From secret images to encryption keys.
credit : HOSEIN. YAVARZADEH
https://thecyberwire.com/podcasts/research-saturday/330/notes
The research can be found here:
Graph: Growing number of threats leveraging Microsoft API
credit : HOSEIN. YAVARZADEH
This week, we are joined by Hosein Yavarzadeh from the University of California San Diego, as he is discussing his work on "Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor" This paper introduces new methods that let attackers read from and write to specific parts of high-performance CPUs, such as the path history register (PHR) and prediction history tables (PHTs).
https://thecyberwire.com/podcasts/research-saturday/330/notes
The research can be found here:
Graph: Growing number of threats leveraging Microsoft API
👍5
Source Byte
From secret images to encryption keys. credit : HOSEIN. YAVARZADEH This week, we are joined by Hosein Yavarzadeh from the University of California San Diego, as he is discussing his work on "Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional…
This media is not supported in your browser
VIEW IN TELEGRAM
👾Lets Create An EDR… And Bypass It!
Part 1
Part 2
--------------------------------------------------------------
Related stuff:
[+] An Introduction to Bypassing User Mode EDR Hooks
[+] Blinding EDR On Windows
[+] How your EDR actually works
#EDR
Part 1
Part 2
--------------------------------------------------------------
Related stuff:
∆ Simple EDR In Nim
∆ EDR IS BY NO MEANS THE FINAL SOLUTION [ Blog ]
∆ A brief analysis of EDR architecture - taking Windows platform as an example [ Blog ]
∆ Summary of all EDR bypass methods found so far [ blog ]
[+] An Introduction to Bypassing User Mode EDR Hooks
[+] Blinding EDR On Windows
[+] How your EDR actually works
#EDR
👾4❤1🤨1
⎙ Windows internals
≣ Notes 1
≣ Notes 2
≣ Windows Internals Research Tips
≣ 9 Days: Learn windows internals
#internals #windows
⎗ Notes On Process in windows
≣ Notes 1
≣ Notes 2
≣ Windows Internals Research Tips
≣ 9 Days: Learn windows internals
#internals #windows
👾6👍3
Forwarded from Order of Six Angles
Свежак! Каждый найдет для себя что-то интересное
Collection of Golang projects designed specifically for red teamers
x86 Real-Mode MS-DOS Emulator using Windows Hypervisor Platform
How a Clever 1960s Memory Trick Changed Computing (видео)
Provides automated reverse engineering assistance through the use of local large language models (LLMs) on consumer hardware.
Fuzzer Development 4: Snapshots, Code-Coverage, and Fuzzing
My iOS Web Hacking Setup - Surge, Termius, and Caido
LLM for automated hacking (набор ссылок)
Exploiting Trend Micro EDR
ChatGPT's Advanced Data Analysis and Code Execution - Experiments
Офигеная статья по внутренностям китайского иб
Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation
How To Use Dumpulator For Malware Analysis
Writing an IR (intermidiate representation) from Scratch ( Android analysis tool)
Obfuscate the payload while simultaneously lowering its entropy
Incremental Symbolic Execution for the Clang Static Analyzer (видео) (слайды)
Collection of Golang projects designed specifically for red teamers
x86 Real-Mode MS-DOS Emulator using Windows Hypervisor Platform
How a Clever 1960s Memory Trick Changed Computing (видео)
Provides automated reverse engineering assistance through the use of local large language models (LLMs) on consumer hardware.
Fuzzer Development 4: Snapshots, Code-Coverage, and Fuzzing
My iOS Web Hacking Setup - Surge, Termius, and Caido
LLM for automated hacking (набор ссылок)
Exploiting Trend Micro EDR
ChatGPT's Advanced Data Analysis and Code Execution - Experiments
Офигеная статья по внутренностям китайского иб
Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation
How To Use Dumpulator For Malware Analysis
Writing an IR (intermidiate representation) from Scratch ( Android analysis tool)
Obfuscate the payload while simultaneously lowering its entropy
Incremental Symbolic Execution for the Clang Static Analyzer (видео) (слайды)
👍7🍾2
PHP7 Internals - Become a Wizard
credit : faulty *ptrrr
Welcome to the PHP Internals Hub - If you ever wondered about how PHP works internally and how you can exploit it: this is where you should start.
