Exploit Development:
https://connormcgarr.github.io/ROP2/
#exp
Playing ROP’em COP’em Robots with WriteProcessMemory()
77 minute read
https://connormcgarr.github.io/ROP2/
#exp
🍾2❤1👾1
Forwarded from Order of Six Angles
Техника process Injection на винде, без использования опасных функций (WriteProcessMemory, VirtualAllocEx, ...)
https://undev.ninja/nina-x64-process-injection/
POC
https://github.com/NtRaiseHardError/NINA
https://undev.ninja/nina-x64-process-injection/
POC
https://github.com/NtRaiseHardError/NINA
undev.ninja
NINA: x64 Process Injection
NINA: No Injection, No Allocation x64 Process Injection Technique.
🔥3👾2
Forwarded from Source Byte ( $ᴘ3ᴅʏʟ1)
pe-file-format-compendium-11-by-goppit-arteam.pdf
5.2 MB
👾3❤1
An Introduction to Bypassing User Mode EDR Hooks
Credit: Marcus Hutchins
#Hooking #edr
#malware_dev
Credit: Marcus Hutchins
Whilst this article is designed to stand on its own, if you’re interested, you can find my previous articles on these topics here, here, here and here. Surprisingly, despite all this research being over a decade old, it’s still completely relevant today. The more things change, the more they stay the same, I guess?https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
#Hooking #edr
#malware_dev
🔥2👾2
Introduction global hook and its cases
https://www.programmerall.com/article/21622234988/
Related:
[+] GoHook, Go global keyboard and mouse listener hook
[+] Implementing Global Injection and Hooking in Windows
#Hooking
#malware_dev
https://www.programmerall.com/article/21622234988/
hook, refers to a technique used to advance the use of api intercept and process windows messages. Such as a keyboard hook, the Trojans have a lot of this stuff, monitor your keyboard.
Related:
[+] GoHook, Go global keyboard and mouse listener hook
[+] Implementing Global Injection and Hooking in Windows
#Hooking
#malware_dev
👾3🗿1
Forwarded from zerodaytraining
Patch candidate for Oracle VirtualBox VirtIOCore Buffer Overflow Local Privilege Escalation Vulnerability (Pwn2Own Vancouver 2024 VM Escape exploit)
There was an insufficient check for numbers of in/out data segment denoscriptors supplied by Guest OS into Virtio devices. Check added in virtioCoreR3VirtqAvailBufGet IO processing loop ensures that data sent in by the guest through virtio kernel device modules cannot exceed storage availability in hypervisor memory. Exploit by overflowing buffers in pVirtqBuf-aSegsIn/aSegsOut
@thezdi @OnlyTheDuck @alisaesage
There was an insufficient check for numbers of in/out data segment denoscriptors supplied by Guest OS into Virtio devices. Check added in virtioCoreR3VirtqAvailBufGet IO processing loop ensures that data sent in by the guest through virtio kernel device modules cannot exceed storage availability in hypervisor memory. Exploit by overflowing buffers in pVirtqBuf-aSegsIn/aSegsOut
@thezdi @OnlyTheDuck @alisaesage
👾4👍1
Forwarded from کانال بایت امن
#eBook #WindowsPE #DWORD
🏳️ باز نویسی و ترجمه کتاب Windows PE权威指南
🔥 این کتاب بهطور جامع و مفصل به تحلیل فرمت فایل PE و تکنیکهای برنامهنویسی مرتبط با آن میپردازد و جنبههای مختلف امنیتی و مدیریت پروسس های سیستمی و مکانیسمهای سطح پایین آن را مورد بررسی قرار میدهد.
فصل اول : محیط توسعه Windows PE
تعداد صفحات : 29 صفحه
💎دریافت فصل اول | گیتهاب کتاب
🦅 کانال بایت امن | گروه بایت امن
_
با توجه به تاریخ انتشار کتاب Windows PE权威指南 که به زبان چینی و در سال 2011 به چاپ رسیده است، در بازنویسی این کتاب سعی کردهام مطالب و ابزارهای قدیمی را حذف کنم و از نرمافزارهای به روز و مطالب جدید استفاده کنم. به همین دلیل ممکن است بعضی از موضوعات بهطور کامل تغییر یا جایگزین شوند و یا حتی بر حسب نیاز مطالب جدیدی اضافه گردند.
