#Malware_analysis
"Exploring Infostealer Malware Techniques on Automotive Head Units", 2024.

" Security is a process, not a product. Nor a language "
Rust can help make software secure – but it's no cure-all

Memory-safety flaws represent the majority of high-severity problems for Google and Microsoft, but they're not necessarily associated with the majority of vulnerabilities that actually get exploited.
So while coding with Rust can help reduce memory safety vulnerabilities, it won't fix everything.

https://www.theregister.com/2024/02/08/rust_software_memory_safety/

Urgent Security Alert! Hackers Hijacked Notepad++ Plugin
https://gbhackers.com/hackers-hijacked-notepad-plugin-to-execute-malicious-code/

“Intel® 64 and IA-32 Architectures
Software Developer’s Manual
Combined Volumes:
1, 2A, 2B, 2C, 2D, 3A, 3B, 3C, 3D, and 4”


Intel manual

Solutions of xchg rax,rax

Telegram RCE


🆘🆘🆘ATTENTION 🆘🆘🆘

URGENTLY DISABLE AUTOLOADING MEDIA ON ALL DEVICES WHERE THE TELEGRAM DESKTOP IS INSTALLED

🆘🆘NOT A TRAINING ALARM 🆘🆘

Settings - Advanced settings - In personal chats, groups, channels, DISABLE ALL CHECKS IN ALL AUTOLOAD MEDIA ITEMS

Found rce is played through the video player in Telegram. Therefore, the safest solution is to disable auto-downloading of files.

Information about the exploit itself is currently known only in narrow circles


https://vimeo.com/932147196


@Bl4nk_Room

ASSESSING AND EXPLOITING CONTROL SYSTEM AND IIOT (2020)

Blackhat USA 2020


https://www.blackhat.com/us-20/training/schedule/listing.html#assessing-and-exploiting-control-system-and-iiot-19234

"Windows Address Translation Deep Dive – Part 1"
First of all, we need to go back to the past – the 16-bit era – and take a look at memory segmentation. A feature which still exists today on modern processors but is thankfully ignored on x64 processors when operating in long mode. Although, before we take a look at that, it’s important to recognise that there are three fundamental memory models: physical, flat (sometimes called linear) and segmented. Along with this, there are three modes of operation which the processor can be in: real mode, protected mode and system management mode (SMM)

Differences in Memory Models
Differences in Modes :
+Real Mode
+Protected Mode
Privilege Levels
Paging and Segmentation

https://bsodtutorials.wordpress.com/2021/06/14/windows-address-translation-deep-dive-part-1/

" Windows Address Translation Deep Dive – Part 2 "
In the first part of this post series, we looked at how segmentation worked and how a virtual address (linear address) was constructed. This part we will exploring how our linear address is translated by the memory management unit (MMU) to a physical address and the structures which Windows uses to manage this process.

https://bsodtutorials.wordpress.com/2024/04/05/windows-address-translation-deep-dive-part-2/

VMProtect Analysis
https://shhoya.github.io/vmp_vmpintro.html#0x01-requirements

VMP Mutation API Fix

https://github.com/Shhoya/MutantKiller.git

Beginner guide to game hacking (Guidedhacking)
Link

How to Unpack VMProtect Tutorial - no virtualization
Link

A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust

https://github.com/Karkas66/CelestialSpark

OALABS Research
Lumma Stealer Obfuscation
https://research.openanalysis.net/lumma/obfuscation/cff/ida/2024/04/07/lumma-cff.html

🏭 We've tested the new RCE in Microsoft Outlook (CVE-2024-21378) in a production environment and confirm it works well!

A brief instruction for red teams:

1. Compile our enhanced DLL;
2. Use NetSPI's ruler and wait!

No back connect required!

🔥 📐📏