Important warning to people who have anonymous activity - on Twitter, Telegram, etc. Don't put a hamster link! Although it only shows the subcategories in the bot, and apparently the person himself does not have the ability to see the account that invited him, but in practice, by checking the api requests, we see that the identity of the inviting person is also known!
credit : Ali , Mohammad Zarchi
source :
https://x.com/ali_r7h/status/1798103831244636261 ,
https://x.com/mhzarchi/status/1798365439262867689
credit : Ali , Mohammad Zarchi
source :
https://x.com/ali_r7h/status/1798103831244636261 ,
https://x.com/mhzarchi/status/1798365439262867689
❤3
8.3.7z
852.4 MB
IDA Pro Version 8.3 (with tools, sdk + keygen for x86_x64, ARM, ARM64, PPC, PPC64, and MIPS decompilers! )
#ida
#reverse
#ida
#reverse
Assembly for Hackers from Reza Rashidi
https://redteamrecipe.com/assembly-for-hackers
#assembly
#reverse
Table of contents
Syntax
Comments
Assembly Language Statements
Syntax of Assembly Language Statements
Example: Hello World Program in Assembly
Compiling and Linking
Sections
Processor Registers
System Calls
Strings
String Instructions
Repetition Prefixes
Numbers
BCD Representation
Instructions:
Conditions
CMP Instruction
Conditional Jump Instructions (Signed Data)
Conditional Jump Instructions (Unsigned Data)
Special Conditional Jump Instructions
Addressing Modes
MOV Instruction
File Handling
Example: Reading from a File
Stack and Memory
Stack and Memory
Tools for Analysis
Code Injection Attack
DLL Injection
APC Injection
Valid Accounts
System Binary Proxy Execution: Rundll32
Reflective code loading
Modify Registry
Process Injection
Mark-Of-The-Web (MOTW) Bypass
Access Token Manipulation
Hijack Execution Flow
Resources
https://redteamrecipe.com/assembly-for-hackers
#assembly
#reverse
Forwarded from Sina
Hello everyone,
I've made a somehow big update in the HyperDbg. Now, it utilizes a dedicated HOST IDT and HOST GDT, different than the Windows IDT/GDT. This update will address a specific category of bypasses for HyperDbg, although there are still many bypasses to address. This change influences the handling of interrupts, especially NMIs for halting cores in VMX root-mode. lt may introduce instability issues in various systems, potentially leading to crashes. If you're using HyperDbg, please switch to the 'dev' branch and re-build and test it to help us identify any problems. Currently, it works well on my 12th Gen machine, but I'm uncertain if it's universally stable. If you encounter any crashes or BSODs, please notify me before the release of v0.9 (the next version). The best way to test it is using events (EPT hooks) with a high rate of execution (e.g., using !epthook on nt!ExAllocatePoolWithTag and meanwhile pause the debuggee).
The 'dev' branch:
https://github.com/HyperDbg/HyperDbg/tree/dev
GitHub built artifact for those who can't build:
https://github.com/HyperDbg/HyperDbg/actions/runs/9384856535
I've made a somehow big update in the HyperDbg. Now, it utilizes a dedicated HOST IDT and HOST GDT, different than the Windows IDT/GDT. This update will address a specific category of bypasses for HyperDbg, although there are still many bypasses to address. This change influences the handling of interrupts, especially NMIs for halting cores in VMX root-mode. lt may introduce instability issues in various systems, potentially leading to crashes. If you're using HyperDbg, please switch to the 'dev' branch and re-build and test it to help us identify any problems. Currently, it works well on my 12th Gen machine, but I'm uncertain if it's universally stable. If you encounter any crashes or BSODs, please notify me before the release of v0.9 (the next version). The best way to test it is using events (EPT hooks) with a high rate of execution (e.g., using !epthook on nt!ExAllocatePoolWithTag and meanwhile pause the debuggee).
The 'dev' branch:
https://github.com/HyperDbg/HyperDbg/tree/dev
GitHub built artifact for those who can't build:
https://github.com/HyperDbg/HyperDbg/actions/runs/9384856535
GitHub
GitHub - HyperDbg/HyperDbg at dev
State-of-the-art native debugging tools. Contribute to HyperDbg/HyperDbg development by creating an account on GitHub.
