Forwarded from Source Chat (GOJO)
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from R
(APT-Q-31) A memory loader Cobalt Strike written by Rust
English :
https://www-ctfiot-com.translate.goog/175132.html?_x_tr_sl=fa&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp
Tutorial [Cobalt Strike Shellcode Loader With Rust] :
https://www.youtube.com/watch?v=XfUTpwZKCDU
A COFF loader made in Rust :
https://github.com/hakaioffsec/coffee
English :
https://www-ctfiot-com.translate.goog/175132.html?_x_tr_sl=fa&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp
Tutorial [Cobalt Strike Shellcode Loader With Rust] :
https://www.youtube.com/watch?v=XfUTpwZKCDU
A COFF loader made in Rust :
https://github.com/hakaioffsec/coffee
CTF导航
海莲花(APT-Q-31)组织数字武器Rust加载器技术分析 | CTF导航
团伙背景海莲花,又名OceanLotus、APT32,奇安信内部跟踪编号APT-Q-31,是由奇安信威胁情报中心最早披露并命名的一个APT组织。自2012年4月起,海莲花针对中国政府、科研院所、海事机构、海域建设、航运企业等相关...
👍5
Windows Phantom DLL Hijacking: New Contribution to Hijack Execution Flow – DLL Search Order Hijacking
https://interpressecurity.com/resources/windows-phantom-dll-hijacking/
DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse
#dll_hijacking
https://interpressecurity.com/resources/windows-phantom-dll-hijacking/
DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse
#dll_hijacking
🔥2
Forwarded from CyberSecurityTechnologies (-CST-)
viper.pdf
4.5 MB
#exploit
"One Flip is All It Takes:
Identifying Syscall-Guard Variables for Data-Only Attacks", 2024.
]-> https://github.com/psu-security-universe/viper
]-> https://github.com/PSU-Security-Universe/data-only-attacks
"One Flip is All It Takes:
Identifying Syscall-Guard Variables for Data-Only Attacks", 2024.
]-> https://github.com/psu-security-universe/viper
]-> https://github.com/PSU-Security-Universe/data-only-attacks
🔥3
Project that generates Malicious Office Macro Enabled Dropper for DLL SideLoading and Embed it in Lnk file to bypass MOTW
[ GITHUB ]
#DLL_SideLoading
#Dropper #Lnk
[ GITHUB ]
#DLL_SideLoading
#Dropper #Lnk
🔥4❤1
👍3❤1
Forwarded from SoheilSec (Soheil Hashemi)
مایتر اتک ۱۵ 👇
https://attack.mitre.org/resources/updates/updates-april-2024/index.html
https://medium.com/mitre-attack/attack-v15-26685f300acc
https://attack.mitre.org/resources/updates/updates-april-2024/index.html
https://medium.com/mitre-attack/attack-v15-26685f300acc
👍2🔥2
" The Open Source Problem "
you have software on your machine right now that is running code from one of many similar "suspicious" accounts.
https://cybersecpolitics.blogspot.com/2024/04/the-open-source-problem.html
#CVE-2024-3094
you have software on your machine right now that is running code from one of many similar "suspicious" accounts.
