Forwarded from vx-underground
tl;dr archived stuff, see link below
Earlier today a GitHub noscriptd "I-S00N" leaked supposedly sensitive Chinese government data - specifically related to offensive cyber security.
The initial discovery, and documentation of the documents, derive from AzakaSekai_. We have archived his research and notes on the material.
It should be noted that they *probably have not covered the material in totality and more information can be expected to be released in the following days from either Azaka, or other Cyber Threat Intelligence experts familiar with Chinese state-sponsored activity.
Furthermore, the materials are written in Mandarin. We have made no attempt to translate the material to English and we do not speak Mandarin, hence we cannot provide any opinion or speculation on the material. We will leave that painstaking task to individuals who speak Mandarin, or people who feel like trying to translate the documents accurately.
What an exciting start to the week:)
You can view the archived materials here: https://vx-underground.org/APTs/2024/2024.02.18%20-%20Summary%20of%20I-S00N%20leaks
Earlier today a GitHub noscriptd "I-S00N" leaked supposedly sensitive Chinese government data - specifically related to offensive cyber security.
The initial discovery, and documentation of the documents, derive from AzakaSekai_. We have archived his research and notes on the material.
It should be noted that they *probably have not covered the material in totality and more information can be expected to be released in the following days from either Azaka, or other Cyber Threat Intelligence experts familiar with Chinese state-sponsored activity.
Furthermore, the materials are written in Mandarin. We have made no attempt to translate the material to English and we do not speak Mandarin, hence we cannot provide any opinion or speculation on the material. We will leave that painstaking task to individuals who speak Mandarin, or people who feel like trying to translate the documents accurately.
What an exciting start to the week:)
You can view the archived materials here: https://vx-underground.org/APTs/2024/2024.02.18%20-%20Summary%20of%20I-S00N%20leaks
Vx Underground
The largest collection of malware source code, samples, and papers on the internet.
👍1
Comparing Anti-Cheat Bypass and EDR Bypass
https://whiteknightlabs.com/2024/02/09/a-technical-deep-dive-comparing-anti-cheat-bypass-and-edr-bypass
https://whiteknightlabs.com/2024/02/09/a-technical-deep-dive-comparing-anti-cheat-bypass-and-edr-bypass
👍2
JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 1
https://www.asset-intertech.com/resources/blog/2024/01/jtag-debug-of-windows-hyper-v-secure-kernel-with-windbg-and-exdi-part-1/
#window_internals , #hyper_v
---------
@islemolecule_source
https://www.asset-intertech.com/resources/blog/2024/01/jtag-debug-of-windows-hyper-v-secure-kernel-with-windbg-and-exdi-part-1/
#window_internals , #hyper_v
---------
@islemolecule_source
👍2
This media is not supported in your browser
VIEW IN TELEGRAM
C developers show-off their skills:
🔥11
Windows Security Internals.pdf
6.1 MB
Windows Security Internals: A Deep Dive into Windows Authentication, Authorization, and Auditing by James Forshaw, 2024 (Early Access 2023)
#books
---------
@islemolecule_source
#books
---------
@islemolecule_source
❤6👍1
Mastering the Art of Bypassing Windows UAC.
Link
#malware_dev
#offensive
---------
@islemolecule_source
Link
#malware_dev
#offensive
---------
@islemolecule_source
👍3
According to New Iran GOV data leakage now phishing is upgrading to new level 😐
Translate :
Let me tell you how deep the catastrophe is:
Today in a group chat of
fishingers we were having conference if we can extract
the phone numbers,so we can
send Eblagh message directly
to them.(Eblagh: a message
that police sends you to
summon you in some station
or to anser some questions in
a website).
These datas that has been leaked contains full
information of people including their address, identity, phone number and etc. We a group of 10 people are working on creating a large database and a fake Eblagh site.
It is not like prior times since we have more data of targets they would trust fake site.
I promise in next week we will hit dozens of targets and for each 1000 folks , 900 will fall into trap and their credit card will be empty in a twinkle an eye...
Thanks "Gypsy Boy" for translation 🙌
Translate :
Let me tell you how deep the catastrophe is:
Today in a group chat of
fishingers we were having conference if we can extract
the phone numbers,so we can
send Eblagh message directly
to them.(Eblagh: a message
that police sends you to
summon you in some station
or to anser some questions in
a website).
