Series of VMProtect 2 analysis:
🛡VMProtect 2 - Detailed Analysis of the Virtual Machine Architecture

🎩GitHub


🛡VMProtect 2 - Part Two, Complete Static Analysis

#vmprotect #vmp

How To Unpack VMProtect 3 (X64) Night Sky Ransomware (Patreon)
Link

#vmprotect #vmp

Рансомварщики HelloKitty опубликовали пароли к архивам с исходниками игр Ведьмак 3 (включая next-gen версию), Гвинт, и Thronebreaker: The Witcher Tales.

Magnet: magnet:?xt=urn:btih:44134e7ade0f85e0ee940c33a7bfed5204587b93&dn=funnytorrent&tr=udp://tracker.openbittorrent.com:80&tr=udp://tracker.opentrackr.org:1337/announce

w3: oJX&S5678536Y8as%23
gwent: GyrS^&4A89x,
w3rtx: NIh\\*AS^8x0Xppw
thronebreaker: AN87*-2047UIOSh78^X

Someone used AI to make Lockbit ransomware groups statement regarding the FBI takedown ... into an anime-like EDM ..


https://news.1rj.ru/str/vxunderground/3996

pestudio pro 9.57

🔴 اسلاید های کنفرانس Black Hat Asia 2024 که 16 تا 19 آوریل/28 تا 31 فروردین در سنگاپور برگزار شد ، در دسترسه که میتونید از گیتهابمون بصورت تکی یا یکجا (Releases) دانلود کنید.

#Conference #BHASIA #blackhat

🆔 @onhex_ir
➡️ ALL Link

（APT-Q-31） A memory loader Cobalt Strike written by Rust

English :
https://www-ctfiot-com.translate.goog/175132.html?_x_tr_sl=fa&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp


Tutorial [Cobalt Strike Shellcode Loader With Rust] :

https://www.youtube.com/watch?v=XfUTpwZKCDU


A COFF loader made in Rust :

https://github.com/hakaioffsec/coffee

Windows Phantom DLL Hijacking: New Contribution to Hijack Execution Flow – DLL Search Order Hijacking
https://interpressecurity.com/resources/windows-phantom-dll-hijacking/


DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse


#dll_hijacking

#exploit
"One Flip is All It Takes:
Identifying Syscall-Guard Variables for Data-Only Attacks", 2024.
]-> https://github.com/psu-security-universe/viper
]-> https://github.com/PSU-Security-Universe/data-only-attacks

Project that generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW
[ GITHUB ]

#DLL_SideLoading
#Dropper #Lnk

Refresh AD Groups Membership without Reboot/Logoff

Purge the computer account kerberos tickets with:

klist -lh 0 -li 0x3e7 purge

Reload User Groups Membership without Logging Off with:
klist purge

[Twitter]

#AD

Windows Device drivers internals and some reversing

[ Off by security ]

#internals

مایتر اتک ۱۵ 👇

https://attack.mitre.org/resources/updates/updates-april-2024/index.html

https://medium.com/mitre-attack/attack-v15-26685f300acc

" The Open Source Problem "
you have software on your machine right now that is running code from one of many similar "suspicious" accounts.


https://cybersecpolitics.blogspot.com/2024/04/the-open-source-problem.html

#CVE-2024-3094

"Windows Privilege Escalation", 2024.


VX_UNDERGROUND

#windows_priv
#windows

כאן חדשות

נערת הפיתוי האיראנית: נהג משאית צבאי תיעד, לפי החשד, עשרות סוללות כיפת ברזל במהלך נסיעותיו בתפקיד, ושלח תמונות ומיקומים שלהן בפייסבוק לגורם איראני שהתחזה לאישה

#חדשותהע

https://twitter.com/kann_news/status/1783218563177742831

#social_Engineering

Reverse engineering cpp - Gal Zaban
[ YouTube ]

Everything you Ever wanted to know about dlls
[ YouTube ]


#conference
#cpp
#windows

updated : part 18 added

ETW-ByeBye: Disabling ETW-TI Without PPL

you can upload any file as an attachment in a draft comment on any public GitHub repo, delete the comment but the file download URL remains active, and the repo owner can’t do anything about it