DarkPulse is a shellcode packer written in Go. It is used to generate various shellcode loaders.

https://github.com/fdx-xdf/darkPulse

#malware_dev

Binary Ninja Commercial 4.0.4958 (2024-03-15)

Changelog - https://binary.ninja/changelog/

GoThief

Recently, I encountered such a scenario in an attack and defense game. The target machine accessed the internal application system and was uniformly controlled by VPN. After connecting to VPN, the connection with the external network would be disconnected, resulting in the inability to issue commands in real time. Therefore, I had the idea of developing this small tool. By taking screenshots of the keyboard and recording the clipboard, I could obtain the target's operations after connecting to VPN, and collect sensitive information for the next step of lateral movement.

GitHub

#stealer #malware_dev

Check out the full source code of EagleSpy and tailor it to your preferences.

#source
#malware_analysis
#malware_dev #malware

Mimikatz Overview, Defenses and Detection

#paper

In-memory Obfuscation
cerdit : Djordje Atlialp


https://oldboy21.github.io/posts/2024/05/swappala-why-change-when-you-can-hide/

🔴 ویدیوهای کنفرانس OffensiveCon24 در یوتیوب منتشر شده که میتونید از این لیست پخش بهشون دسترسی داشته باشید.

برای دسترسی به اسلایدها (فعلا 4 موردش پابلیک شده)، میتونید از این لینک استفاده کنید.

#کنفرانس

🆔 @onhex_ir
➡️ ALL Link

Important warning to people who have anonymous activity - on Twitter, Telegram, etc. Don't put a hamster link! Although it only shows the subcategories in the bot, and apparently the person himself does not have the ability to see the account that invited him, but in practice, by checking the api requests, we see that the identity of the inviting person is also known!

credit : Ali , Mohammad Zarchi

source :
https://x.com/ali_r7h/status/1798103831244636261 ,

https://x.com/mhzarchi/status/1798365439262867689

Avoiding Memory Scanners
credit : Kyle Avery

https://kyleavery.com/posts/avoiding-memory-scanners/

hopper 5.15.6 fully cracked for macOS

Heavenly.exe

is the main process that generates the anti-killing loader. It reports viruses normally and does not contain malicious code. To ensure anti-killing performance, the source code is not open. It will be updated to 2.0 later.

GitHub

#kill_AV

Windows PE权威指南
(The Definitive Guide to Windows PE)
#pe #windows

It is in Chinese so if you can translate it i will appreciate @Ke3rNel

Windows PE权威指南
#book

IDA Pro Version 8.3 (with tools, sdk + keygen for x86_x64, ARM, ARM64, PPC, PPC64, and MIPS decompilers! )

#ida
#reverse

Assembly for Hackers from Reza Rashidi

Table of contents
Syntax
Comments
Assembly Language Statements
Syntax of Assembly Language Statements
Example: Hello World Program in Assembly
Compiling and Linking
Sections
Processor Registers
System Calls
Strings
String Instructions
Repetition Prefixes
Numbers
BCD Representation
Instructions:
Conditions
CMP Instruction
Conditional Jump Instructions (Signed Data)
Conditional Jump Instructions (Unsigned Data)
Special Conditional Jump Instructions
Addressing Modes
MOV Instruction
File Handling
Example: Reading from a File
Stack and Memory
Stack and Memory
Tools for Analysis
Code Injection Attack
DLL Injection
APC Injection
Valid Accounts
System Binary Proxy Execution: Rundll32
Reflective code loading
Modify Registry
Process Injection
Mark-Of-The-Web (MOTW) Bypass
Access Token Manipulation
Hijack Execution Flow
Resources

https://redteamrecipe.com/assembly-for-hackers

#assembly
#reverse