Forwarded from GOJO
w0rk3r's Windows Hacking Library
The Windows Registry Adventure #1: Introduction and research results https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html @WindowsHackingLibrary
The Windows Registry Adventure #2: A brief history of the feature
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html
projectzero.google
The Windows Registry Adventure #2: A brief history of the feature - Project Zero
Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in...
👍2
Redline Stealer: A Novel Approach
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/
👍2
A set of tools for remote password dumping.
https://github.com/Slowerzs/ThievingFox/
And the blog itself: https://blog.slowerzs.net/posts/thievingfox/
https://github.com/Slowerzs/ThievingFox/
And the blog itself: https://blog.slowerzs.net/posts/thievingfox/
❤3👍2
Multi-level Dropbox commands and TutorialRAT behind APT43
https://www-genians-co-kr.translate.goog/blog/threat_intelligence/dropbox?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp
https://www-genians-co-kr.translate.goog/blog/threat_intelligence/dropbox?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp
❤2🔥2
Abusing Windows Implementation of Fork() for Stealthy Memory Operations
https://billdemirkapi.me/abusing-windows-implementation-of-fork-for-stealthy-memory-operations/
A POC for the new injection technique, abusing windows fork API to evade EDRs.
Blackhat
https://github.com/deepinstinct/Dirty-Vanity
https://billdemirkapi.me/abusing-windows-implementation-of-fork-for-stealthy-memory-operations/
A POC for the new injection technique, abusing windows fork API to evade EDRs.
Blackhat
https://github.com/deepinstinct/Dirty-Vanity
❤4
Originally, a port of the Dirty Vanity project to fork and dump the LSASS process. Has been updated upon further research to attempt to duplicate open handles to LSASS.
https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin
If this fails (and it likely will), it will attempt to obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.
https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin
❤3
Dirty_Vanity.pdf
2.3 MB
BlackHat Europe 2022:
"Dirty Vanity: A New Approach to Code injection & EDR bypass".
"Dirty Vanity: A New Approach to Code injection & EDR bypass".
👍4
Forwarded from Source Chat (GOJO)
Please open Telegram to view this post
VIEW IN TELEGRAM
❤3
GitHub comments abused to push malware via Microsoft repo URLs
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
👍3
Red Team Manual- The Cheat Sheet (version 4).pdf
385.4 KB
A collection of all my personal cheat sheets and guides as I progress through my career in offensive security.
Red team RTO 1(Cobalt strike)
Red Team Operations (RTO) II
Red team RTO 1(Cobalt strike)
Red Team Operations (RTO) II
👍3
share some useful archives about vm and qemu escape exploit.
https://github.com/WinMin/awesome-vm-exploit
https://github.com/WinMin/awesome-vm-exploit
👍3
A collection of links related to VMware escape exploits by year
https://github.com/xairy/vmware-exploitation
https://github.com/xairy/vmware-exploitation
👍3
awesome-cyber-security-university
https://brootware.github.io/awesome-cyber-security-university/
🎓 Because Education should be free. Contributions welcome! 🕵️
https://brootware.github.io/awesome-cyber-security-university/
👍2
hasherezade 1001 nights(how Start?)
https://hshrzd.wordpress.com/how-to-start/
https://hshrzd.wordpress.com/how-to-start/
Many people approach me asking more or less the same questions: how to start RE, how to become a malware analyst, how did I start, what materials I can recommend, etc. So, in this section I will collect some hints and useful links for the beginners.
❤2👍1
Iczelion's tutorial Series
Win32 Assembly and VxD Tutorials
https://web.archive.org/web/20171110201344/http://win32assembly.programminghorizon.com/tutorials.html
Win32 Assembly and VxD Tutorials
https://web.archive.org/web/20171110201344/http://win32assembly.programminghorizon.com/tutorials.html
👍2❤1
Series of VMProtect 2 analysis:
🛡VMProtect 2 - Detailed Analysis of the Virtual Machine Architecture
🎩GitHub
🛡VMProtect 2 - Part Two, Complete Static Analysis
#vmprotect #vmp
🛡VMProtect 2 - Detailed Analysis of the Virtual Machine Architecture
🎩GitHub
🛡VMProtect 2 - Part Two, Complete Static Analysis
#vmprotect #vmp
👏3