https://cybersecpolitics.blogspot.com/2024/04/the-open-source-problem.html
#CVE-2024-3094
❤5👎4👍1
WPE.pdf
5 MB
❤6
כאן חדשות
נערת הפיתוי האיראנית: נהג משאית צבאי תיעד, לפי החשד, עשרות סוללות כיפת ברזל במהלך נסיעותיו בתפקיד, ושלח תמונות ומיקומים שלהן בפייסבוק לגורם איראני שהתחזה לאישה
#חדשותהע
https://twitter.com/kann_news/status/1783218563177742831
#social_Engineering
נערת הפיתוי האיראנית: נהג משאית צבאי תיעד, לפי החשד, עשרות סוללות כיפת ברזל במהלך נסיעותיו בתפקיד, ושלח תמונות ומיקומים שלהן בפייסבוק לגורם איראני שהתחזה לאישה
#חדשותהע
https://twitter.com/kann_news/status/1783218563177742831
#social_Engineering
X (formerly Twitter)
כאן חדשות (@kann_news) on X
נערת הפיתוי האיראנית: נהג משאית צבאי תיעד, לפי החשד, עשרות סוללות כיפת ברזל במהלך נסיעותיו בתפקיד, ושלח תמונות ומיקומים שלהן בפייסבוק לגורם איראני שהתחזה לאישה
@roysharon11
#חדשותהערב
@roysharon11
#חדשותהערב
🤣13🤔3
Reverse engineering cpp - Gal Zaban
[ YouTube ]
Everything you Ever wanted to know about dlls
[ YouTube ]
#conference
#cpp
#windows
[ YouTube ]
Everything you Ever wanted to know about dlls
[ YouTube ]
#conference
#cpp
#windows
🔥3
updated : part 18 added
ETW-ByeBye: Disabling ETW-TI Without PPL
ETW-ByeBye: Disabling ETW-TI Without PPL
❤2
This media is not supported in your browser
VIEW IN TELEGRAM
you can upload any file as an attachment in a draft comment on any public GitHub repo, delete the comment but the file download URL remains active, and the repo owner can’t do anything about it
🤩11😁2
Source Byte
כאן חדשות נערת הפיתוי האיראנית: נהג משאית צבאי תיעד, לפי החשד, עשרות סוללות כיפת ברזל במהלך נסיעותיו בתפקיד, ושלח תמונות ומיקומים שלהן בפייסבוק לגורם איראני שהתחזה לאישה #חדשותהע https://twitter.com/kann_news/status/1783218563177742831 #social_Engineering
I R O N D O M E B A T T E R I E S I N B I O
😂
😂
👍6🤪1
The Nightmare of EDR: Storm-0978 Utilizing New Kernel Injection Technique "Step Bear"
https://ti.qianxin.com/blog/articles/The-Nightmare-of-EDR-Storm-0978-Utilizing-New-Kernel-Injection-Technique-Step-Bear-EN/
https://ti.qianxin.com/blog/articles/The-Nightmare-of-EDR-Storm-0978-Utilizing-New-Kernel-Injection-Technique-Step-Bear-EN/
❤4🐳1
Forwarded from Hide01
I have no problem. my point is not to make money out of the website. If its earned enough to keep servers running that be enough for me. if something leaks out then its for everyone use it and i will not be sad for a single second. Enjoy the material
❤14🐳1
https://news.1rj.ru/str/Hide01
My Website: Hide01.ir
Telegram Contact: t.me/Hide01Bot
Email: root@hide01.ir
PGP: pgp.hide01.ir
Jabber: hide01@jabber.calyxinstitute.org
Twitter: twitter.com/H1deZeroOne
Persian Donate: idpay.ir/hide01
My Website: Hide01.ir
Telegram Contact: t.me/Hide01Bot
Email: root@hide01.ir
PGP: pgp.hide01.ir
Jabber: hide01@jabber.calyxinstitute.org
Twitter: twitter.com/H1deZeroOne
Persian Donate: idpay.ir/hide01
Telegram
Hide01
Website: hide01.ir
TG Contact: t.me/Hide01Bot
Email: no-reply@vip.hide01.ir
PGP: pgp.hide01.ir
Twitter: twitter.com/H1deZeroOne
TG Contact: t.me/Hide01Bot
Email: no-reply@vip.hide01.ir
PGP: pgp.hide01.ir
Twitter: twitter.com/H1deZeroOne
🔥8
A Deep Dive into V8 Sandbox Escape Technique Used in In-The-Wild Exploit
We were analyzing an in-the-wild V8 vulnerability, CVE-2023–2033. Once we exploited the bug, it was not difficult to get typical exploit primitives such as addrof, read and write in V8 heap. The problem is that we need to escape the V8 sandbox in order to get code execution.
https://blog.theori.io/a-deep-dive-into-v8-sandbox-escape-technique-used-in-in-the-wild-exploit-d5dcf30681d4
# CVE-2023–2033 , #cve_analysis
We were analyzing an in-the-wild V8 vulnerability, CVE-2023–2033. Once we exploited the bug, it was not difficult to get typical exploit primitives such as addrof, read and write in V8 heap. The problem is that we need to escape the V8 sandbox in order to get code execution.
https://blog.theori.io/a-deep-dive-into-v8-sandbox-escape-technique-used-in-in-the-wild-exploit-d5dcf30681d4
# CVE-2023–2033 , #cve_analysis
👍7
Asia_24_Yair_magicdot_a_hackers_magic_show_of_disappearing_dots.pdf
3.8 MB
Asia-24-Yair-magicdot-a-hackers-magic-show-of-disappearing-dots-and-spaces.pdf
👍3