Nim on the Attack: Process Injection Using Nim and the Windows API
Link
#malware_dev
@islemolecule_source
Link
#malware_dev
@islemolecule_source
My programming setup
My complete development and hacking setup.
Link
#malware_dev
———
@islemolecule_source
Link
#malware_dev
———
@islemolecule_source
Is remote code execution in UEFI firmware possible?
Yes it is.
Meet #PixieFAIL: 9 vulnerabilities in the IPv6 stack of EDK II, the open source UEFI implementation used by billions of computers.
credit : @fdfalcon & @4Dgifts
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
———
@islemolecule_source
Yes it is.
Meet #PixieFAIL: 9 vulnerabilities in the IPv6 stack of EDK II, the open source UEFI implementation used by billions of computers.
credit : @fdfalcon & @4Dgifts
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
———
@islemolecule_source
Amazing tool for anyone interested in mobile & malware security…
kaspersky has released iShutdown, a collection of Python noscripts that can detect various strains of iOS #spyware, such as #Pegasus, #Predator, and #Reign.
https://github.com/KasperskyLab/iShutdown
#tool
———
@islemolecule_source
kaspersky has released iShutdown, a collection of Python noscripts that can detect various strains of iOS #spyware, such as #Pegasus, #Predator, and #Reign.
https://github.com/KasperskyLab/iShutdown
#tool
———
@islemolecule_source
❤1
DumpChromePasswords.ps1
2.3 KB
Fetching passwords from the chrome browser database in powershell :)
credit : @0gtweet
———
@islemolecule_source
credit : @0gtweet
———
@islemolecule_source
Microsoft has observed a subset of Iran-based threat actor Mint Sandstorm (PHOSPHORUS) employing new TTPs to improve initial access, defense evasion, and persistence in campaigns targeting individuals at universities and research orgs.
https://www.microsoft.com/en-us/security/blog/2024/01/17/new-ttps-observed-in-mint-sandstorm-campaign-targeting-high-profile-individuals-at-universities-and-research-orgs/
#TTP , #red_team
———
@islemolecule_source
https://www.microsoft.com/en-us/security/blog/2024/01/17/new-ttps-observed-in-mint-sandstorm-campaign-targeting-high-profile-individuals-at-universities-and-research-orgs/
#TTP , #red_team
———
@islemolecule_source
Elevate process privileges to the System or Trustedinstaller
Link
#malware_dev
#windows
-------
@islemolecule_source
Link
#malware_dev
#windows
-------
@islemolecule_source
MikroTik router reverse engineering (SOHO, embedded/IoT devices)
Excellent writeup by @hgarrereyn and @__comedian
https://margin.re/2022/06/pulling-mikrotik-into-the-limelight/
Slides (RECon)
#iot ,
———
@islemolecule_source
Excellent writeup by @hgarrereyn and @__comedian
https://margin.re/2022/06/pulling-mikrotik-into-the-limelight/
Slides (RECon)
#iot ,
———
@islemolecule_source
MutationGate is a new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall.
https://github.com/senzee1984/MutationGate
#malware_dev
#edr
----
@islemolecule_source
https://github.com/senzee1984/MutationGate
#malware_dev
#edr
----
@islemolecule_source
Ghidra Binary Diffing Engine
credit: @clearseclabs
clearbluejar.github.io/posts…
———
@islemolecule_source
credit: @clearseclabs
clearbluejar.github.io/posts…
———
@islemolecule_source
Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers
https://blog.talosintelligence.com/exploring-malicious-windows-drivers-part-1-introduction-to-the-kernel-and-drivers/
#malware_dev , #windows_internals
———
@islemolecule_source
https://blog.talosintelligence.com/exploring-malicious-windows-drivers-part-1-introduction-to-the-kernel-and-drivers/
#malware_dev , #windows_internals
———
@islemolecule_source
👍2
Forwarded from UnknownHat
BlackCat(ALPHV).zip
1.6 MB
BlackCat Ransomware (ALPHV) Configuration Tool, You Just Need To Understand How This Tool Works
Note - Use RDP For Testing
Source : https://www.varonis.com/blog/blackcat-ransomware
Note - Use RDP For Testing
Source : https://www.varonis.com/blog/blackcat-ransomware
👍2