In this repo, I show basic and advanced exploitation in PHP (some of the bugs reported by me). In every "chapter", you'll learn a little bit more about PHP Internals from an infosec perspective.
https://github.com/0xbigshaq/php7-internals
———
#CVE-2020-7066 , #CVE-2020-7067 , #CVE-2020-10872 , #CVE-2020-10873 , #CVE-2018-12882 , #CVE-2018-12882
credit : faulty *ptrrr
Welcome to the PHP Internals Hub - If you ever wondered about how PHP works internally and how you can exploit it: this is where you should start.
In this repo, I show basic and advanced exploitation in PHP (some of the bugs reported by me). In every "chapter", you'll learn a little bit more about PHP Internals from an infosec perspective.
https://github.com/0xbigshaq/php7-internals
———
#CVE-2020-7066 , #CVE-2020-7067 , #CVE-2020-10872 , #CVE-2020-10873 , #CVE-2018-12882 , #CVE-2018-12882
👍6❤2
Best Active Directory Resources ^ ⌃
⍰ Just open it
⍰ I think it's enough!
Mini book
https://0xsp.com/offensive/active-directory-attack-defense/
#ad #active_directory #windows
⍰ Just open it
Twitter : @zer1t0
⊞ Attacking Active Directory: 0 to 0.9
⍰ I think it's enough!
LinkedIn: Sean Metcalf
His Blog:
⊞ https://adsecurity.org/
His Compony:
⊞ https://www.trimarcsecurity.com/research
Mini book
https://0xsp.com/offensive/active-directory-attack-defense/
#ad #active_directory #windows
👾7🔥4❤1
This media is not supported in your browser
VIEW IN TELEGRAM
Julian assange is free ;)
🔥13🕊3👍2🤯1🙏1🌭1
June 11th a Microsoft engineer accidentally leaked 4GB of Microsoft PlayReady internal code. It was leaked on the Microsoft Developer Community. The leak includes:
- WarBird configurations
- WarBird libraries for code obfuscation functionality
- Libraries with symbolic information related to PlayReady
Researchers from AG Security Research Lab were able to successfully build the Windows PlayReady dll library from the leaked code. Interestingly, they were assisted because on the Microsoft Developer Community forum a user also provided step-by-step instructions on how to begin the build process.
Also, interestingly, interestingly, the Microsoft Symbol Server doesn't block requests for PDB files corresponding to Microsoft WarBird libraries, which inadvertently leaks more information.
Adam Gowdiak of AG Security Research Lab reported the issue and Microsoft removed the forum post. However, as of this writing, the download link is still active.
File listing is below. Forums screenshots are attached. All information discovered by AG Security Research Lab
File listing: https://pastebin.com/raw/i65qfd2z
- WarBird configurations
- WarBird libraries for code obfuscation functionality
- Libraries with symbolic information related to PlayReady
Researchers from AG Security Research Lab were able to successfully build the Windows PlayReady dll library from the leaked code. Interestingly, they were assisted because on the Microsoft Developer Community forum a user also provided step-by-step instructions on how to begin the build process.
Also, interestingly, interestingly, the Microsoft Symbol Server doesn't block requests for PDB files corresponding to Microsoft WarBird libraries, which inadvertently leaks more information.
Adam Gowdiak of AG Security Research Lab reported the issue and Microsoft removed the forum post. However, as of this writing, the download link is still active.
File listing is below. Forums screenshots are attached. All information discovered by AG Security Research Lab
File listing: https://pastebin.com/raw/i65qfd2z
👍6
Source Byte
Julian assange is free ;)
This media is not supported in your browser
VIEW IN TELEGRAM
welcome back :)
🔥7👍4🤡1🤣1
What is a "control-flow flattening" obfuscation technique?
https://reverseengineering.stackexchange.com/questions/2221/what-is-a-control-flow-flattening-obfuscation-technique
#malware_dev
https://reverseengineering.stackexchange.com/questions/2221/what-is-a-control-flow-flattening-obfuscation-technique
#malware_dev
🤯9😁3👾1