Forwarded from کانال بایت امن
#Course #DWORD
🔥 بروز رسانی ویدیو های ""دوره آموزش مهندسی معکوس نرم افزار | سطح مقدماتی - متوسط""
در این بروز رسانی قفل های نرم افزاری و DRM های مطرح به صورت کامل تحلیل و بررسی خواهند شد.
🔸 تاندر سافت | ThunderSoft DRM
🔸 جیلی سافت | GiliSoft
🔸 پسورد پروتکت ویدیو مستر | PPVM
🔸 دی آر ام سافت | DRMSoft
🔸 آپین سافت | ApinSoft
🔸 وی سافت | VaySoft
🔸 کپی سیف | CopySafe
🔸 سایر DRM ها و قفل های نرم افزاری به صورت موضوعی
این بروزرسانی در اختیار تمامی دانشجویان دوره اول تا پنجم مهندسی معکوس نرم افزار قرار خواهد گرفت.
🦅 کانال بایت امن | گروه بایت امن
_
در این بروز رسانی قفل های نرم افزاری و DRM های مطرح به صورت کامل تحلیل و بررسی خواهند شد.
🔸 تاندر سافت | ThunderSoft DRM
🔸 جیلی سافت | GiliSoft
🔸 پسورد پروتکت ویدیو مستر | PPVM
🔸 دی آر ام سافت | DRMSoft
🔸 آپین سافت | ApinSoft
🔸 وی سافت | VaySoft
🔸 کپی سیف | CopySafe
🔸 سایر DRM ها و قفل های نرم افزاری به صورت موضوعی
این بروزرسانی در اختیار تمامی دانشجویان دوره اول تا پنجم مهندسی معکوس نرم افزار قرار خواهد گرفت.
_
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4🤬3😭2
Forwarded from Mr Python | مستر پایتون (حسین)
🟣 ساخت KeyLogger ویندوزی با استفاده از GetAsyncKeyState
یکی از روش های مرسوم و اولیه برای پیاده سازی کیلاگر ها در ویندوز استفاده از تابع GetAsyncKeyState در Windows API است . به وسیله این تابع میتوان چک کرد آیا یک کلید مدنظر روی صفحه کلید در حال حاضر فشرده شده است یا نه . در این ویدیو میبینیم چطور میتونیم به وسیله این تابع یک کیلاگر ویندوزی پیاده سازی کنیم که به صورت مخفی در پس زمینه اجرا شده و کلید های ضبط شده را در یک فایل ذخیره کند .
Aparat : https://www.aparat.com/v/h29Cp
#توسعه_بدافزار
🆔 : @mrpythonblog
یکی از روش های مرسوم و اولیه برای پیاده سازی کیلاگر ها در ویندوز استفاده از تابع GetAsyncKeyState در Windows API است . به وسیله این تابع میتوان چک کرد آیا یک کلید مدنظر روی صفحه کلید در حال حاضر فشرده شده است یا نه . در این ویدیو میبینیم چطور میتونیم به وسیله این تابع یک کیلاگر ویندوزی پیاده سازی کنیم که به صورت مخفی در پس زمینه اجرا شده و کلید های ضبط شده را در یک فایل ذخیره کند .
Aparat : https://www.aparat.com/v/h29Cp
#توسعه_بدافزار
🆔 : @mrpythonblog
🔥4👍1👎1
Forwarded from vx-underground
Here is some code that was written about a year for a project for vx-underground. However, due to various reasons, the code is being publicly released.
tl;dr recursive loader, painful to reverse engineer
Explanation of code:
The following code is inspired by APT Linux/Kobalos. Kobalos was malware, suspected to be tied to the Chinese government, which was fully recursive. It was novel malware.
Following this inspiration, an x64 recursive loader was developed for Windows 10 and Windows 11. When compiled the binary has no entries in the IAT. The binary resolves all APIs via NTDLL. Additional libraries are loaded via LdrLoadDll.
The code recursively calls itself to execute functions. It determines which portion of code to execute using a flag (an enum). Each 'function' is encapsulated in a switch statement. All variables are recursively passed using the 'VARIABLE_TABLE' structure. The VARIABLE_TABLE also contains further nested structures for handling API function resolving, initializing COM objects and associated classes, and data structures for some 'switch functions' which may require additional variables for tasks.
To avoid the compiler optimizing code and introducing functions into the IAT, some STDIO functionality such as ZeroMemory have been re-written in more unorthodox methods.
HTTPS requests are handled by COM via the WinHttpRequest Object.
The code basically downloads a binary from vx-underground and executes it. Currently the code will not work because the executable hosted on vx-underground for the proof-of-concept is no longer there – although it was just a copy cmd.exe.
Code may have some bugs. It can be improved upon by introducing pseudo-polymorphism by 'scrambling' the order of switch statements and enum values on each build.
Code written by smelly
You can checkout Win32.RecursiveLoader.b here: https://pastebin.com/HSTS2zwL
tl;dr recursive loader, painful to reverse engineer
Explanation of code:
The following code is inspired by APT Linux/Kobalos. Kobalos was malware, suspected to be tied to the Chinese government, which was fully recursive. It was novel malware.
