OALABS Research
Lumma Stealer Obfuscation
https://research.openanalysis.net/lumma/obfuscation/cff/ida/2024/04/07/lumma-cff.html
Lumma Stealer Obfuscation
https://research.openanalysis.net/lumma/obfuscation/cff/ida/2024/04/07/lumma-cff.html
👍2🔥1
Forwarded from PT SWARM
🏭 We've tested the new RCE in Microsoft Outlook (CVE-2024-21378) in a production environment and confirm it works well!
A brief instruction for red teams:
1. Compile our enhanced DLL;
2. Use NetSPI's ruler and wait!
No back connect required!
🔥 📐📏
A brief instruction for red teams:
1. Compile our enhanced DLL;
2. Use NetSPI's ruler and wait!
No back connect required!
🔥 📐📏
❤5🔥2👍1
many asks about VMProtect situation , so i decide to share
RE504 from OALabs
context :
RE504 from OALabs
context :
01 - How To Unpack VMProtect Malware - Part 1
02 - How To Unpack VMProtect Malware - Part 2
03 - How To Unpack VMProtect Malware - Part 3
04 - How To Unpack VMProtect 3 (x64) Night Sky Ransomware (final)
👍8❤1
Forwarded from Proxy Bar
CVE-2024-21378 Microsoft Outlook Remote Code Execution
*
Описание работы внутри файла
*
POC exploit
#outlook #exploit
*
Описание работы внутри файла
*
POC exploit
#outlook #exploit
👍4👎1
Forwarded from Source Byte (Anastasia 🐞)
ETW series
[ 1 ] ETW visualization
[ 2 ] Uncovering Windows Events
[ 3 ] ETW internals for security research and forensics
[ 4 ] Exploiting a “CVE-2020-1034” Vulnerability – In 35 Easy Steps or Less!
[ 5 ] Design issues of modern EDRs: bypassing ETW-based solutions
[ 6 ] A Primer On Event Tracing For Windows (ETW)
[ 7 ] Windows 10 ETW Events references collection
[ 8 ] evading EDR book [ 1 ] , [ 2 ]
[ 9 ] Detecting In-Memory Threats with Kernel ETW Call Stacks
[ 10 ] Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers
[ 11 ] A Begginers All Inclusive Guide to ETW
[ 12 ] ETW References
[ 13 ] Give Me an E, Give Me a T, Give Me a W. What Do You Get? RPC! (pars events from the RPC ETW)
[ 14 ] Attacks on ETW Blind EDR Sensors ( black hat con )
[ 15 ] This write-up will present a case study of using ETW (Event Tracing for Windows) to analyze an active Cobalt Strike Beacon that was still active and communicating to it's C2 Server.
[ 16 ] Event Tracing for Windows (ETW): Your Friendly Neighborhood IPC Mechanism
[ 17 ] Understanding ETW Patching
[ 18 ] coming soon...
———
@islemolecule_source
[ 1 ] ETW visualization
[ 2 ] Uncovering Windows Events
[ 3 ] ETW internals for security research and forensics
[ 4 ] Exploiting a “CVE-2020-1034” Vulnerability – In 35 Easy Steps or Less!
[ 5 ] Design issues of modern EDRs: bypassing ETW-based solutions
[ 6 ] A Primer On Event Tracing For Windows (ETW)
[ 7 ] Windows 10 ETW Events references collection
[ 8 ] evading EDR book [ 1 ] , [ 2 ]
[ 9 ] Detecting In-Memory Threats with Kernel ETW Call Stacks
[ 10 ] Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers
[ 11 ] A Begginers All Inclusive Guide to ETW
[ 12 ] ETW References
[ 13 ] Give Me an E, Give Me a T, Give Me a W. What Do You Get? RPC! (pars events from the RPC ETW)
[ 14 ] Attacks on ETW Blind EDR Sensors ( black hat con )
[ 15 ] This write-up will present a case study of using ETW (Event Tracing for Windows) to analyze an active Cobalt Strike Beacon that was still active and communicating to it's C2 Server.
[ 16 ] Event Tracing for Windows (ETW): Your Friendly Neighborhood IPC Mechanism
[ 17 ] Understanding ETW Patching
[ 18 ] coming soon...
———
@islemolecule_source
❤5👍2
Source Byte
ETW series [ 1 ] ETW visualization [ 2 ] Uncovering Windows Events [ 3 ] ETW internals for security research and forensics [ 4 ] Exploiting a “CVE-2020-1034” Vulnerability – In 35 Easy Steps or Less! [ 5 ] Design issues of modern EDRs: bypassing ETW…
post updated :
[ 17 ] Understanding ETW Patching added to the list
[ 17 ] Understanding ETW Patching added to the list
❤5👍2
obfus.h is a macro-only library for compile-time obfuscating C applications, designed specifically for the Tiny C (tcc). It is tailored for Windows x86 and x64 platforms and supports all versions of the compiler.
https://github.com/DosX-dev/obfus.h
https://github.com/DosX-dev/obfus.h
❤7👍3🔥1
CodeMachine - Windows Kernel Rootkit Techniques-unlocked.pdf
5.2 MB
CodeMachine - Windows Kernel Rootkit Techniques
Most operating systems support kernel-mode device drivers, which execute with the same privileges as the operating system itself. As such, many kernel
https://www.coursefather.com/2023/12/Windows-rootkits-kernel.html?m=1
Most operating systems support kernel-mode device drivers, which execute with the same privileges as the operating system itself. As such, many kernel
https://www.coursefather.com/2023/12/Windows-rootkits-kernel.html?m=1
🔥5🥰1