Source Byte
"Windows Address Translation Deep Dive – Part 1" First of all, we need to go back to the past – the 16-bit era – and take a look at memory segmentation. A feature which still exists today on modern processors but is thankfully ignored on x64 processors when…
" Windows Address Translation Deep Dive – Part 2 "
In the first part of this post series, we looked at how segmentation worked and how a virtual address (linear address) was constructed. This part we will exploring how our linear address is translated by the memory management unit (MMU) to a physical address and the structures which Windows uses to manage this process.
https://bsodtutorials.wordpress.com/2024/04/05/windows-address-translation-deep-dive-part-2/
In the first part of this post series, we looked at how segmentation worked and how a virtual address (linear address) was constructed. This part we will exploring how our linear address is translated by the memory management unit (MMU) to a physical address and the structures which Windows uses to manage this process.
https://bsodtutorials.wordpress.com/2024/04/05/windows-address-translation-deep-dive-part-2/
👍4
VMProtect Analysis
https://shhoya.github.io/vmp_vmpintro.html#0x01-requirements
https://shhoya.github.io/vmp_vmpintro.html#0x01-requirements
👍4
👍3👏1
Beginner guide to game hacking (Guidedhacking)
Link
Link
👍4❤1🔥1
How to Unpack VMProtect Tutorial - no virtualization
Link
Link
👍3❤1
A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust
https://github.com/Karkas66/CelestialSpark
https://github.com/Karkas66/CelestialSpark
🔥3👍1
OALABS Research
Lumma Stealer Obfuscation
https://research.openanalysis.net/lumma/obfuscation/cff/ida/2024/04/07/lumma-cff.html
Lumma Stealer Obfuscation
https://research.openanalysis.net/lumma/obfuscation/cff/ida/2024/04/07/lumma-cff.html
👍2🔥1
Forwarded from PT SWARM
🏭 We've tested the new RCE in Microsoft Outlook (CVE-2024-21378) in a production environment and confirm it works well!
A brief instruction for red teams:
1. Compile our enhanced DLL;
2. Use NetSPI's ruler and wait!
No back connect required!
🔥 📐📏
A brief instruction for red teams:
1. Compile our enhanced DLL;
2. Use NetSPI's ruler and wait!
No back connect required!
🔥 📐📏
❤5🔥2👍1
many asks about VMProtect situation , so i decide to share
RE504 from OALabs
context :
RE504 from OALabs
context :
01 - How To Unpack VMProtect Malware - Part 1
02 - How To Unpack VMProtect Malware - Part 2
03 - How To Unpack VMProtect Malware - Part 3
04 - How To Unpack VMProtect 3 (x64) Night Sky Ransomware (final)
👍8❤1
Forwarded from Proxy Bar
CVE-2024-21378 Microsoft Outlook Remote Code Execution
*
Описание работы внутри файла
*
POC exploit
#outlook #exploit
*
Описание работы внутри файла
*
POC exploit
#outlook #exploit
👍4👎1
Forwarded from Source Byte (Anastasia 🐞)
ETW series
[ 1 ] ETW visualization
[ 2 ] Uncovering Windows Events
[ 3 ] ETW internals for security research and forensics
[ 4 ] Exploiting a “CVE-2020-1034” Vulnerability – In 35 Easy Steps or Less!
[ 5 ] Design issues of modern EDRs: bypassing ETW-based solutions
[ 6 ] A Primer On Event Tracing For Windows (ETW)
[ 7 ] Windows 10 ETW Events references collection
[ 8 ] evading EDR book [ 1 ] , [ 2 ]
[ 9 ] Detecting In-Memory Threats with Kernel ETW Call Stacks
[ 10 ] Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers
[ 11 ] A Begginers All Inclusive Guide to ETW
[ 12 ] ETW References
[ 13 ] Give Me an E, Give Me a T, Give Me a W. What Do You Get? RPC! (pars events from the RPC ETW)
[ 14 ] Attacks on ETW Blind EDR Sensors ( black hat con )
[ 15 ] This write-up will present a case study of using ETW (Event Tracing for Windows) to analyze an active Cobalt Strike Beacon that was still active and communicating to it's C2 Server.
[ 16 ] Event Tracing for Windows (ETW): Your Friendly Neighborhood IPC Mechanism
[ 17 ] Understanding ETW Patching
[ 18 ] coming soon...
———
@islemolecule_source
[ 1 ] ETW visualization
[ 2 ] Uncovering Windows Events
[ 3 ] ETW internals for security research and forensics
[ 4 ] Exploiting a “CVE-2020-1034” Vulnerability – In 35 Easy Steps or Less!
[ 5 ] Design issues of modern EDRs: bypassing ETW-based solutions
[ 6 ] A Primer On Event Tracing For Windows (ETW)
[ 7 ] Windows 10 ETW Events references collection
[ 8 ] evading EDR book [ 1 ] , [ 2 ]
[ 9 ] Detecting In-Memory Threats with Kernel ETW Call Stacks
[ 10 ] Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers
[ 11 ] A Begginers All Inclusive Guide to ETW
[ 12 ] ETW References
[ 13 ] Give Me an E, Give Me a T, Give Me a W. What Do You Get? RPC! (pars events from the RPC ETW)
[ 14 ] Attacks on ETW Blind EDR Sensors ( black hat con )
[ 15 ] This write-up will present a case study of using ETW (Event Tracing for Windows) to analyze an active Cobalt Strike Beacon that was still active and communicating to it's C2 Server.
[ 16 ] Event Tracing for Windows (ETW): Your Friendly Neighborhood IPC Mechanism
[ 17 ] Understanding ETW Patching
[ 18 ] coming soon...
———
@islemolecule_source
❤5👍2
Source Byte
ETW series [ 1 ] ETW visualization [ 2 ] Uncovering Windows Events [ 3 ] ETW internals for security research and forensics [ 4 ] Exploiting a “CVE-2020-1034” Vulnerability – In 35 Easy Steps or Less! [ 5 ] Design issues of modern EDRs: bypassing ETW…
post updated :
[ 17 ] Understanding ETW Patching added to the list
[ 17 ] Understanding ETW Patching added to the list
❤5👍2
obfus.h is a macro-only library for compile-time obfuscating C applications, designed specifically for the Tiny C (tcc). It is tailored for Windows x86 and x64 platforms and supports all versions of the compiler.
https://github.com/DosX-dev/obfus.h
https://github.com/DosX-dev/obfus.h
❤7👍3🔥1