antidebug.pdf

https://github.com/ThomasThelen/Anti-Debugging?tab=readme-ov-file

#reverse
#malware_analysis

@islemolecule_source

Source:
Handle-Ripper(Handle hijacking)
Link


#malware_dev
@islemolecule_source

nope
answer is windows

#CVE-2023-36003 (#Windows #LPE XAML diagnostics API)

Blog: https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/

PoC: https://github.com/m417z/CVE-2023-36003-POC

Fortinet Series

[ 1 ] Analysis of CVE-2022–40684

[ 2 ] Fortinet Series 2 — Analysis of SSLVPN exploit (CVE-2022–42475)

[ 3 ] Fortinet Series 3 — CVE-2022–42475 SSLVPN exploit strategy

#analysis ,
———
@islemolecule_source

VMProtect Source Code (Leaked 07.12.2023)

https://github.com/jmpoep/vmprotect-3.5.1


#vmp #protector
@islemolecule_source

Building a labeled malware corpus for YARA testing
credit : Steve Miller

https://stairwell.com/resources/quick-n-dirty-detection-research-building-a-labeled-malware-corpus-for-yara-testing/

#yara,
———
@islemolecule_source

How to Leverage Internal Proxies for Lateral Movement, Firewall Evasion, and Trust Exploitation

https://practicalsecurityanalytics.com/how-to-leverage-internal-proxies-for-lateral-movement-firewall-evasion-and-trust-exploitation

#red_team ,#lateral_movemnt
--------
@islemolecule_source

al-khaser is a PoC "malware" application with good intentions that aims to stress your anti-malware system.

Link


#malware_analysis #malware_dev

-----
@islemolecule_source

This is a collection of #botnet source codes, unorganized.

Link


#malware_analysis #malware_dev

------
@islemolecule_source

ghost is a light RAT ( malware source code)

Link

#malware_analysis #malware_dev


@islemolecule_source

malware-sample-library
Link

#malware_analysis #malware_dev
--------
@islemolecule_source

Where to find C malware source code
Reddit
--------
#malware_analysis #malware_dev
--------
@islemolecule_source

Linux process injection: sshd injection for credential harvesting
credits : @_xpn_ , @jm33_m0

blog.xpnsec.com/linux-proces…

jm33.me/sshd-injection-and-p…

#process_injection ,
———
@islemolecule_source

VBA: having fun with macros, overwritten pointers & R/W/X memory
credit : @AdeptsOf0xCC

https://adepts.of0x.cc/vba-hijack-pointers-rwa/

#macro , #VBA , #shellcode
———
@islemolecule_source

Oh, cool! Looks like VT supports logical operators with VTGrep, so you can almost do yara searches in an indexed (read: fast) way.
e.g.

#tweet

When helping with mquery development I wrote a small converter that takes in a Yara rule and produces a simple byte-based query as output: https://github.com/CERT-Polska/mquery/blob/master/src/lib/yaraparse.py

You could probably modify it a bit to create queries compatible with VT content search
#tweet

VT Intelligence Cheat Sheet

https://blog.virustotal.com/2022/12/vt-intelligence-cheat-sheet.html

#VT

[Infographic] High-level diagram showcasing Microsoft Defender for Cloud’s
https://raw.githubusercontent.com/JadKaraki/M365ZeroTrust/main/Defender%20for%20Cloud%20Diagram.jpg

Credit: Jad Karaki

#windows_defender
———
@islemolecule_source