Forwarded from Frey
👍13
Forwarded from Frey
rockyou2024.zip.011
3.9 GB
rockyou2024.zip.011
rockyou2024.zip.012
2.6 GB
rockyou2024.zip.012
👍12
Research into removing strings & API call references at compile-time (Anti-Analysis)
GitHub
GitHub
An example in C/C++ of how we can remove static string & function call references by using obfuscation paired with runtime function pointers. As a result, static analysis using tools such as IDA or x64Dbg increases in time/difficulty. You may be able to hide specific API calls from anti-malware systems. On the other hand, some AVs might also flag this behavior as being malicious due to there being a lack of "real looking behavior" in the binary.#malware_dev #evasion
👍4❤3👾2🔥1
CBS - Custom Breakpoint Setter
This is an IDA Plugin powered by Python that sets a disabled breakpoint on specific instruction's mnemonic.
credit : AmirMohammad Jahangirzad
https://github.com/Reodus/CBS
This is an IDA Plugin powered by Python that sets a disabled breakpoint on specific instruction's mnemonic.
credit : AmirMohammad Jahangirzad
https://github.com/Reodus/CBS
👍3❤2👏2
Forwarded from Source Chat (Friend)
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Bauka
Zhassulan_Zhussupov_Malware_Development_for_Ethical_Hackers_Learn.pdf
51.5 MB
Zhassulan_Zhussupov_Malware_Development_for_Ethical_Hackers_Learn.pdf
👍9👎6🤣2
Red Team infrastructure hardening resources
[+] GitHub
[ Slides ]
#c2 #redteam
[+] GitHub
This wiki is intended to provide a resource for setting up a resilient Red Team infrastructure. It was made to complement Steve Borosh (@424f424f) and Jeff Dimmock's (@bluscreenofjeff) BSides NoVa 2017 talk "Doomsday Preppers: Fortifying Your Red Team Infrastructure" (slides)
[ Slides ]
#c2 #redteam
❤6👍4🔥2🍾1
This media is not supported in your browser
VIEW IN TELEGRAM
Silently install Chrome extensions by modifying the configuration file
https://syntax-err0r.github.io/Silently_Install_Chrome_Extension.html
#chrome #extension
In practice, Chrome usually turns on remote debugging, which is a very risky approach.
https://syntax-err0r.github.io/Silently_Install_Chrome_Extension.html
#chrome #extension
🔥7👍2
IAT-Tracer V2
IAT-Tracer V2 is a plugin for Tiny-Tracer framework
credit : Yoav Levi
https://github.com/YoavLevi/IAT-Tracer
IAT-Tracer V2 is a plugin for Tiny-Tracer framework
Now, you can automatically trace and watch any Windows API function a binary uses, whether imported or *dynamically resolved*.
credit : Yoav Levi
https://github.com/YoavLevi/IAT-Tracer
❤4👍3
Windows Internals Learning Resources
credit : Patrick Matula
A summary of learning resources in the categories:
https://github.com/pmatula/Windows-Internals-Learning-Resources
credit : Patrick Matula
A summary of learning resources in the categories:
+ Windows Internals
+ Windows Debugging and Troubleshooting
+ Windows Performance
+ Windows Programming
https://github.com/pmatula/Windows-Internals-Learning-Resources
🔥6👍1
https://github.com/mgeeky/ProtectMyTooling
Holy tool for red teamers
Holy tool for red teamers
GitHub
GitHub - mgeeky/ProtectMyTooling: Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented…
Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You fe...
🔥9👍2❤1
Emulating inline decryption for triaging C++ malware
[ Blog ]
#malware_analysis
[ Blog ]
References
Glory Sprout string decryptor:
gsprout_string_decryption.py
Glory Sprout Hash resolver:
gsprout_api_resolver.py
GlorySprout sample:
Malwarebazaar
Insight from GlorySprout and Taurus Stelaer:
RussianPanda Research Blog
Let’s play (again) with Predator the thief
An In-Depth analysis of the new Taurus Stealer
#malware_analysis
👍4❤2🤷♂1
Unauthenticated SSRF on Havoc C2 teamserver via spoofed demon agent
Credit : Evan Ikeda
https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/
Credit : Evan Ikeda
https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/
👾6👍1