Abusing Windows Implementation of Fork() for Stealthy Memory Operations
https://billdemirkapi.me/abusing-windows-implementation-of-fork-for-stealthy-memory-operations/
A POC for the new injection technique, abusing windows fork API to evade EDRs.
Blackhat
https://github.com/deepinstinct/Dirty-Vanity
https://billdemirkapi.me/abusing-windows-implementation-of-fork-for-stealthy-memory-operations/
A POC for the new injection technique, abusing windows fork API to evade EDRs.
Blackhat
https://github.com/deepinstinct/Dirty-Vanity
❤4
Originally, a port of the Dirty Vanity project to fork and dump the LSASS process. Has been updated upon further research to attempt to duplicate open handles to LSASS.
https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin
If this fails (and it likely will), it will attempt to obtain a handle to LSASS through the NtGetNextProcess function instead of OpenProcess/NtOpenProcess.
https://github.com/RePRGM/Nimperiments/tree/main/EvilLsassTwin
❤3
Dirty_Vanity.pdf
2.3 MB
BlackHat Europe 2022:
"Dirty Vanity: A New Approach to Code injection & EDR bypass".
"Dirty Vanity: A New Approach to Code injection & EDR bypass".
👍4
Forwarded from Source Chat (GOJO)
Please open Telegram to view this post
VIEW IN TELEGRAM
❤3
GitHub comments abused to push malware via Microsoft repo URLs
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
👍3
Red Team Manual- The Cheat Sheet (version 4).pdf
385.4 KB
A collection of all my personal cheat sheets and guides as I progress through my career in offensive security.
Red team RTO 1(Cobalt strike)
Red Team Operations (RTO) II
Red team RTO 1(Cobalt strike)
Red Team Operations (RTO) II
👍3
share some useful archives about vm and qemu escape exploit.
https://github.com/WinMin/awesome-vm-exploit
https://github.com/WinMin/awesome-vm-exploit
👍3
A collection of links related to VMware escape exploits by year
https://github.com/xairy/vmware-exploitation
https://github.com/xairy/vmware-exploitation
👍3
awesome-cyber-security-university
https://brootware.github.io/awesome-cyber-security-university/
🎓 Because Education should be free. Contributions welcome! 🕵️
https://brootware.github.io/awesome-cyber-security-university/
👍2
hasherezade 1001 nights(how Start?)
https://hshrzd.wordpress.com/how-to-start/
https://hshrzd.wordpress.com/how-to-start/
Many people approach me asking more or less the same questions: how to start RE, how to become a malware analyst, how did I start, what materials I can recommend, etc. So, in this section I will collect some hints and useful links for the beginners.
❤2👍1
Iczelion's tutorial Series
Win32 Assembly and VxD Tutorials
https://web.archive.org/web/20171110201344/http://win32assembly.programminghorizon.com/tutorials.html
Win32 Assembly and VxD Tutorials
https://web.archive.org/web/20171110201344/http://win32assembly.programminghorizon.com/tutorials.html
👍2❤1
Series of VMProtect 2 analysis:
🛡VMProtect 2 - Detailed Analysis of the Virtual Machine Architecture
🎩GitHub
🛡VMProtect 2 - Part Two, Complete Static Analysis
#vmprotect #vmp
🛡VMProtect 2 - Detailed Analysis of the Virtual Machine Architecture
🎩GitHub
🛡VMProtect 2 - Part Two, Complete Static Analysis
#vmprotect #vmp
👏3
👏2
Forwarded from Cybred
Рансомварщики HelloKitty опубликовали пароли к архивам с исходниками игр Ведьмак 3 (включая next-gen версию), Гвинт, и Thronebreaker: The Witcher Tales.
Magnet:
w3:
gwent:
w3rtx:
thronebreaker:
Magnet:
magnet:?xt=urn:btih:44134e7ade0f85e0ee940c33a7bfed5204587b93&dn=funnytorrent&tr=udp://tracker.openbittorrent.com:80&tr=udp://tracker.opentrackr.org:1337/announcew3:
oJX&S5678536Y8as%23gwent:
GyrS^&4A89x,w3rtx:
NIh\\*AS^8x0Xppwthronebreaker:
AN87*-2047UIOSh78^X❤4
Audio
Someone used AI to make Lockbit ransomware groups statement regarding the FBI takedown ... into an anime-like EDM ..
https://news.1rj.ru/str/vxunderground/3996
https://news.1rj.ru/str/vxunderground/3996
🥰2😁2