سطح مطالب این کتاب پیشرفته است و موضوعاتی که مطرح میشوند ممکن است نیاز به داشتن پیشنیاز باشند. به طور مثال، کدنویسی پروژهها به زبان اسمبلی و در محیط برنامهنویسی انجام میشود، بنابراین شما باید زبان اسمبلی را بدانید و با محیط برنامهنویسی به زبان اسمبلی آشنایی داشته باشید. تمرکز این کتاب بر تشریح ساختار فایلهای PE خواهد بود و به آموزش پیشنیازها یا سایر موارد اشاره نخواهیم کرد. با این حال، در هر فصل بخشی تحت عنوان منابع وجود دارد که برای درک و آشنایی بیشتر شما با بعضی مطالب، منابع مناسبی معرفی خواهند شد.
فصل اول : محیط توسعه Windows PE
تعداد صفحات : 29 صفحه
💎دریافت فصل اول | گیتهاب کتاب
_
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥9👍1
Windows-PE-Definitive-Guide-Chapter-01.pdf
2 MB
باز نویسی و ترجمه کتاب Windows PE权威指南 به زبان فارسی از مهندس محمودنیا موسس آکادمی DWORD
@source_byte
#pe #book
@source_byte
#pe #book
🔥4👏4👾3👍1
Forwarded from Cafe Security (Mohammad)
Fuzzer Internals
https://blog.reodus.com/posts/fuzzer-internals-part1/
https://blog.reodus.com/posts/fuzzer-internals-part2/
https://blog.reodus.com/posts/fuzzer-internals-part3/
#fuzzing
https://blog.reodus.com/posts/fuzzer-internals-part1/
https://blog.reodus.com/posts/fuzzer-internals-part2/
https://blog.reodus.com/posts/fuzzer-internals-part3/
#fuzzing
👍3
Forwarded from S.E.Book
• NTFS Files Attributes;
• FuncIn;
• Code Cave;
• Stolen Certificate;
• Redirect Antivirus Website Evading Techniques;
• Shortcut Hiding;
• Disabling Antivirus;
• Adding Antivirus Exception;
• Fake Signature;
• Mark-Of-The-Web (MOTW) Bypass;
• Return Address Spoofing;
• Runtime Function Decryption;
• DLL Unhooking;
- How DLL Unhooking Works;
- Unhooking Strategies;
• Evasion Using Direct Syscalls;
- Key Aspects of This Technique;
- Operational Mechanism;
- Featured Windows APIs;
• Unloading Module With FreeLibrary;
- Operational Overview;
- Key Aspects of This Technique;
- Featured Windows APIs;
• References.
#Malware
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥8👾2❤1
Forwarded from Cafe Security (Mohammad)
The art of Fuzzing: Introduction
https://bushido-sec.com/index.php/2023/06/19/the-art-of-fuzzing/
@cafe_security
https://bushido-sec.com/index.php/2023/06/19/the-art-of-fuzzing/
@cafe_security
Bushido Security
The art of Fuzzing: Introduction. - Bushido Security
This fuzzing introduction cover all the essentials one should know about the art of fuzzing. It explain major concept and illustrate it with and hands-on exercise the reader can follow. In conclusion some hints are given on how to hunt for bugs with fuzzing.
❤6👍2
Forwarded from Order of Six Angles
PE-LiteScan (or PELS) is a simple heuristic analyzer for common PE-anomalies, specifically focusing on the detection of packers and protectors. Designed for Windows and Linux.
https://github.com/DosX-dev/PE-LiteScan
https://github.com/DosX-dev/PE-LiteScan
GitHub
GitHub - DosX-dev/PE-LiteScan: A simple crossplatform heuristic PE-analyzer
A simple crossplatform heuristic PE-analyzer. Contribute to DosX-dev/PE-LiteScan development by creating an account on GitHub.
❤6👍2
Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
🌀Voidgate
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.
🔗 Source
https://github.com/vxCrypt0r/Voidgate
#av #edr #evasion #hwbp #cpp
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.
🔗 Source
https://github.com/vxCrypt0r/Voidgate
#av #edr #evasion #hwbp #cpp
👍4🔥3👾3❤🔥1
Source Byte
gargoyle is a technique for hiding all of a program’s executable code in non-executable memory GitHub Link Blog #malware_dev
This media is not supported in your browser
VIEW IN TELEGRAM
Bypassing PESieve and Moneta (The "easy" way....?)
It contains several parts.
Implementation of gargoyle
+ Blog
+ GitHub
#malware_dev
It contains several parts.
Implementation of gargoyle
Lockd: This is the main Gargoyle component
sRDI-Master: This has been slightly re worked to provide a free mechanism.
test.profile: This sample profile shows required options to work
ShellcodeRDI.py: This is the altered python generator with the new sRDI assembly
+ Blog
+ GitHub
#malware_dev
👾5👍2