OffensiveNotion C2
Blog
How write?
YouTube
---------------------------------------------------------
Related:
Ox-c2
Implementing C2 and it's agent in rust
Helfrix_C2
Basic C2 Server and Agent, Rust Programming
Visit blog!
---------------------------------------------------------
LiNk
From and for our Chinese friends
Rust C2框架LINK分析
link is a command and control framework written in rust
https://github.com/postrequest/link
Enjoy!
#Rust #C2 #maldev
OffensiveNotion combines the capabilities of a post-exploitation agent with the power and comfort of the Notion notetaking application. The agent sends data to and receives commands from your Notion page. Your C2 traffic blends right in as the agent receives instructions and posts results via the Notion developer API. And when your blue team looks for evidence of shenanigans, none will be the wiser.
Blog
How write?
YouTube
---------------------------------------------------------
Related:
Ox-c2
Implementing C2 and it's agent in rust
Helfrix_C2
Basic C2 Server and Agent, Rust Programming
Visit blog!
---------------------------------------------------------
LiNk
Rust C2框架LINK分析
link is a command and control framework written in rust
https://github.com/postrequest/link
learn rust?
Enjoy!
#Rust #C2 #maldev
❤2👍1👾1
What is Loader Lock?
credit : Elliot
https://elliotonsecurity.com/what-is-loader-lock/
credit : Elliot
In Windows, every DLL starts by executing its initialization function known as DllMain. This function runs while internal loader synchronization objects, including loader lock, are held. So, you must be especially careful not to violate a lock hierarchy in your DllMain; otherwise, a deadlock may occur.
https://elliotonsecurity.com/what-is-loader-lock/
👾5
windows-vs-linux-loader-architecture
credit : Elliot
https://github.com/ElliotKillick/windows-vs-linux-loader-architecture
credit : Elliot
The intentions of this document are to:
- Compare the Windows, Linux, and sometimes MacOS loaders
- Provide perspective on architectural and ecosystem differences as well as how they coincide with the loader
- Including experiments on how flexible or rigid they are with what can safely be done during module initialization (with the loader's internal locks held)
- Formally document how a modern Windows loader supports concurrency
- Current open source Windows implementations, including Wine and ReactOS, perform locking similar to the legacy Windows loader (they presently don't support the "parallel loading" ability present in a modern Windows loader)
- Educate, satisfy curiosity, and help fellow reverse engineers
https://github.com/ElliotKillick/windows-vs-linux-loader-architecture
🔥2👾2
Exploit Development:
https://connormcgarr.github.io/ROP2/
#exp
Playing ROP’em COP’em Robots with WriteProcessMemory()
77 minute read
https://connormcgarr.github.io/ROP2/
#exp
🍾2❤1👾1
Forwarded from Order of Six Angles
Техника process Injection на винде, без использования опасных функций (WriteProcessMemory, VirtualAllocEx, ...)
https://undev.ninja/nina-x64-process-injection/
POC
https://github.com/NtRaiseHardError/NINA
https://undev.ninja/nina-x64-process-injection/
POC
https://github.com/NtRaiseHardError/NINA
undev.ninja
NINA: x64 Process Injection
NINA: No Injection, No Allocation x64 Process Injection Technique.
🔥3👾2
Forwarded from Source Byte ( $ᴘ3ᴅʏʟ1)
pe-file-format-compendium-11-by-goppit-arteam.pdf
5.2 MB
👾3❤1
An Introduction to Bypassing User Mode EDR Hooks
Credit: Marcus Hutchins
#Hooking #edr
#malware_dev
Credit: Marcus Hutchins
Whilst this article is designed to stand on its own, if you’re interested, you can find my previous articles on these topics here, here, here and here. Surprisingly, despite all this research being over a decade old, it’s still completely relevant today. The more things change, the more they stay the same, I guess?https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
#Hooking #edr
#malware_dev
🔥2👾2
Introduction global hook and its cases
https://www.programmerall.com/article/21622234988/
Related:
[+] GoHook, Go global keyboard and mouse listener hook
[+] Implementing Global Injection and Hooking in Windows
#Hooking
#malware_dev
https://www.programmerall.com/article/21622234988/
hook, refers to a technique used to advance the use of api intercept and process windows messages. Such as a keyboard hook, the Trojans have a lot of this stuff, monitor your keyboard.
