Techniques Learned from the XZ Backdoor
https://medium.com/@knownsec404team/techniques-learned-from-the-xz-backdoor-74b0a8d45c30
#cve , #CVE_2024_3094
The IFUNC feature of GLIBC
Concealing characters using Radix Tree
Obtaining all dependency information
Hooking Functions from Other Dependency Libraries
https://medium.com/@knownsec404team/techniques-learned-from-the-xz-backdoor-74b0a8d45c30
#cve , #CVE_2024_3094
❤3
pspy is a command line tool designed to snoop on processes without need for root permissions. It allows you to see commands run by other users, cron jobs, etc. as they execute.
https://github.com/DominicBreuker/pspy
#tool
https://github.com/DominicBreuker/pspy
#tool
Embedding encrypted payloads in resource section
Payload
https://ry0dan.github.io/malware%20development/Malware-Development-Crafting-Digital-Chaos-03/
credit : Motawkkel Abdulrhman
#malware_dev
Payload
placement: .rsrc section
Adding a resource to our project
Retrieving payload contents
Locating resource
Loading resource contents
Obtain a pointer
Decrypting the payload
Execution
https://ry0dan.github.io/malware%20development/Malware-Development-Crafting-Digital-Chaos-03/
credit : Motawkkel Abdulrhman
#malware_dev
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Один из подписчиков поделился новым курсом от Sektor7, и был не против отдать его в массы. Это уже третья часть про разработку малвари: Malware Development Advanced Vol.1
Остальные курсы Sector7 тоже есть на канале:
1. RTO: Malware Development Essentials
2. RTO: Windows Persistence
3. RTO: Privilege Escalation in Windows
4. RTO: Malware Development Intermediate
5. RTO: Evasion Windows
#course #malware #redteam #pentest
Остальные курсы Sector7 тоже есть на канале:
1. RTO: Malware Development Essentials
2. RTO: Windows Persistence
3. RTO: Privilege Escalation in Windows
4. RTO: Malware Development Intermediate
5. RTO: Evasion Windows
#course #malware #redteam #pentest
Forwarded from Ralf Hacker Channel (Ralf Hacker)
RTO - Malware Development Advanced Vol. 1.zip
1.5 GB
Active Directory Enumeration for Red Teams
In this post, we will explore how defenders can monitor for suspicious LDAP activity, as well as operational security approaches for red teams conducting LDAP reconnaissance.
credits : Dominic Chell
https://www.mdsec.co.uk/2024/02/active-directory-enumeration-for-red-teams/
you should not miss this blog :)
In this post, we will explore how defenders can monitor for suspicious LDAP activity, as well as operational security approaches for red teams conducting LDAP reconnaissance.
credits : Dominic Chell
https://www.mdsec.co.uk/2024/02/active-directory-enumeration-for-red-teams/
Forwarded from Offensive Xwitter
😈 [ eversinc33 🩸🗡️ @eversinc33 ]
If you are facing an EDR with PEB protection/obf which makes Ldr inaccessible & want to inject shellcode, just pass the VA of LoadLibrary (which is consistent across processes) to the shellcode via egg-hunting from your injector, enabling lib resolution without touching the PEB.
🐥 [ tweet ]
If you are facing an EDR with PEB protection/obf which makes Ldr inaccessible & want to inject shellcode, just pass the VA of LoadLibrary (which is consistent across processes) to the shellcode via egg-hunting from your injector, enabling lib resolution without touching the PEB.
🐥 [ tweet ]
*смешной срач в треде*👍3🔥1
Forwarded from white2hack 📚
System32 Important Files.pdf
33.4 MB
System32 Important Files by Hadess, 2024
Cloud-Based Identity to Exfiltration Attack Part1
As I've divided this blog into two parts, this part focuses on Part 1, examining cloud-based identity attacks leading to successful logins to Outlook activities.
https://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder/Day16-CloudId-Exfiltration-AttackReport-Part1.md
As I've divided this blog into two parts, this part focuses on Part 1, examining cloud-based identity attacks leading to successful logins to Outlook activities.
https://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder/Day16-CloudId-Exfiltration-AttackReport-Part1.md
👍7
Cloud-Based Identity to Exfiltration Attack Part2
Today, I would like to showcase some detection insights regarding attacks, starting from cloud-based identity attacks and extending to compromised Office 365 environment.
https://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder/Day16-CloudId-Exfiltration-AttackReport-Part2.md
Today, I would like to showcase some detection insights regarding attacks, starting from cloud-based identity attacks and extending to compromised Office 365 environment.
