🔑 RockYou2024: 10 billion passwords leaked in the largest compilation of all time

Researchers discovered what appears to be the largest password compilation with a staggering 9,948,575,739 unique plaintext password

🔗 Source:
https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/

🔗 Source archive:
https://fastupload.io/1824d409732f30be

#wordlist #rockyou #passwords

Research into removing strings & API call references at compile-time (Anti-Analysis)
GitHub

An example in C/C++ of how we can remove static string & function call references by using obfuscation paired with runtime function pointers. As a result, static analysis using tools such as IDA or x64Dbg increases in time/difficulty. You may be able to hide specific API calls from anti-malware systems. On the other hand, some AVs might also flag this behavior as being malicious due to there being a lack of "real looking behavior" in the binary.

#malware_dev #evasion

CBS - Custom Breakpoint Setter
This is an IDA Plugin powered by Python that sets a disabled breakpoint on specific instruction's mnemonic.

credit : AmirMohammad Jahangirzad

https://github.com/Reodus/CBS

Zhassulan_Zhussupov_Malware_Development_for_Ethical_Hackers_Learn.pdf

Red Team infrastructure hardening resources
[+] GitHub

This wiki is intended to provide a resource for setting up a resilient Red Team infrastructure. It was made to complement Steve Borosh (@424f424f) and Jeff Dimmock's (@bluscreenofjeff) BSides NoVa 2017 talk "Doomsday Preppers: Fortifying Your Red Team Infrastructure" (slides)

[ Slides ]

#c2 #redteam

Silently install Chrome extensions by modifying the configuration file

In practice, Chrome usually turns on remote debugging, which is a very risky approach.

https://syntax-err0r.github.io/Silently_Install_Chrome_Extension.html

#chrome #extension