Malware research community repo
https://github.com/Malware-Research/Resources
#malware_analysis
____
@islemolecule_source
https://github.com/Malware-Research/Resources
#malware_analysis
____
@islemolecule_source
GitHub
GitHub - Malware-Research/Resources: Collection of resources that are made by the Malware Research community
Collection of resources that are made by the Malware Research community - Malware-Research/Resources
🔥2
Forwarded from Source Byte (Anastasia 🐞)
[ 1 ] From a Windows driver to a fully functionnal driver.
In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR.
https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
[ 2 ] internal mecanisms of EDR's :
https://www.youtube.com/watch?v=yacpjV6kWpM&t=387s
[ 3 ] MyDumbEDR ( written in C )
https://github.com/sensepost/mydumbedr
———
@islemolecule_source
In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR.
https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
[ 2 ] internal mecanisms of EDR's :
https://www.youtube.com/watch?v=yacpjV6kWpM&t=387s
[ 3 ] MyDumbEDR ( written in C )
https://github.com/sensepost/mydumbedr
———
@islemolecule_source
❤5
The comprehensive HyperDbg training course published on YouTube. It is definitely much better to register on OpenSecurityTrainings website and follow the course there because there are a series of labs and additional instructions on their website:
https://ost2.fyi/Dbg3301
Here is the YouTube playlist link:
https://www.youtube.com/watch?v=RDlp0PCFgxI&list=PLUFkSN0XLZ-kF1f143wlw8ujlH2A45nZY
Slides link:
https://gitlab.com/opensecuritytraining/dbg3301_hyperdbg_slides_and_files
If you have any feedback, I will be happy to share it with you. 🙏
(sina ✍)
https://ost2.fyi/Dbg3301
Here is the YouTube playlist link:
https://www.youtube.com/watch?v=RDlp0PCFgxI&list=PLUFkSN0XLZ-kF1f143wlw8ujlH2A45nZY
Slides link:
https://gitlab.com/opensecuritytraining/dbg3301_hyperdbg_slides_and_files
If you have any feedback, I will be happy to share it with you. 🙏
(sina ✍)
❤5
Forwarded from vx-underground
tl;dr archived stuff, see link below
Earlier today a GitHub noscriptd "I-S00N" leaked supposedly sensitive Chinese government data - specifically related to offensive cyber security.
The initial discovery, and documentation of the documents, derive from AzakaSekai_. We have archived his research and notes on the material.
It should be noted that they *probably have not covered the material in totality and more information can be expected to be released in the following days from either Azaka, or other Cyber Threat Intelligence experts familiar with Chinese state-sponsored activity.
Furthermore, the materials are written in Mandarin. We have made no attempt to translate the material to English and we do not speak Mandarin, hence we cannot provide any opinion or speculation on the material. We will leave that painstaking task to individuals who speak Mandarin, or people who feel like trying to translate the documents accurately.
What an exciting start to the week:)
You can view the archived materials here: https://vx-underground.org/APTs/2024/2024.02.18%20-%20Summary%20of%20I-S00N%20leaks
Earlier today a GitHub noscriptd "I-S00N" leaked supposedly sensitive Chinese government data - specifically related to offensive cyber security.
The initial discovery, and documentation of the documents, derive from AzakaSekai_. We have archived his research and notes on the material.
It should be noted that they *probably have not covered the material in totality and more information can be expected to be released in the following days from either Azaka, or other Cyber Threat Intelligence experts familiar with Chinese state-sponsored activity.
Furthermore, the materials are written in Mandarin. We have made no attempt to translate the material to English and we do not speak Mandarin, hence we cannot provide any opinion or speculation on the material. We will leave that painstaking task to individuals who speak Mandarin, or people who feel like trying to translate the documents accurately.
What an exciting start to the week:)
You can view the archived materials here: https://vx-underground.org/APTs/2024/2024.02.18%20-%20Summary%20of%20I-S00N%20leaks
Vx Underground
The largest collection of malware source code, samples, and papers on the internet.
