Abuse_public_PEF.pdf
2.6 MB
Threat Intelligence of
Abused Public Post-Exploitation Frameworks
credit : https://jsac.jpcert.or.jp/index.html
Abused Public Post-Exploitation Frameworks
credit : https://jsac.jpcert.or.jp/index.html
❤2👍2
Analyzing Modern Malware Techniques series
[ 1 ] Fileless Malware - A self loading technique
[ 2 ] A case of Powershell, Excel 4 Macros and VB6 (part 1 of 2)
[ 3 ] A case of Powershell, Excel 4 Macros and VB6 (part 2 of 2)
[ 4 ] I’m afraid of no packer
#old_but_gold
———
@islemolecule_source
[ 1 ] Fileless Malware - A self loading technique
[ 2 ] A case of Powershell, Excel 4 Macros and VB6 (part 1 of 2)
[ 3 ] A case of Powershell, Excel 4 Macros and VB6 (part 2 of 2)
[ 4 ] I’m afraid of no packer
#old_but_gold
———
@islemolecule_source
👍2
Living Off The Land Binaries, Scripts and Libraries
Windows binary used for handling certificates
🔗
https://lolbas-project.github.io/lolbas/Binaries/Certutil/
#malware_dev , #LoLBins
———
@islemolecule_source
Windows binary used for handling certificates
🔗
https://lolbas-project.github.io/lolbas/Binaries/Certutil/
#malware_dev , #LoLBins
———
@islemolecule_source
👍2
What are LOLBins and How Can They be Used Maliciously?
https://www.securityhq.com/blog/security-101-lolbins-malware-exploitation/
#malware_dev , #LoLBins , #CA
———
@islemolecule_source
https://www.securityhq.com/blog/security-101-lolbins-malware-exploitation/
#malware_dev , #LoLBins , #CA
———
@islemolecule_source
👍2
Leaks and Revelations: A Web of IRGC Networks and Cyber Companies
https://www.recordedfuture.com/leaks-and-revelations-irgc-networks-cyber-companies
https://www.recordedfuture.com/leaks-and-revelations-irgc-networks-cyber-companies
👍2
Forwarded from vx-underground
Microsoft has announced their plan to retire WMIC. It will be replaced with an alternative in Powershell.
WMI will still be accessible with COM API
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/wmi-command-line-wmic-utility-deprecation-next-steps/ba-p/4039242
WMI will still be accessible with COM API
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/wmi-command-line-wmic-utility-deprecation-next-steps/ba-p/4039242
TECHCOMMUNITY.MICROSOFT.COM
WMI command line (WMIC) utility deprecation: Next steps | Windows IT Pro blog
Get ready for the next step in WMIC deprecation: this feature on demand will be disabled by default soon.
👍1
Understanding Windows x64 Assembly
credit : @therealdreg
https://sonictk.github.io/asm_tutorial/
#windows_internls , #assembly ,
———
@islemolecule_source
credit : @therealdreg
https://sonictk.github.io/asm_tutorial/
#windows_internls , #assembly ,
———
@islemolecule_source
👍2👌2
👍3
Recreate undocumented structure using local types in ida pro
Link
#reverse
#malware_analysis
———
@islemolecule_source
Link
#reverse
#malware_analysis
———
@islemolecule_source
YouTube
Recreating Undocumented Structures Using Local Types in IDA Pro
MOST VIDEOS ARE UNDER THE LIVE SECTION!
In this video we look at how to recreate an undocumented structure that we've identified in a Microsoft Library. Specifically, in a prior video:
https://www.youtube.com/live/xFglo9w_dVQ?si=TXQWREqyRsii9j6s
...we…
In this video we look at how to recreate an undocumented structure that we've identified in a Microsoft Library. Specifically, in a prior video:
https://www.youtube.com/live/xFglo9w_dVQ?si=TXQWREqyRsii9j6s
...we…
👍4
HyperDbg v0.8 is released!
# [0.8.0.0] - 2024-01-28
New release of the HyperDbg Debugger thanks to @Mattiwatti.
# Changed
- Fix miscalculating MTRRs in 13th gen processors
# Added
- The !mode event command is added to detect kernel-to-user and user-to-kernel transitions
https://docs.hyperdbg.org/commands/extension-commands/mode
- The 'preactivate' command is added to support initializing special functionalities in the Debugger Mode
https://docs.hyperdbg.org/commands/debugging-commands/preactivate
———
@islemolecule_source
# [0.8.0.0] - 2024-01-28
New release of the HyperDbg Debugger thanks to @Mattiwatti.
# Changed
- Fix miscalculating MTRRs in 13th gen processors
# Added
- The !mode event command is added to detect kernel-to-user and user-to-kernel transitions
https://docs.hyperdbg.org/commands/extension-commands/mode
- The 'preactivate' command is added to support initializing special functionalities in the Debugger Mode
https://docs.hyperdbg.org/commands/debugging-commands/preactivate
———
@islemolecule_source
👍3🕊2❤1
🔥5
🔥2
Improving the Landscape and Messaging of Offensive Tooling and Techniques
Part 1
Improving our social media conduct
Part 2
Offensive Tool and Technique Releases
credit : @mattifestation
video :
https://www.youtube.com/watch?v=u00JCQxUAY0
slides :
next post 👇🏻( or use this link )
#job_offers , #old_but_gold
———
@islemolecule_source
Part 1
Improving our social media conduct
Part 2
Offensive Tool and Technique Releases
credit : @mattifestation
video :
https://www.youtube.com/watch?v=u00JCQxUAY0
slides :
next post 👇🏻
#job_offers , #old_but_gold
———
@islemolecule_source
👍2
Source Byte pinned «browser-exploition resources Link_1 Link_2 Link_3 #browser #pwn ——— @islemolecule_source»
Proof of concept code for thread pool based process injection in Windows.
Link
#malware_dev
———
@islemolecule_source
Link
#malware_dev
———
@islemolecule_source
👍4
Forwarded from vx-underground
👍3