Forwarded from vx-underground
"Can a .txt file be malicious?"
Short answer: No
Long answer: Anything is possible through the power of Windows HKEY_CLASSES_ROOT
Short answer: No
Long answer: Anything is possible through the power of Windows HKEY_CLASSES_ROOT
😁4👍3👏1
Forwarded from vx-underground
vx-underground
"Can a .txt file be malicious?" Short answer: No Long answer: Anything is possible through the power of Windows HKEY_CLASSES_ROOT
tl;dr modify shell open command (default) to malicious payload with subsequent invocation of text editor + parameters. The .txt file won't be malicious, but the thing responsible for opening them will be
¯\_(ツ)_/¯
¯\_(ツ)_/¯
👏3👍2🤷1
vx-underground
"Can a .txt file be malicious?" Short answer: No Long answer: Anything is possible through the power of Windows HKEY_CLASSES_ROOT
In the simplest terms possible, this registry hive contains the necessary information for Windows to know what to do when you ask it to do something, like to view the contents of a drive, or open a certain type of file, etc.
HKEY_CLASSES_ROOT\.avi
HKEY_CLASSES_ROOT\.bmp
HKEY_CLASSES_ROOT\.exe
HKEY_CLASSES_ROOT\.html
HKEY_CLASSES_ROOT\.pdf
HKEY_CLASSES_ROOT\AudioCD
HKEY_CLASSES_ROOT\dllfile
...
Each of these keys stores information on what Windows should do when you double-click or double-tap a file with that extension in File Explorer. It might include the list of programs found in the "Open with..." section when right-clicking/tapping a file, and the path to each application listed.
For example, when you open a file called draft.rtf, WordPad might open it. The registry data that makes that happen is stored in the HKEY_CLASSES_ROOT\.rtf key, which defines WordPad as the program that should open the RTF file.
Ref: link
#malware_dev
HKEY_CLASSES_ROOT\.avi
HKEY_CLASSES_ROOT\.bmp
HKEY_CLASSES_ROOT\.exe
HKEY_CLASSES_ROOT\.html
HKEY_CLASSES_ROOT\.pdf
HKEY_CLASSES_ROOT\AudioCD
HKEY_CLASSES_ROOT\dllfile
...
Each of these keys stores information on what Windows should do when you double-click or double-tap a file with that extension in File Explorer. It might include the list of programs found in the "Open with..." section when right-clicking/tapping a file, and the path to each application listed.
For example, when you open a file called draft.rtf, WordPad might open it. The registry data that makes that happen is stored in the HKEY_CLASSES_ROOT\.rtf key, which defines WordPad as the program that should open the RTF file.
Ref: link
#malware_dev
Lifewire
What Is HKEY_CLASSES_ROOT?
HKEY_CLASSES_ROOT, or HKCR, is the registry hive that stores data about what programs open files with specific file extensions.
👍6
Source Byte
In the simplest terms possible, this registry hive contains the necessary information for Windows to know what to do when you ask it to do something, like to view the contents of a drive, or open a certain type of file, etc. HKEY_CLASSES_ROOT\.avi HKEY_…
The
If a non-administrator user attempts to write to a key under HKCR, and the key already exists under
HKEY_CLASSES_ROOT (HKCR) key in the Windows registry is a merged view of the HKEY_LOCAL_MACHINE\Software\Classes and HKEY_CURRENT_USER\Software\Classes keys. By default, only users with administrator privileges can modify the keys and values under HKCR. If a non-administrator user attempts to write to a key under HKCR, and the key already exists under
HKEY_CURRENT_USER\Software\Classes, the system will store the information there instead of under HKEY_LOCAL_MACHINE\Software\Classes. However, writing directly to HKCR typically requires administrator access because it affects system-wide settings²³.👍7
SyzRetrospector: A Large-Scale Retrospective Study of Syzbot
credit : Ardalan Amiri Sani , Zhiyun Qian
credit : Ardalan Amiri Sani , Zhiyun Qian
❤6
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Аналог
https://github.com/WKL-Sec/FuncAddressPro
#redteam #maldev #evasion
GetProcAddress, но написан на ассемблере. Гуд... https://github.com/WKL-Sec/FuncAddressPro
#redteam #maldev #evasion
GitHub
GitHub - WKL-Sec/FuncAddressPro: A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative…
A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress. - WKL-Sec/FuncAddressPro
👍2
Forwarded from .
Greybeard Qualification - Linux Internals.zip
810.7 MB
Greybeard Qualification - Linux Internals.zip
Linux network internals.zip
1.4 GB
Linux network internals.zip
Linux Kernel Development.zip
1.3 GB
Linux Kernel Development.zip
Linux Device Drivers.zip
431.6 MB
Linux Device Drivers.zip
❤9👍2
JSAC2024_2_3_sasada_hazuru_en.pdf
955.6 KB
Dark Side of VSCode
~ How Attacker Abuse VSCode as RAT ~
~ How Attacker Abuse VSCode as RAT ~
🔥4✍1😐1
winsos-poc: A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.
https://github.com/thiagopeixoto/winsos-poc.git
https://github.com/thiagopeixoto/winsos-poc.git
🔥5
UNDERSTANDING A PAYLOAD’S LIFE
Featuring Meterpreter & other guests
credit : Daniel López Jiménez
videos :
https://www.youtube.com/playlist?list=PLwb6et4T42ww1YrYGuX0KN71cw3ejG5IO
slides :
👇🏻
Featuring Meterpreter & other guests
credit : Daniel López Jiménez
videos :
https://www.youtube.com/playlist?list=PLwb6et4T42ww1YrYGuX0KN71cw3ejG5IO
slides :
👇🏻
❤7🤡2
Donex a new ransomware gang malware technical analysis
https://www.shadowstackre.com/analysis/donex
#malware_analysis
https://www.shadowstackre.com/analysis/donex
#malware_analysis
🔥6
Forwarded from AndroPX (SOS)
This media is not supported in your browser
VIEW IN TELEGRAM
Program in C
🤣21❤1🤔1