❤7👍1
fuzzer-internals from One of my lovely friends
https://blog.reodus.com/posts/fuzzer-internals-part1/
#fuzzer
#internals
https://blog.reodus.com/posts/fuzzer-internals-part1/
#fuzzer
#internals
Malware Development, Analysis and DFIR Series PART III
credit : Nithin Chenthur Prabhu
Delve into Windows Memory Internals! Explore virtual address spaces, process internals and memory models for a deeper understanding of memory forensics & malware analysis!
https://azr43lkn1ght.github.io/Malware Development, Analysis and DFIR Series
credit : Nithin Chenthur Prabhu
Delve into Windows Memory Internals! Explore virtual address spaces, process internals and memory models for a deeper understanding of memory forensics & malware analysis!
https://azr43lkn1ght.github.io/Malware Development, Analysis and DFIR Series
❤5
SWAPPALA and Reflective DLL
credit : Kyle Avery
https://oldboy21.github.io/posts/2024/06/sleaping-issues-swappala-and-reflective-dll-friends-forever/
credit : Kyle Avery
https://oldboy21.github.io/posts/2024/06/sleaping-issues-swappala-and-reflective-dll-friends-forever/
❤3
چند تا write-up درباره باگهایی که از کرنل Linux/Windows/macOS گزارش دادم و چگونه فازر کردنشون
رو تو وبلاگم 👇 اینجا نوشتم. پست جدیدم رو هم به زودی همینجا مینویسم.
R00tkitSMM-> میثم فیروزی
https://r00tkitsmm.github.io/?s=09
رو تو وبلاگم 👇 اینجا نوشتم. پست جدیدم رو هم به زودی همینجا مینویسم.
R00tkitSMM
https://r00tkitsmm.github.io/?s=09
Forwarded from Network books | Magazine (Q)
This media is not supported in your browser
VIEW IN TELEGRAM
👍3
Forwarded from Network books | Magazine (Q)
Programming with Rust (Donis Marshall).pdf
2.5 MB
🥰4👾4👍3👀1
Into the Rabbit Hole – Offensive DNS Tunneling Rootkits
Dns Tunneling
#Tunneling #exfiltration #DNS #Rootkit
Dns Tunneling
#Tunneling #exfiltration #DNS #Rootkit
REvil_full.pdf
36.1 MB
A Detailed Analysis of The Last Version of REvil Ransomware
Prepared by: Vlad Pasca
Senior Malware and Threat Analyst
#REvil #malware_analysis
Prepared by: Vlad Pasca
Senior Malware and Threat Analyst
Table of contents
Executive summary 2
Analysis and findings 2
Thread activity – sub_1282EA7 function 37
Thread activity – sub_1287677 function 37
Thread activity – sub_1284468 function 41
Thread activity – sub_12841D3 function 44
Running with the -smode parameter 48
Running with the -silent parameter 51
Running with the -path parameter 51
Running with the -nolan parameter 51
Running with the -nolocal parameter 51
Running with the -fast parameter 51
Running with the -full parameter 51
Indicators of Compromise 51
Appendix 52
#REvil #malware_analysis
OffensiveNotion C2
Blog
How write?
YouTube
---------------------------------------------------------
Related:
Ox-c2
Implementing C2 and it's agent in rust
Helfrix_C2
Basic C2 Server and Agent, Rust Programming
Visit blog!
---------------------------------------------------------
LiNk
From and for our Chinese friends
Rust C2框架LINK分析
link is a command and control framework written in rust
https://github.com/postrequest/link
Enjoy!
#Rust #C2 #maldev
OffensiveNotion combines the capabilities of a post-exploitation agent with the power and comfort of the Notion notetaking application. The agent sends data to and receives commands from your Notion page. Your C2 traffic blends right in as the agent receives instructions and posts results via the Notion developer API. And when your blue team looks for evidence of shenanigans, none will be the wiser.
Blog
How write?
YouTube
---------------------------------------------------------
Related:
Ox-c2
Implementing C2 and it's agent in rust
Helfrix_C2
Basic C2 Server and Agent, Rust Programming
Visit blog!
---------------------------------------------------------
LiNk
Rust C2框架LINK分析
link is a command and control framework written in rust
https://github.com/postrequest/link
learn rust?
Enjoy!
#Rust #C2 #maldev
❤2👍1👾1
What is Loader Lock?
credit : Elliot
https://elliotonsecurity.com/what-is-loader-lock/
credit : Elliot
In Windows, every DLL starts by executing its initialization function known as DllMain. This function runs while internal loader synchronization objects, including loader lock, are held. So, you must be especially careful not to violate a lock hierarchy in your DllMain; otherwise, a deadlock may occur.
https://elliotonsecurity.com/what-is-loader-lock/
👾5
windows-vs-linux-loader-architecture
credit : Elliot
https://github.com/ElliotKillick/windows-vs-linux-loader-architecture
credit : Elliot
The intentions of this document are to:
- Compare the Windows, Linux, and sometimes MacOS loaders
- Provide perspective on architectural and ecosystem differences as well as how they coincide with the loader
- Including experiments on how flexible or rigid they are with what can safely be done during module initialization (with the loader's internal locks held)
- Formally document how a modern Windows loader supports concurrency
- Current open source Windows implementations, including Wine and ReactOS, perform locking similar to the legacy Windows loader (they presently don't support the "parallel loading" ability present in a modern Windows loader)
- Educate, satisfy curiosity, and help fellow reverse engineers
https://github.com/ElliotKillick/windows-vs-linux-loader-architecture
🔥2👾2