

LinK

#shellcode
_____
@islemolecule_source

Tutorial - Writing Hardcoded Windows Shellcodes (32bit)

LinK

#shellcode
_____
@islemolecule_source

Flying Under the Radar: Abusing GitHub for Malicious Infrastructure

https://www.recordedfuture.com/flying-under-the-radar-abusing-github-malicious-infrastructure

#c2 ,
———
@islemolecule_source

Malware repository

https://github.com/cryptwareapps/Malware-Database

#malware_analysis
--------
@islemolecule_source

A collection of weggli patterns for C/C++ vulnerability research

https://security.humanativaspa.it/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research/

———
@islemolecule_source

🔥RedEye is an open-source analytic tool developed by CISA and DOE’s Pacific Northwest National Laboratory to assist Red Teams with visualizing and reporting command and control activities. This tool allows an operator to assess and display complex data, evaluate mitigation strategies, and enable effective decision making in response to a Red Team assessment. The tool parses logs, such as those from Cobalt Strike, and presents the data in an easily digestible format. The users can then tag and add comments to activities displayed within the tool.

RedEye can assist an operator to efficiently:
⚙️Replay and demonstrate Red Team’s assessment activities as they occurred rather than manually pouring through thousands of lines of log text.
⚙️Display and evaluate complex assessment data to enable effective decision making.
⚙️Gain a clearer understanding of the attack path taken and the hosts compromised during a Red Team assessment or penetration test.

An aggressor noscript that can help automate payload building in Cobalt Strike

https://github.com/Workingdaturah/Payload-Generator

#c2 ,#Cobalt_Strike
———
@islemolecule_source

pafish -malware source code
(different techniques to detect virtual machines)
Link

#malware_analysis #malware_dev

@islemolecule_source

Zeus trojan horse source code

Link

#malware_analysis #malware_dev

@islemolecule_source

antidebug.pdf

https://github.com/ThomasThelen/Anti-Debugging?tab=readme-ov-file

#reverse
#malware_analysis

@islemolecule_source

Source:
Handle-Ripper(Handle hijacking)
Link


#malware_dev
@islemolecule_source

nope
answer is windows

#CVE-2023-36003 (#Windows #LPE XAML diagnostics API)

Blog: https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/

PoC: https://github.com/m417z/CVE-2023-36003-POC

Fortinet Series

[ 1 ] Analysis of CVE-2022–40684

[ 2 ] Fortinet Series 2 — Analysis of SSLVPN exploit (CVE-2022–42475)

[ 3 ] Fortinet Series 3 — CVE-2022–42475 SSLVPN exploit strategy

#analysis ,
———
@islemolecule_source

VMProtect Source Code (Leaked 07.12.2023)

https://github.com/jmpoep/vmprotect-3.5.1


#vmp #protector
@islemolecule_source

Building a labeled malware corpus for YARA testing
credit : Steve Miller

https://stairwell.com/resources/quick-n-dirty-detection-research-building-a-labeled-malware-corpus-for-yara-testing/

#yara,
———
@islemolecule_source

How to Leverage Internal Proxies for Lateral Movement, Firewall Evasion, and Trust Exploitation

https://practicalsecurityanalytics.com/how-to-leverage-internal-proxies-for-lateral-movement-firewall-evasion-and-trust-exploitation

#red_team ,#lateral_movemnt
--------
@islemolecule_source

al-khaser is a PoC "malware" application with good intentions that aims to stress your anti-malware system.

Link


#malware_analysis #malware_dev

-----
@islemolecule_source

This is a collection of #botnet source codes, unorganized.

Link


#malware_analysis #malware_dev

------
@islemolecule_source