😁1
collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net
Link
Link
[ 1 ] From a Windows driver to a fully functionnal driver.
In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR.
https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
[ 2 ] internal mecanisms of EDR's :
https://www.youtube.com/watch?v=yacpjV6kWpM&t=387s
[ 3 ] MyDumbEDR ( written in C )
https://github.com/sensepost/mydumbedr
———
@islemolecule_source
In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR.
https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
[ 2 ] internal mecanisms of EDR's :
https://www.youtube.com/watch?v=yacpjV6kWpM&t=387s
[ 3 ] MyDumbEDR ( written in C )
https://github.com/sensepost/mydumbedr
———
@islemolecule_source
👍2
Source Byte
[ 1 ] From a Windows driver to a fully functionnal driver. In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR. https://sen…
This media is not supported in your browser
VIEW IN TELEGRAM
Creating hidden registry key using NtSetValueKey and by adding a null byte in front of the UNICODE_STRING key valuename.
👍2
Forwarded from vx-underground
1. AnyDesk compromised. BleepinComputer confirmed with AnyDesk that source code and private code signing keys were stolen
2. Google search is removing cache links :(
3. Serial swatter Torswats arrested
4. CyberAv3ngers is tied to the Iranian government
2. Google search is removing cache links :(
3. Serial swatter Torswats arrested
4. CyberAv3ngers is tied to the Iranian government
👍2