CrowdStrike Thread Actor Database

The Security Principle Every Attacker Needs to Follow
Credit : Elad Shamir

I decided to focus on “Identity-Driven Offensive Tradecraft”, in this post, I will explain what I mean by that and why it is so central to attack paths and red team operations. 

https://posts.specterops.io/the-security-principle-every-attacker-needs-to-follow-905cc94ddfc6

THREAD NAME-CALLING – USING THREAD NAME FOR OFFENSE

https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/

[ GitHub ]


Also check:
1- Atom Bombing technique 2016
2- Pool Party 2023
3-“Windows Process Injection in 2019” by Amit Klein and Itzik Kotler

Inside the Python

DLL Hijacking Overview.pdf

[ 1 ] From a Windows driver to a fully functionnal driver.
In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR.

https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/



[ 2 ] internal mecanisms of EDR's :

https://www.youtube.com/watch?v=yacpjV6kWpM&t=387s


[ 3 ] MyDumbEDR ( written in C )

https://github.com/sensepost/mydumbedr


———
@islemolecule_source

series on virtualization technologies and internals of various solutions (QEMU, Xen and VMWare)
Credit: @LordNoteworthy

[ 0 ] Intro: virtualization internals part 1 intro to virtualization
[ 1 ] VMWare: Virtualization Internals Part 2 - VMWare and Full Virtualization using Binary Translation
[ 2 ] Xen: Virtualization Internals Part 3 - Xen and Paravirtualization
[ 4 ] QEMU: Virtualization Internals Part 4 - QEMU

——-

related posts :
[ 0 ] Writing a simple 16 bit VM in less than 125 lines of C
[ 1 ] Write your Own Virtual Machine
[ 2 ] notes on vm and qemu escape exploit
[ 3 ] notes on VMware escape exploits by version
[ 4 ] Unpack VMProtect



#VM , #cve_analysis , #VM_internals
—-
https://news.1rj.ru/str/Source_byte

APT1

aka: Brown Fox, Byzantine Candor, COMMENT PANDA, Comment Crew, Comment Group, G0006, GIF89a, Group 3, PLA Unit 61398, ShadyRAT, TG-8223

PLA Unit 61398 (Chinese: 61398部队, Pinyin: 61398 bùduì) is the Military Unit Cover Designator (MUCD)[1] of a People's Liberation Army advanced persistent threat unit that has been alleged to be a source of Chinese computer hacking attacks


* Download samples *

#APT #APT1 #PAPER

hell yeah , my teacher MR.Amirheidari achieved rank 72 on microsoft's MSRC leaderboard

i think i have more excitement than he has 😂

https://msrc.microsoft.com/leaderboard

I'm not really a reverse engineer 🤷‍♂

Understanding ETW Patching
Credit: jsecurity101

https://jsecurity101.medium.com/understanding-etw-patching-9f5af87f9d7b

#internals #windows #ETW

APC Series: User APC Internals
Credit: @0xrepnz

https://repnz.github.io/posts/apc/kernel-user-apc-api

#windows #internals #apc #note

Powershell AMSI Bypass technique via Vectored Exception Handler (VEH).

This technique does not perform assembly instruction patching, function hooking or Import Address Table (IAT) modification.

https://github.com/vxCrypt0r/AMSI_VEH