👍1
Comparing Anti-Cheat Bypass and EDR Bypass
https://whiteknightlabs.com/2024/02/09/a-technical-deep-dive-comparing-anti-cheat-bypass-and-edr-bypass
https://whiteknightlabs.com/2024/02/09/a-technical-deep-dive-comparing-anti-cheat-bypass-and-edr-bypass
👍2
JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 1
https://www.asset-intertech.com/resources/blog/2024/01/jtag-debug-of-windows-hyper-v-secure-kernel-with-windbg-and-exdi-part-1/
#window_internals , #hyper_v
---------
@islemolecule_source
https://www.asset-intertech.com/resources/blog/2024/01/jtag-debug-of-windows-hyper-v-secure-kernel-with-windbg-and-exdi-part-1/
#window_internals , #hyper_v
---------
@islemolecule_source
👍2
This media is not supported in your browser
VIEW IN TELEGRAM
C developers show-off their skills:
🔥11
Windows Security Internals.pdf
6.1 MB
Windows Security Internals: A Deep Dive into Windows Authentication, Authorization, and Auditing by James Forshaw, 2024 (Early Access 2023)
#books
---------
@islemolecule_source
#books
---------
@islemolecule_source
❤6👍1
Mastering the Art of Bypassing Windows UAC.
Link
#malware_dev
#offensive
---------
@islemolecule_source
Link
#malware_dev
#offensive
---------
@islemolecule_source
👍3
According to New Iran GOV data leakage now phishing is upgrading to new level 😐
Translate :
Let me tell you how deep the catastrophe is:
Today in a group chat of
fishingers we were having conference if we can extract
the phone numbers,so we can
send Eblagh message directly
to them.(Eblagh: a message
that police sends you to
summon you in some station
or to anser some questions in
a website).
These datas that has been leaked contains full
information of people including their address, identity, phone number and etc. We a group of 10 people are working on creating a large database and a fake Eblagh site.
It is not like prior times since we have more data of targets they would trust fake site.
I promise in next week we will hit dozens of targets and for each 1000 folks , 900 will fall into trap and their credit card will be empty in a twinkle an eye...
Thanks "Gypsy Boy" for translation 🙌
Translate :
Let me tell you how deep the catastrophe is:
Today in a group chat of
fishingers we were having conference if we can extract
the phone numbers,so we can
send Eblagh message directly
to them.(Eblagh: a message
that police sends you to
summon you in some station
or to anser some questions in
a website).
These datas that has been leaked contains full
information of people including their address, identity, phone number and etc. We a group of 10 people are working on creating a large database and a fake Eblagh site.
It is not like prior times since we have more data of targets they would trust fake site.
I promise in next week we will hit dozens of targets and for each 1000 folks , 900 will fall into trap and their credit card will be empty in a twinkle an eye...
Thanks "Gypsy Boy" for translation 🙌
❤5🤣1👾1
Forwarded from vx-underground
We've updated the vx-underground Windows malware paper collection
- 2024-01-24 - How to perform a Complete Process Hollowing
- 2024-02-02 - Bypassing EDRs With EDR-Preloading
- 2024-02-16 - Beyond Process and Object Callbacks - An Unconventional Method
- 2024-01-24 - How to perform a Complete Process Hollowing
- 2024-02-02 - Bypassing EDRs With EDR-Preloading
- 2024-02-16 - Beyond Process and Object Callbacks - An Unconventional Method
❤6👍2
❤4
VMProtect_Ultimate_Retail_Licensed.7z
194.6 MB
VMProtect Ultimate v3.8.4_1754 Licensed & VMProtect Ultimate v3.8.6 Unlicensed
#protector
---------
@islemolecule_source
#protector
---------
@islemolecule_source
❤6
Media is too big
VIEW IN TELEGRAM
📹 Getting Started with Detect-It-Easy (DIE): Investigating a Stealer
👤 Dr Josh Stroschein - The Cyber Yeti
https://youtu.be/FB_e1mIhykk?si=okqrcuN9HplyBA86
#malware_analysis
---------
@islemolecule_source
👤 Dr Josh Stroschein - The Cyber Yeti
https://youtu.be/FB_e1mIhykk?si=okqrcuN9HplyBA86
#malware_analysis
---------
@islemolecule_source
❤6👍1
❤6
❤6