Following this inspiration, an x64 recursive loader was developed for Windows 10 and Windows 11. When compiled the binary has no entries in the IAT. The binary resolves all APIs via NTDLL. Additional libraries are loaded via LdrLoadDll.
The code recursively calls itself to execute functions. It determines which portion of code to execute using a flag (an enum). Each 'function' is encapsulated in a switch statement. All variables are recursively passed using the 'VARIABLE_TABLE' structure. The VARIABLE_TABLE also contains further nested structures for handling API function resolving, initializing COM objects and associated classes, and data structures for some 'switch functions' which may require additional variables for tasks.
To avoid the compiler optimizing code and introducing functions into the IAT, some STDIO functionality such as ZeroMemory have been re-written in more unorthodox methods.
HTTPS requests are handled by COM via the WinHttpRequest Object.
The code basically downloads a binary from vx-underground and executes it. Currently the code will not work because the executable hosted on vx-underground for the proof-of-concept is no longer there – although it was just a copy cmd.exe.
Code may have some bugs. It can be improved upon by introducing pseudo-polymorphism by 'scrambling' the order of switch statements and enum values on each build.
Code written by smelly
You can checkout Win32.RecursiveLoader.b here: https://pastebin.com/HSTS2zwL
Pastebin
x64 WINAPI Recursive Loader W/ No Imports - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
❤5👍3
🔥List of best security channels on telegram:
https://news.1rj.ru/str/addlist/RPL2r4B8flEyOTI0
https://news.1rj.ru/str/addlist/RPL2r4B8flEyOTI0
If you think that i missed a good channel tell me! -> @Ke3rNel
❤6👍3❤🔥1👎1🤨1
Source Byte pinned «🔥List of best security channels on telegram: https://news.1rj.ru/str/addlist/RPL2r4B8flEyOTI0 If you think that i missed a good channel tell me! -> @Ke3rNel»
Forwarded from Source Byte ( $ᴘ3ᴅʏʟ1👾)
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Order of Six Angles
Injecting code into PPL processes without vulnerable drivers on Windows 11
https://blog.slowerzs.net/posts/pplsystem/
https://blog.slowerzs.net/posts/pplsystem/
Slowerzs' blog
Injecting code into PPL processes without vulnerable drivers on Windows 11
Write Great Code - Thinking low-level, Writing high-level.pdf
4.7 MB
Title: Write Great Code, Volume 2, 2nd Edition
Denoscription: Modern programming languages provide productivity and portability, but also make it easy to write sloppy code that is not optimized for the compiler. The book will teach you how to write code that will turn into good machine code when executed by a compiler.
#book
Denoscription: Modern programming languages provide productivity and portability, but also make it easy to write sloppy code that is not optimized for the compiler. The book will teach you how to write code that will turn into good machine code when executed by a compiler.
#book
❤4
Forwarded from Network books | Magazine (Q)
This media is not supported in your browser
VIEW IN TELEGRAM
👍1
Forwarded from Network books | Magazine (Q)
Cryptography_Algorithms,_Protocols,_and_Standards_for_Computer_Security.pdf
39.8 MB
🔥2👏2👍1🙏1
Forwarded from کانال بایت امن
#Tools
CM64 a x64 freezer/debugger for windows.
Features :
🦅 کانال بایت امن | گروه بایت امن
_
CM64 a x64 freezer/debugger for windows.
Features :
Simple and familiar user interface
Hexbased expression parser
Full-featured kernel memory edit, save and load
Follow jump and back
Memory map
Modules thread view
Register view
Full memory search
Fast assmbler/disassembler (Zydis 4.0.0)
Plugin support with growing API
ASCII/Hex memory dump
Dynamic stack view
Executable patching
Game cheat engine trainer
Full IO ports read and write
Windows service API investigator
Save and load binary files
Virtual / physical address converter and mapper
Full PCI bus viewer
Full kernel drivers structre viewer
Full user mode processes structure viewer
Full system BIOS structure viewer
System ACPI structure viewer
Special boot control featrure
Debug Windows kernel and processes without Windows global flag enabled or any process in debug mode
_
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2👎1👏1
Name: Mach-O Runtime and File Format Reference
#apple #mac #mach_o #paper #book
Requirements: Compiling Steps, C Programming
Level: Intermediate
Author: Apple Inc.
Contents Index:
1 - Overview of Runtime Architecture
2 - Building Mach-O Files
3 - Executing Mach-O Files
4 - Loading Code At Runtime
5 - Runtime Conversations for PowerPC
6 - Data Types
7 - Data Alignment
8 - Stack Structure
9 - Routine Calls
10 - Dynamic Code Generation
11 - Mach-O File Format Reference
12 - Mach-O Header Data Structure
13 - Load Command Data Structures
14 - Symbol Table and Related Data Structures
15 - Relocation Data Structures
16 - Static Archive Libraries
17 - Multi-CPU Architecture Files
#apple #mac #mach_o #paper #book
❤1🔥1