Where to find C malware source code
Reddit
--------
#malware_analysis #malware_dev
--------
@islemolecule_source

Linux process injection: sshd injection for credential harvesting
credits : @_xpn_ , @jm33_m0

blog.xpnsec.com/linux-proces…

jm33.me/sshd-injection-and-p…

#process_injection ,
———
@islemolecule_source

VBA: having fun with macros, overwritten pointers & R/W/X memory
credit : @AdeptsOf0xCC

https://adepts.of0x.cc/vba-hijack-pointers-rwa/

#macro , #VBA , #shellcode
———
@islemolecule_source

Oh, cool! Looks like VT supports logical operators with VTGrep, so you can almost do yara searches in an indexed (read: fast) way.
e.g.

#tweet

When helping with mquery development I wrote a small converter that takes in a Yara rule and produces a simple byte-based query as output: https://github.com/CERT-Polska/mquery/blob/master/src/lib/yaraparse.py

You could probably modify it a bit to create queries compatible with VT content search
#tweet

VT Intelligence Cheat Sheet

https://blog.virustotal.com/2022/12/vt-intelligence-cheat-sheet.html

#VT

[Infographic] High-level diagram showcasing Microsoft Defender for Cloud’s
https://raw.githubusercontent.com/JadKaraki/M365ZeroTrust/main/Defender%20for%20Cloud%20Diagram.jpg

Credit: Jad Karaki

#windows_defender
———
@islemolecule_source

OSINTBuddy - The Open-Source Alternative to Maltego ! Node graphs, OSINT data mining, and plugins. Connect unstructured and public data for transformative insights.

https://github.com/jerlendds/osintbuddy

#reversing
"Exploiting Reversing (ER) series: Article 01", rev.A, April 2023.

]-> ER: article 02 (2024, .pdf):
https://exploitreversing.files.wordpress.com/2024/01/exploit_reversing_02.pdf

Medusa Ransomware

https://unit42.paloaltonetworks.com/medusa-ransomware-escalation-new-leak-site

#malware_dev #malware_analysis
---------
@islemolecule_source

https://github.com/cxiao/rust-malware-gallery

Rust Malware Sample Gallery
#github
@islemolecule_source

Here you will find various Documents on many different aspects of Windows Internals, Source Level Documentation and General References

Link

#windows
#internals

@islemolecule_source

Windows security operation bypass (AMSI Bypass and Testing Credential Guard)

Link

#windows
#internals

@islemolecule_source

a repo to help researchers track Telegram-based C2 comms used by malware authors
credit : @Kostastsale

Check it out: https://github.com/tsale/TeleTracker

Features:
- Send messages to the channel
- Delete all messages from the channel
- Collect info from bot channels and the usernames behind them
- Monitor for new messages to the channel by other bots or users
- Spam the channel with a specific message

#c2
———
@islemolecule_source

David Bombal's recent podcast guest was Mr. Stephen Sims and had a great conversation about how to make money and grow in cyber security. Considering that he is an author, he has presented in conferences , he is a lecturer and he is also active in the field of exploit development, good points can be taken from his words.

To generate income, mention these three points:
- Contrary
- Bug Bounty (Web, but mainly talking about binary exploits)
- Providing professional services such as consulting and penetration testing

Also, some tips to get from point 0 to a good place.
Link


I steal it from @onhex_ir 😁

@islemolecule_source