https://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder/Day16-CloudId-Exfiltration-AttackReport-Part2.md
Forwarded from گروه بایت امن (SecureByte)
Persian Generic Unpacking.rar
7.2 MB
#Tutorial #Unpacking #Persian
مجموعه آموزشی آنپکینگ به زبان فارسی از دوست خوب و قدیمی امیر گوران ( 256 صفحه )
برای آنپکینگ دانش خوبی از ساختار فایل، مهندسی معکوس، تحلیل استاتیک و داینامیک و برنامه نویسی نیاز دارید
مطالبی که میبینید برای آشنایی کلی هست و نیاز دارید برای ادامه تمرین کنید و بدون دانش پیشنیاز تو این زمینه پیشرفتی حاصل نمیشه .
فایل های Unpack Me رو میتونید از سایت Tuts4you دانلود و تمرین کنید
Password : @securebyte
https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
مجموعه آموزشی آنپکینگ به زبان فارسی از دوست خوب و قدیمی امیر گوران ( 256 صفحه )
برای آنپکینگ دانش خوبی از ساختار فایل، مهندسی معکوس، تحلیل استاتیک و داینامیک و برنامه نویسی نیاز دارید
مطالبی که میبینید برای آشنایی کلی هست و نیاز دارید برای ادامه تمرین کنید و بدون دانش پیشنیاز تو این زمینه پیشرفتی حاصل نمیشه .
فایل های Unpack Me رو میتونید از سایت Tuts4you دانلود و تمرین کنید
Password : @securebyte
https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
REA Unpacking eBook.rar
106.2 MB
#Tutorial #Unpacking #English
REA Unpacking eBook
Pages : 2342
Password : @securebyte
https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
REA Unpacking eBook
Pages : 2342
Password : @securebyte
https://news.1rj.ru/str/joinchat/8IAKs9HaoGU2NmE0
_
Forwarded from Source Chat (Friend)
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from $ᴘ3ᴅʏʟ1👾
Golang Virus Example
[ GitHub ]
Process Injection Techniques with Golang
[ GitHub ]
Proof of concept SMB C2 using named pipes in Golang
[ GitHub ]
DLL creation and injection with Golang
[ Medium ]
ColdFire II(Golang malware development library)
[ GitHub ]
A POC Windows crypto-ransomware (Academic). Now Ransom:Win32/MauriCrypt.MK!MTB
[ GitHub ]
Windows Botnet written in Golang
[ GitHub ]
@source_byte
#malware_dev #go
ExfilDocs
Searches drive for specific file extensions
Uploads files to C2 via SSH
Outlook Exfil
Asks for Outlook Credentials
Authenticates via IMAP, searches attachments and uploads files to C2 via SSH TO DO: Fix Windows Compilation
Screen Shotter
Uploads screenshot every 20 seconds to C2 via SSH
Dropper
Hosts 3 files, downloads them from itself then executes them.
[ GitHub ]
Process Injection Techniques with Golang
[ GitHub ]
Proof of concept SMB C2 using named pipes in Golang
[ GitHub ]
DLL creation and injection with Golang
[ Medium ]
ColdFire II(Golang malware development library)
[ GitHub ]
A POC Windows crypto-ransomware (Academic). Now Ransom:Win32/MauriCrypt.MK!MTB
[ GitHub ]
Windows Botnet written in Golang
[ GitHub ]
@source_byte
#malware_dev #go
Forwarded from 1N73LL1G3NC3
This media is not supported in your browser
VIEW IN TELEGRAM
TrollUAC
• .NET library that serves as a UAC bypass for x64
• Any* process with the uiAccess flag enabled can "Send Keystrokes" to high integrity processes even from medium integrity
• We steal the token of On Screen Keyboard (uiAccess enabled) to spawn a new process that does GUI automation
• The GUI automation simply sends keystrokes to taskmgr (auto elevate) to spawn our new desired process in high integrity
• *Refer to tiraniddo's article for requirements, although they can easily be conjured up
• .NET library that serves as a UAC bypass for x64
• Any* process with the uiAccess flag enabled can "Send Keystrokes" to high integrity processes even from medium integrity
• We steal the token of On Screen Keyboard (uiAccess enabled) to spawn a new process that does GUI automation
• The GUI automation simply sends keystrokes to taskmgr (auto elevate) to spawn our new desired process in high integrity
• *Refer to tiraniddo's article for requirements, although they can easily be conjured up