Forwarded from کانال بایت امن
#Source
D/Invoke Process Hollowing
Implementation of process hollowing shellcode injection using DInvoke.
با استفاده از Dynamic Invocation یا همون D/Invoke به جای P/Invoke میتونید به صورت داینامیک از کد های UnManaged استفاده کنید.
تو این مقاله به صورت کامل در مورد ضرورت ایجاد D/Invoke و تفاوتش با P/Invoke اشاره کرده.
حالا در این ریپو یک سناریو مربوط به تزریق کد ها با استفاده از تکنیک Process Hollowing رو میتونید بررسی کنید.
🦅 کانال بایت امن | گروه بایت امن
_
D/Invoke Process Hollowing
Implementation of process hollowing shellcode injection using DInvoke.
با استفاده از Dynamic Invocation یا همون D/Invoke به جای P/Invoke میتونید به صورت داینامیک از کد های UnManaged استفاده کنید.
تو این مقاله به صورت کامل در مورد ضرورت ایجاد D/Invoke و تفاوتش با P/Invoke اشاره کرده.
حالا در این ریپو یک سناریو مربوط به تزریق کد ها با استفاده از تکنیک Process Hollowing رو میتونید بررسی کنید.
_
Please open Telegram to view this post
VIEW IN TELEGRAM
👍6🔥2❤1🌭1🍌1💅1
Red team webinar presentation
https://kpmg.pathfactory.com/RedTeamWebinar#page=1
https://kpmg.pathfactory.com/RedTeamWebinar#page=1
👍5
Forwarded from vx-underground
13-year-old Marco Liberale has created a proof-of-concept PasteBin C2 botnet in Go. Is it fully cross platform working on Windows, Linux, and Mac.
We are very happy to see such a young person contributing to this research space.
Check it out here: https://github.com/marco-liberale/PasteBomb
We are very happy to see such a young person contributing to this research space.
Check it out here: https://github.com/marco-liberale/PasteBomb
GitHub
GitHub - marco-liberale/PasteBomb: PasteBomb C2-less RAT
PasteBomb C2-less RAT. Contribute to marco-liberale/PasteBomb development by creating an account on GitHub.
🔥8❤1
Forwarded from w0rk3r's Windows Hacking Library (Jonhnathan Jonhnathan Jonhnathan)
The Windows Registry Adventure #1: Introduction and research results
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html
@WindowsHackingLibrary
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html
@WindowsHackingLibrary
projectzero.google
The Windows Registry Adventure #1: Introduction and research results - Project Zero
Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in sear...
👍2👎1
Forwarded from GOJO
w0rk3r's Windows Hacking Library
The Windows Registry Adventure #1: Introduction and research results https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html @WindowsHackingLibrary
The Windows Registry Adventure #2: A brief history of the feature
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html
projectzero.google
The Windows Registry Adventure #2: A brief history of the feature - Project Zero
Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in...
👍2
Redline Stealer: A Novel Approach
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/
👍2
A set of tools for remote password dumping.
https://github.com/Slowerzs/ThievingFox/
And the blog itself: https://blog.slowerzs.net/posts/thievingfox/
https://github.com/Slowerzs/ThievingFox/
And the blog itself: https://blog.slowerzs.net/posts/thievingfox/
❤3👍2
Multi-level Dropbox commands and TutorialRAT behind APT43
https://www-genians-co-kr.translate.goog/blog/threat_intelligence/dropbox?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp
https://www-genians-co-kr.translate.goog/blog/threat_intelligence/dropbox?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp
❤2🔥2
Abusing Windows Implementation of Fork() for Stealthy Memory Operations
https://billdemirkapi.me/abusing-windows-implementation-of-fork-for-stealthy-memory-operations/
A POC for the new injection technique, abusing windows fork API to evade EDRs.
Blackhat
https://github.com/deepinstinct/Dirty-Vanity
https://billdemirkapi.me/abusing-windows-implementation-of-fork-for-stealthy-memory-operations/
A POC for the new injection technique, abusing windows fork API to evade EDRs.
Blackhat
https://github.com/deepinstinct/Dirty-Vanity
❤4
Originally, a port of the Dirty Vanity project to fork and dump the LSASS process. Has been updated upon further research to attempt to duplicate open handles to LSASS.
https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin
If this fails (and it likely will), it will attempt to obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.
https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin
❤3
Dirty_Vanity.pdf
2.3 MB
BlackHat Europe 2022:
"Dirty Vanity: A New Approach to Code injection & EDR bypass".
"Dirty Vanity: A New Approach to Code injection & EDR bypass".
👍4
Forwarded from Source Chat (GOJO)
Please open Telegram to view this post
VIEW IN TELEGRAM
❤3
GitHub comments abused to push malware via Microsoft repo URLs
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
👍3
Red Team Manual- The Cheat Sheet (version 4).pdf
385.4 KB
A collection of all my personal cheat sheets and guides as I progress through my career in offensive security.
Red team RTO 1(Cobalt strike)
Red Team Operations (RTO) II
Red team RTO 1(Cobalt strike)
Red Team Operations (RTO) II
👍3
share some useful archives about vm and qemu escape exploit.
https://github.com/WinMin/awesome-vm-exploit
https://github.com/WinMin/awesome-vm-exploit
👍3
A collection of links related to VMware escape exploits by year
https://github.com/xairy/vmware-exploitation
https://github.com/xairy/vmware-exploitation
👍3
awesome-cyber-security-university
https://brootware.github.io/awesome-cyber-security-university/
🎓 Because Education should be free. Contributions welcome! 🕵️
https://brootware.github.io/awesome-cyber-security-university/
👍2
hasherezade 1001 nights(how Start?)
https://hshrzd.wordpress.com/how-to-start/
https://hshrzd.wordpress.com/how-to-start/
Many people approach me asking more or less the same questions: how to start RE, how to become a malware analyst, how did I start, what materials I can recommend, etc. So, in this section I will collect some hints and useful links for the beginners.
❤2👍1