Forwarded from Reverse Dungeon
YouTube
CppCon 2017: Matt Godbolt “What Has My Compiler Done for Me Lately? Unbolting the Compiler's Lid”
http://CppCon.org
—
Presentation Slides, PDFs, Source Code and other presenter materials are available at: https://github.com/CppCon/CppCon2017
—
In 2012, Matt and a colleague were arguing whether it was efficient to use the then-new-fangled range for. During…
—
Presentation Slides, PDFs, Source Code and other presenter materials are available at: https://github.com/CppCon/CppCon2017
—
In 2012, Matt and a colleague were arguing whether it was efficient to use the then-new-fangled range for. During…
👍4
Forwarded from 1N73LL1G3NC3
SymProcAddress
Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)
https://github.com/MzHmO/SymProcAddress
Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)
https://github.com/MzHmO/SymProcAddress
👍5
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Аналог
https://github.com/WKL-Sec/FuncAddressPro
#redteam #maldev #evasion
GetProcAddress, но написан на ассемблере. Гуд... https://github.com/WKL-Sec/FuncAddressPro
#redteam #maldev #evasion
GitHub
GitHub - WKL-Sec/FuncAddressPro: A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative…
A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress. - WKL-Sec/FuncAddressPro
👍3
Forwarded from APT
⚙️ MultiDump
This is a post-exploitation tool written in C for dumping and extracting LSASS memory discreetly. MultiDump supports LSASS dump via ProcDump.exe or Comsvc.dll, it offers two modes: a local mode that encrypts and stores the dump file locally, and a remote mode that sends the dump to a handler for decryption and analysis
🔗 https://github.com/Xre0uS/MultiDump
#lsass #remote #cpp #python
This is a post-exploitation tool written in C for dumping and extracting LSASS memory discreetly. MultiDump supports LSASS dump via ProcDump.exe or Comsvc.dll, it offers two modes: a local mode that encrypts and stores the dump file locally, and a remote mode that sends the dump to a handler for decryption and analysis
🔗 https://github.com/Xre0uS/MultiDump
#lsass #remote #cpp #python
👍5🥰1
Forwarded from کانال بایت امن
#Source
D/Invoke Process Hollowing
Implementation of process hollowing shellcode injection using DInvoke.
با استفاده از Dynamic Invocation یا همون D/Invoke به جای P/Invoke میتونید به صورت داینامیک از کد های UnManaged استفاده کنید.
تو این مقاله به صورت کامل در مورد ضرورت ایجاد D/Invoke و تفاوتش با P/Invoke اشاره کرده.
حالا در این ریپو یک سناریو مربوط به تزریق کد ها با استفاده از تکنیک Process Hollowing رو میتونید بررسی کنید.
🦅 کانال بایت امن | گروه بایت امن
_
D/Invoke Process Hollowing
Implementation of process hollowing shellcode injection using DInvoke.
با استفاده از Dynamic Invocation یا همون D/Invoke به جای P/Invoke میتونید به صورت داینامیک از کد های UnManaged استفاده کنید.
تو این مقاله به صورت کامل در مورد ضرورت ایجاد D/Invoke و تفاوتش با P/Invoke اشاره کرده.
حالا در این ریپو یک سناریو مربوط به تزریق کد ها با استفاده از تکنیک Process Hollowing رو میتونید بررسی کنید.
_
Please open Telegram to view this post
VIEW IN TELEGRAM
👍6🔥2❤1🌭1🍌1💅1
Red team webinar presentation
https://kpmg.pathfactory.com/RedTeamWebinar#page=1
https://kpmg.pathfactory.com/RedTeamWebinar#page=1
👍5
Forwarded from vx-underground
13-year-old Marco Liberale has created a proof-of-concept PasteBin C2 botnet in Go. Is it fully cross platform working on Windows, Linux, and Mac.
We are very happy to see such a young person contributing to this research space.
Check it out here: https://github.com/marco-liberale/PasteBomb
We are very happy to see such a young person contributing to this research space.
Check it out here: https://github.com/marco-liberale/PasteBomb
GitHub
GitHub - marco-liberale/PasteBomb: PasteBomb C2-less RAT
PasteBomb C2-less RAT. Contribute to marco-liberale/PasteBomb development by creating an account on GitHub.
🔥8❤1
Forwarded from w0rk3r's Windows Hacking Library (Jonhnathan Jonhnathan Jonhnathan)
The Windows Registry Adventure #1: Introduction and research results
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html
@WindowsHackingLibrary
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html
@WindowsHackingLibrary
projectzero.google
The Windows Registry Adventure #1: Introduction and research results - Project Zero
Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in sear...
👍2👎1
Forwarded from GOJO
w0rk3r's Windows Hacking Library
The Windows Registry Adventure #1: Introduction and research results https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html @WindowsHackingLibrary
The Windows Registry Adventure #2: A brief history of the feature
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html
projectzero.google
The Windows Registry Adventure #2: A brief history of the feature - Project Zero
Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in...
👍2
Redline Stealer: A Novel Approach
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/
👍2
A set of tools for remote password dumping.
https://github.com/Slowerzs/ThievingFox/
And the blog itself: https://blog.slowerzs.net/posts/thievingfox/
https://github.com/Slowerzs/ThievingFox/
And the blog itself: https://blog.slowerzs.net/posts/thievingfox/
❤3👍2
Multi-level Dropbox commands and TutorialRAT behind APT43
https://www-genians-co-kr.translate.goog/blog/threat_intelligence/dropbox?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp
https://www-genians-co-kr.translate.goog/blog/threat_intelligence/dropbox?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp
❤2🔥2
Abusing Windows Implementation of Fork() for Stealthy Memory Operations
https://billdemirkapi.me/abusing-windows-implementation-of-fork-for-stealthy-memory-operations/
A POC for the new injection technique, abusing windows fork API to evade EDRs.
Blackhat
https://github.com/deepinstinct/Dirty-Vanity
https://billdemirkapi.me/abusing-windows-implementation-of-fork-for-stealthy-memory-operations/
A POC for the new injection technique, abusing windows fork API to evade EDRs.
Blackhat
https://github.com/deepinstinct/Dirty-Vanity
❤4
Originally, a port of the Dirty Vanity project to fork and dump the LSASS process. Has been updated upon further research to attempt to duplicate open handles to LSASS.
https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin
If this fails (and it likely will), it will attempt to obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.
https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin
❤3
Dirty_Vanity.pdf
2.3 MB
BlackHat Europe 2022:
"Dirty Vanity: A New Approach to Code injection & EDR bypass".
"Dirty Vanity: A New Approach to Code injection & EDR bypass".
👍4
Forwarded from Source Chat (GOJO)
Please open Telegram to view this post
VIEW IN TELEGRAM
❤3
GitHub comments abused to push malware via Microsoft repo URLs
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
👍3
Red Team Manual- The Cheat Sheet (version 4).pdf
385.4 KB
A collection of all my personal cheat sheets and guides as I progress through my career in offensive security.
Red team RTO 1(Cobalt strike)
Red Team Operations (RTO) II
Red team RTO 1(Cobalt strike)
Red Team Operations (RTO) II
👍3