Related:
[+] GoHook, Go global keyboard and mouse listener hook
[+] Implementing Global Injection and Hooking in Windows
#Hooking
#malware_dev
👾3🗿1
Forwarded from zerodaytraining
Patch candidate for Oracle VirtualBox VirtIOCore Buffer Overflow Local Privilege Escalation Vulnerability (Pwn2Own Vancouver 2024 VM Escape exploit)
There was an insufficient check for numbers of in/out data segment denoscriptors supplied by Guest OS into Virtio devices. Check added in virtioCoreR3VirtqAvailBufGet IO processing loop ensures that data sent in by the guest through virtio kernel device modules cannot exceed storage availability in hypervisor memory. Exploit by overflowing buffers in pVirtqBuf-aSegsIn/aSegsOut
@thezdi @OnlyTheDuck @alisaesage
There was an insufficient check for numbers of in/out data segment denoscriptors supplied by Guest OS into Virtio devices. Check added in virtioCoreR3VirtqAvailBufGet IO processing loop ensures that data sent in by the guest through virtio kernel device modules cannot exceed storage availability in hypervisor memory. Exploit by overflowing buffers in pVirtqBuf-aSegsIn/aSegsOut
@thezdi @OnlyTheDuck @alisaesage
👾4👍1
Forwarded from کانال بایت امن
#eBook #WindowsPE #DWORD
🏳️ باز نویسی و ترجمه کتاب Windows PE权威指南
🔥 این کتاب بهطور جامع و مفصل به تحلیل فرمت فایل PE و تکنیکهای برنامهنویسی مرتبط با آن میپردازد و جنبههای مختلف امنیتی و مدیریت پروسس های سیستمی و مکانیسمهای سطح پایین آن را مورد بررسی قرار میدهد.
فصل اول : محیط توسعه Windows PE
تعداد صفحات : 29 صفحه
💎دریافت فصل اول | گیتهاب کتاب
🦅 کانال بایت امن | گروه بایت امن
_
با توجه به تاریخ انتشار کتاب Windows PE权威指南 که به زبان چینی و در سال 2011 به چاپ رسیده است، در بازنویسی این کتاب سعی کردهام مطالب و ابزارهای قدیمی را حذف کنم و از نرمافزارهای به روز و مطالب جدید استفاده کنم. به همین دلیل ممکن است بعضی از موضوعات بهطور کامل تغییر یا جایگزین شوند و یا حتی بر حسب نیاز مطالب جدیدی اضافه گردند.
سطح مطالب این کتاب پیشرفته است و موضوعاتی که مطرح میشوند ممکن است نیاز به داشتن پیشنیاز باشند. به طور مثال، کدنویسی پروژهها به زبان اسمبلی و در محیط برنامهنویسی انجام میشود، بنابراین شما باید زبان اسمبلی را بدانید و با محیط برنامهنویسی به زبان اسمبلی آشنایی داشته باشید. تمرکز این کتاب بر تشریح ساختار فایلهای PE خواهد بود و به آموزش پیشنیازها یا سایر موارد اشاره نخواهیم کرد. با این حال، در هر فصل بخشی تحت عنوان منابع وجود دارد که برای درک و آشنایی بیشتر شما با بعضی مطالب، منابع مناسبی معرفی خواهند شد.
فصل اول : محیط توسعه Windows PE
تعداد صفحات : 29 صفحه
💎دریافت فصل اول | گیتهاب کتاب
_
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥9👍1
Windows-PE-Definitive-Guide-Chapter-01.pdf
2 MB
باز نویسی و ترجمه کتاب Windows PE权威指南 به زبان فارسی از مهندس محمودنیا موسس آکادمی DWORD
@source_byte
#pe #book
@source_byte
#pe #book
🔥4👏4👾3👍1
Forwarded from Cafe Security (Mohammad)
Fuzzer Internals
https://blog.reodus.com/posts/fuzzer-internals-part1/
https://blog.reodus.com/posts/fuzzer-internals-part2/
https://blog.reodus.com/posts/fuzzer-internals-part3/
#fuzzing
https://blog.reodus.com/posts/fuzzer-internals-part1/
https://blog.reodus.com/posts/fuzzer-internals-part2/
https://blog.reodus.com/posts/fuzzer-internals-part3/
#fuzzing
👍3
Forwarded from S.E.Book
• NTFS Files Attributes;
• FuncIn;
• Code Cave;
• Stolen Certificate;
• Redirect Antivirus Website Evading Techniques;
• Shortcut Hiding;
• Disabling Antivirus;
• Adding Antivirus Exception;
• Fake Signature;
• Mark-Of-The-Web (MOTW) Bypass;
• Return Address Spoofing;
• Runtime Function Decryption;
• DLL Unhooking;
- How DLL Unhooking Works;
- Unhooking Strategies;
• Evasion Using Direct Syscalls;
- Key Aspects of This Technique;
- Operational Mechanism;
- Featured Windows APIs;
• Unloading Module With FreeLibrary;
- Operational Overview;
- Key Aspects of This Technique;
- Featured Windows APIs;
• References.
#Malware
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥8👾2❤1
Forwarded from Cafe Security (Mohammad)
The art of Fuzzing: Introduction
https://bushido-sec.com/index.php/2023/06/19/the-art-of-fuzzing/
@cafe_security
https://bushido-sec.com/index.php/2023/06/19/the-art-of-fuzzing/
@cafe_security
Bushido Security
The art of Fuzzing: Introduction. - Bushido Security
This fuzzing introduction cover all the essentials one should know about the art of fuzzing. It explain major concept and illustrate it with and hands-on exercise the reader can follow. In conclusion some hints are given on how to hunt for bugs with fuzzing.
❤6👍2