These datas that has been leaked contains full
information of people including their address, identity, phone number and etc. We a group of 10 people are working on creating a large database and a fake Eblagh site.
It is not like prior times since we have more data of targets they would trust fake site.
I promise in next week we will hit dozens of targets and for each 1000 folks , 900 will fall into trap and their credit card will be empty in a twinkle an eye...
Thanks "Gypsy Boy" for translation 🙌
❤5🤣1👾1
Forwarded from vx-underground
We've updated the vx-underground Windows malware paper collection
- 2024-01-24 - How to perform a Complete Process Hollowing
- 2024-02-02 - Bypassing EDRs With EDR-Preloading
- 2024-02-16 - Beyond Process and Object Callbacks - An Unconventional Method
- 2024-01-24 - How to perform a Complete Process Hollowing
- 2024-02-02 - Bypassing EDRs With EDR-Preloading
- 2024-02-16 - Beyond Process and Object Callbacks - An Unconventional Method
❤6👍2
❤4
VMProtect_Ultimate_Retail_Licensed.7z
194.6 MB
VMProtect Ultimate v3.8.4_1754 Licensed & VMProtect Ultimate v3.8.6 Unlicensed
#protector
---------
@islemolecule_source
#protector
---------
@islemolecule_source
❤6
Media is too big
VIEW IN TELEGRAM
📹 Getting Started with Detect-It-Easy (DIE): Investigating a Stealer
👤 Dr Josh Stroschein - The Cyber Yeti
https://youtu.be/FB_e1mIhykk?si=okqrcuN9HplyBA86
#malware_analysis
---------
@islemolecule_source
👤 Dr Josh Stroschein - The Cyber Yeti
https://youtu.be/FB_e1mIhykk?si=okqrcuN9HplyBA86
#malware_analysis
---------
@islemolecule_source
❤6👍1
❤6
❤6
Source Byte
Lessons from the iSOON Leaks https://blog.bushidotoken.net/2024/02/lessons-from-isoon-leaks.html?m=1
Twitter Public Opinion Guidance and Control System
The Twitter Tool whitepaper in the leak was used by iSOON to sell its commercial surveillance platform to the Chinese MPS for monitoring dissents. Notably, the iSOON developers also claimed to have a 1-click exploit to bypass Twitter two-factor authentication (2FA) security controls to gain control over the target’s account. This exploit was to be distributed via Twitter direct messages (DMs) in the form of URLs, which iSOON called forensic links. These forensic links can gain access to the accounts but also gather IP addresses, IP locations, device type, and browser version....
The Twitter Tool whitepaper in the leak was used by iSOON to sell its commercial surveillance platform to the Chinese MPS for monitoring dissents. Notably, the iSOON developers also claimed to have a 1-click exploit to bypass Twitter two-factor authentication (2FA) security controls to gain control over the target’s account. This exploit was to be distributed via Twitter direct messages (DMs) in the form of URLs, which iSOON called forensic links. These forensic links can gain access to the accounts but also gather IP addresses, IP locations, device type, and browser version....
🔥4
❤3
_Modern_Initial_Access_and_Evasion_Tactics
https://www.x33fcon.com/slides/x33fcon23_-_Mariusz_Banach_-_Modern_Initial_Access_and_Evasion_Tactics.pdf
---------
@islemolecule_source
https://www.x33fcon.com/slides/x33fcon23_-_Mariusz_Banach_-_Modern_Initial_Access_and_Evasion_Tactics.pdf
---------
@islemolecule_source
❤5🥰1
_Build_Your_Own_Tools_For_Fun_And_Profit
https://www.x33fcon.com/slides/x33fcon22_-_Cas_van_Cooten_-_BYOT_-_Build_Your_Own_Tools_For_Fun_And_Profit.pdf
---------
@islemolecule_source
https://www.x33fcon.com/slides/x33fcon22_-_Cas_van_Cooten_-_BYOT_-_Build_Your_Own_Tools_For_Fun_And_Profit.pdf
---------
@islemolecule_source
❤5