A Trip Down Memory Lane
Antivirus evasion has quickly become one of the most overwritten topics, with endless articles on writing shellcode loaders and other evasive stageless droppers.
https://gatari.dev/posts/a-trip-down-memory-lane/
credit : @gatariee
#AV , #red_team
Antivirus evasion has quickly become one of the most overwritten topics, with endless articles on writing shellcode loaders and other evasive stageless droppers.
https://gatari.dev/posts/a-trip-down-memory-lane/
credit : @gatariee
#AV , #red_team
book.pdf
8.7 MB
https://toc.cryptobook.us/book.pdf
#book
#cryptography
A Graduate Course in
Applied Cryptography
By Dan Boneh and Victor Shoup
#book
#cryptography
❤4👍1
This is a repository with sample malduck🦆 config extraction modules. By utilizing them you should be able to extract embedded configuration from unpacked malware samples of: njrat, remcos, revil, graphicalproton
[ GitHub ]
#malware_analysis
[ GitHub ]
#malware_analysis
Portable, simple and fast installer for Visual Studio Build Tools.
https://github.com/Data-Oriented-House/PortableBuildTools
Downloads standalone 64-bit MSVC compiler, linker & other tools, also headers/libraries from Windows SDK, into a portable folder, without installing Visual Studio.
https://github.com/Data-Oriented-House/PortableBuildTools
Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/#storing-payloads-in-registry
#AV , #GuptiMiner
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/#storing-payloads-in-registry
#AV , #GuptiMiner
👍2
Forwarded from Ai000 Cybernetics QLab (Milad Kahsari Alhadi)
In this research paper which is first part of the system analysis series, our team at ACQL has embarked on an exploratory journey to thoroughly understand general systems concepts, aiming to extrapolate these concepts to broader system typologies. Our initial findings suggest that systems, universally, exhibit 9 fundamental characteristics. Furthermore, we identify that any entity defined as a system is susceptible to both internal and external threats, necessitating robust protective measures.
Our analysis progresses into a detailed examination of various data terminologies, along with their types and states, focusing primarily on concepts such as information and intelligence. This foundational understanding of data dynamics has enabled us to advance our study into high-level analyses of software-based systems and binaries. By doing so, we have been able to identify potential vulnerabilities within these systems. The culmination of our research involves developing strategies to exploit these identified weaknesses effectively, thereby gaining control over the systems in question.
This comprehensive approach not only enhances our understanding of system security but also contributes to the development of more secure computing environments.
ACQL Website: link
@aioooir | #analysis #acql #research
Our analysis progresses into a detailed examination of various data terminologies, along with their types and states, focusing primarily on concepts such as information and intelligence. This foundational understanding of data dynamics has enabled us to advance our study into high-level analyses of software-based systems and binaries. By doing so, we have been able to identify potential vulnerabilities within these systems. The culmination of our research involves developing strategies to exploit these identified weaknesses effectively, thereby gaining control over the systems in question.
This comprehensive approach not only enhances our understanding of system security but also contributes to the development of more secure computing environments.
ACQL Website: link
@aioooir | #analysis #acql #research
000 Research - Systemology and System Design Principles.pdf
873.7 KB
000 Research - Systemology and System Design Principles.pdf
A universal EDR bypass built in Windows 10
https://www.riskinsight-wavestone.com/en/2023/10/a-universal-edr-bypass-built-in-windows-10/
#EDR , #windows_internals
While studying internals of a mechanism used by all EDR software to get information about processes activities on Windows, we came across a way for malicious processes to disable the generation of some security events related to process interactions. This technique could be used to evade EDR software while performing malicious operations such as process memory dumping, code injection or process hollowing.
https://www.riskinsight-wavestone.com/en/2023/10/a-universal-edr-bypass-built-in-windows-10/
#EDR , #windows_internals
Daily linux triks and security notes from seilany ( multiple linux distrubution developer )
[ 1 ] A technique to increase the speed of Linux kernel and operating system by 25%
[ 2 ] Increase the speed of ssd memory
.
.
.
Don't miss it! 👁👇🏻
https://news.1rj.ru/str/linuxtnt
[ 1 ] A technique to increase the speed of Linux kernel and operating system by 25%
[ 2 ] Increase the speed of ssd memory
.
.
.
Don't miss it! 👁👇🏻
❤🔥7
Binary Exploitation Notes
https://ir0nstone.gitbook.io/notes
credit : Andrej Ljubic
Stack
Heap
Kernel
Browser Exploitation
https://ir0nstone.gitbook.io/notes
credit : Andrej Ljubic
Process injection techniques $
(꩜)ListPlanting ->( Mitre )
(꩜)Process Doppelganging ->( Mitre)
(꩜)Process Hollowing ->( GitHub)
(꩜)Extra Window Memory Injection -> ( Mitre )
(꩜)TLS callback ->( GitHub)
(꩜)APC injection -> ( earlybird )
(꩜) Thread Hijacking ->( GitHub )
(꩜) Transacted Hollowing (hasherezade)
(꩜) Process Ghosting (hasherezade)
(꩜) DLL hollowing (hasherezade)
(꩜) ChimeraPE (hasherezade)
(꩜) Process Overwriting (hasherezade)
(꩜) Process Chameleon (YouTube)
+Demo by hasherezade
------------------_---------------
Others:
Mockingjay
+ thread namecalling:
https://github.com/hasherezade/thread_namecalling.git
https://news.1rj.ru/str/Source_byte
#malware_dev #process_injection
(꩜)ListPlanting ->( Mitre )
(꩜)Process Doppelganging ->( Mitre)
(꩜)Process Hollowing ->( GitHub)
(꩜)Extra Window Memory Injection -> ( Mitre )
(꩜)TLS callback ->( GitHub)
(꩜)APC injection -> ( earlybird )
(꩜) Thread Hijacking ->( GitHub )
(꩜) Transacted Hollowing (hasherezade)
(꩜) Process Ghosting (hasherezade)
(꩜) DLL hollowing (hasherezade)
(꩜) ChimeraPE (hasherezade)
(꩜) Process Overwriting (hasherezade)
(꩜) Process Chameleon (YouTube)
+Demo by hasherezade
------------------_---------------
Others:
Mockingjay
+ thread namecalling:
https://github.com/hasherezade/thread_namecalling.git
https://news.1rj.ru/str/Source_byte
#malware_dev #process_injection
Process Enumeration methods $
[+] Hunting RWX trick
[+] EnumWindowsProcesses Callback
[+] Toolhelp api
[+] WTS API
[+] NTQuerySystemInformation
[+] Others
~~~~
Related:
Advanced-Process-Injection-Workshop[ GitHub ]
https://news.1rj.ru/str/Source_byte
#malware_dev #process_enumration
[+] Hunting RWX trick
[+] EnumWindowsProcesses Callback
[+] Toolhelp api
[+] WTS API
[+] NTQuerySystemInformation
[+] Others
Related:
Advanced-Process-Injection-Workshop[ GitHub ]
https://news.1rj.ru/str/Source_byte
#malware_dev #process_enumration
❤6👍1🔥1