We've updated the vx-underground Windows malware paper collection

- 2024-01-24 - How to perform a Complete Process Hollowing
- 2024-02-02 - Bypassing EDRs With EDR-Preloading
- 2024-02-16 - Beyond Process and Object Callbacks - An Unconventional Method

Writing and Compiling Shellcode in C
Link


#malware_dev
#offensive

---------
@islemolecule_source

Themida Company License (Release: 3.1.8.0)

#protector

---------
@islemolecule_source

The Enigma 7.40 x86 & x64

#protector

---------
@islemolecule_source

VMProtect Ultimate v3.8.4_1754 Licensed & VMProtect Ultimate v3.8.6 Unlicensed

#protector

---------
@islemolecule_source

📹 Getting Started with Detect-It-Easy (DIE): Investigating a Stealer
👤 Dr Josh Stroschein - The Cyber Yeti

https://youtu.be/FB_e1mIhykk?si=okqrcuN9HplyBA86

#malware_analysis

---------
@islemolecule_source

Building-c2-implants-in-cpp-a-primer
Link


#c2
#malware_dev
--------
@islemolecule_source

Lessons from the iSOON Leaks



https://blog.bushidotoken.net/2024/02/lessons-from-isoon-leaks.html?m=1

Twitter Public Opinion Guidance and Control System 


The Twitter Tool whitepaper in the leak was used by iSOON to sell its commercial surveillance platform to the Chinese MPS for monitoring dissents. Notably, the iSOON developers also claimed to have a 1-click exploit to bypass Twitter two-factor authentication (2FA) security controls to gain control over the target’s account. This exploit was to be distributed via Twitter direct messages (DMs) in the form of URLs, which iSOON called forensic links. These forensic links can gain access to the accounts but also gather IP addresses, IP locations, device type, and browser version....

XAMPP Buffer Overflow
Link


#pwn
---------
@islemolecule_source

_Modern_Initial_Access_and_Evasion_Tactics



https://www.x33fcon.com/slides/x33fcon23_-_Mariusz_Banach_-_Modern_Initial_Access_and_Evasion_Tactics.pdf


---------
@islemolecule_source

_Build_Your_Own_Tools_For_Fun_And_Profit

https://www.x33fcon.com/slides/x33fcon22_-_Cas_van_Cooten_-_BYOT_-_Build_Your_Own_Tools_For_Fun_And_Profit.pdf

---------
@islemolecule_source

BlackHat_Eagle_ida_pro

---------
@islemolecule_source

Let me share the course itself :)

Samples
pass : infected

Exploiting Linux kernel cls_tcindex network traffic classifier (CVE-2023-1829) Excellent writeup by Vu Thi Lan ( @lanleft_ )


https://starlabs.sg/blog/2023/06-breaking-the-code-exploiting-and-examining-cve-2023-1829-in-cls_tcindex-classifier-vulnerability/…


#CVE_analysis ,

Deep Dive into OS Internals with Windbg
Malware and OS Internals


[ 01 ] Reversing Windows Internals
[ 02 ] Portable Executable Anatomy
[ 03 ] Data Directories of Interest
[ 04 ] Import Directory
[ 05 ] Import Address Table
[ 06 ] Export Directory
[ 07 ] Manual Walkthrough of Export Directory
[ 08 ] Process Environment Block
[ 09 ] Different methods to locate the PEB
[ 10 ] Understanding an Example Shellcode
[ 11 ] Using _PEB_LDR_DATA
[ 12 ] Using _LDR_DATA_TABLE_ENTRY
[ 13 ] Practical Example with Rustock.B Rootkit