Here you will find various Documents on many different aspects of Windows Internals, Source Level Documentation and General References

Link

#windows
#internals

@islemolecule_source

Windows security operation bypass (AMSI Bypass and Testing Credential Guard)

Link

#windows
#internals

@islemolecule_source

a repo to help researchers track Telegram-based C2 comms used by malware authors
credit : @Kostastsale

Check it out: https://github.com/tsale/TeleTracker

Features:
- Send messages to the channel
- Delete all messages from the channel
- Collect info from bot channels and the usernames behind them
- Monitor for new messages to the channel by other bots or users
- Spam the channel with a specific message

#c2
———
@islemolecule_source

David Bombal's recent podcast guest was Mr. Stephen Sims and had a great conversation about how to make money and grow in cyber security. Considering that he is an author, he has presented in conferences , he is a lecturer and he is also active in the field of exploit development, good points can be taken from his words.

To generate income, mention these three points:
- Contrary
- Bug Bounty (Web, but mainly talking about binary exploits)
- Providing professional services such as consulting and penetration testing

Also, some tips to get from point 0 to a good place.
Link


I steal it from @onhex_ir 😁

@islemolecule_source

Kapellas_mte1604.pdf

A Thesis in Malware Development
Antonios Kapellas

#malware_dev
@islemolecule_source

Malware Development: Writing a C++ dropper

Link

#malware_dev
@islemolecule_source

Notes on The Art of Malware Development

Link

#malware_dev
@islemolecule_source

About
Framework for building Windows malware, written in C++
Link

#malware_dev
@islemolecule_source

Fundamentals of Malware Development

Link

#malware_dev
@islemolecule_source

Pentester notebook:Malware Development
Link

#malware_dev
@islemolecule_source

Malware Development for Dummies

Link

#malware_dev
@islemolecule_source

Nim on the Attack: Process Injection Using Nim and the Windows API
Link

#malware_dev
@islemolecule_source

My programming setup
My complete development and hacking setup.

Link

#malware_dev
———
@islemolecule_source

Is remote code execution in UEFI firmware possible?
Yes it is.
Meet #PixieFAIL: 9 vulnerabilities in the IPv6 stack of EDK II, the open source UEFI implementation used by billions of computers.
credit : @fdfalcon & @4Dgifts

https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html

———
@islemolecule_source

Amazing tool for anyone interested in mobile & malware security…

kaspersky has released iShutdown, a collection of Python noscripts that can detect various strains of iOS #spyware, such as #Pegasus, #Predator, and #Reign.

https://github.com/KasperskyLab/iShutdown

#tool
———
@islemolecule_source

Fetching passwords from the chrome browser database in powershell :)

credit : @0gtweet

———
@islemolecule_source

Malware repository
Link

#malware_analysis
@islemolecule_source

Understanding x86_64 Paging

Link

#internals
#windows
------
@islemolecule_source

Microsoft has observed a subset of Iran-based threat actor Mint Sandstorm (PHOSPHORUS) employing new TTPs to improve initial access, defense evasion, and persistence in campaigns targeting individuals at universities and research orgs.


https://www.microsoft.com/en-us/security/blog/2024/01/17/new-ttps-observed-in-mint-sandstorm-campaign-targeting-high-profile-individuals-at-universities-and-research-orgs/

#TTP , #red_team
———
@islemolecule_source

Elevate process privileges to the System or Trustedinstaller

Link

#malware_dev
#windows
-------
@islemolecule_source