The Security Principle Every Attacker Needs to Follow
Credit : Elad Shamir
https://posts.specterops.io/the-security-principle-every-attacker-needs-to-follow-905cc94ddfc6
Credit : Elad Shamir
I decided to focus on “Identity-Driven Offensive Tradecraft”, in this post, I will explain what I mean by that and why it is so central to attack paths and red team operations.
https://posts.specterops.io/the-security-principle-every-attacker-needs-to-follow-905cc94ddfc6
👍5
THREAD NAME-CALLING – USING THREAD NAME FOR OFFENSE
https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/
[ GitHub ]
Also check:
1- Atom Bombing technique 2016
2- Pool Party 2023
3-“Windows Process Injection in 2019” by Amit Klein and Itzik Kotler
https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/
[ GitHub ]
Also check:
1- Atom Bombing technique 2016
2- Pool Party 2023
3-“Windows Process Injection in 2019” by Amit Klein and Itzik Kotler
👍4🔥4
Forwarded from Source Chat (Friend)
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Source Byte (Anastasia 🐞)
[ 1 ] From a Windows driver to a fully functionnal driver.
In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR.
https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
[ 2 ] internal mecanisms of EDR's :
https://www.youtube.com/watch?v=yacpjV6kWpM&t=387s
[ 3 ] MyDumbEDR ( written in C )
https://github.com/sensepost/mydumbedr
———
@islemolecule_source
In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR.
https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
[ 2 ] internal mecanisms of EDR's :
https://www.youtube.com/watch?v=yacpjV6kWpM&t=387s
[ 3 ] MyDumbEDR ( written in C )
https://github.com/sensepost/mydumbedr
———
@islemolecule_source
❤5👍2👎1
Forwarded from Source Chat (GOJO)
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Source Byte (Anastasia 🐞)
series on virtualization technologies and internals of various solutions (QEMU, Xen and VMWare)
Credit: @LordNoteworthy
[ 0 ] Intro: virtualization internals part 1 intro to virtualization
[ 1 ] VMWare: Virtualization Internals Part 2 - VMWare and Full Virtualization using Binary Translation
[ 2 ] Xen: Virtualization Internals Part 3 - Xen and Paravirtualization
[ 4 ] QEMU: Virtualization Internals Part 4 - QEMU
——-
related posts :
[ 0 ] Writing a simple 16 bit VM in less than 125 lines of C
[ 1 ] Write your Own Virtual Machine
[ 2 ] notes on vm and qemu escape exploit
[ 3 ] notes on VMware escape exploits by version
[ 4 ] Unpack VMProtect
#VM , #cve_analysis , #VM_internals
—-
https://news.1rj.ru/str/Source_byte
Credit: @LordNoteworthy
[ 0 ] Intro: virtualization internals part 1 intro to virtualization
[ 1 ] VMWare: Virtualization Internals Part 2 - VMWare and Full Virtualization using Binary Translation
[ 2 ] Xen: Virtualization Internals Part 3 - Xen and Paravirtualization
[ 4 ] QEMU: Virtualization Internals Part 4 - QEMU
——-
related posts :
[ 0 ] Writing a simple 16 bit VM in less than 125 lines of C
[ 1 ] Write your Own Virtual Machine
[ 2 ] notes on vm and qemu escape exploit
[ 3 ] notes on VMware escape exploits by version
[ 4 ] Unpack VMProtect
#VM , #cve_analysis , #VM_internals
—-
https://news.1rj.ru/str/Source_byte
👍3🔥2👎1
APT1
PLA Unit 61398 (Chinese: 61398部队, Pinyin: 61398 bùduì) is the Military Unit Cover Designator (MUCD)[1] of a People's Liberation Army advanced persistent threat unit that has been alleged to be a source of Chinese computer hacking attacks
* Download samples *
#APT #APT1 #PAPER
aka: Brown Fox, Byzantine Candor, COMMENT PANDA, Comment Crew, Comment Group, G0006, GIF89a, Group 3, PLA Unit 61398, ShadyRAT, TG-8223
PLA Unit 61398 (Chinese: 61398部队, Pinyin: 61398 bùduì) is the Military Unit Cover Designator (MUCD)[1] of a People's Liberation Army advanced persistent threat unit that has been alleged to be a source of Chinese computer hacking attacks
* Download samples *
#APT #APT1 #PAPER
👍4
hell yeah , my teacher MR.Amirheidari achieved rank 72 on microsoft's MSRC leaderboard
i think i have more excitement than he has 😂
https://msrc.microsoft.com/leaderboard
i think i have more excitement than he has 😂
https://msrc.microsoft.com/leaderboard
🔥22👏14👍3🍌3❤2👾2⚡1
This media is not supported in your browser
VIEW IN TELEGRAM
I'm not really a reverse engineer 🤷♂
🔥7👾4👍3
Understanding ETW Patching
Credit: jsecurity101
https://jsecurity101.medium.com/understanding-etw-patching-9f5af87f9d7b
#internals #windows #ETW
Credit: jsecurity101
https://jsecurity101.medium.com/understanding-etw-patching-9f5af87f9d7b
#internals #windows #ETW
❤3👍1
Forwarded from Reverse Dungeon
Поскольку контента нет, напомню, что есть бложик с каким-то количество всяких статей
ブログ.きく.コム
В том числе подборка кучи всяких полезностей, связанных с ревёрсом
ブログ.きく.コム/2021/10/02/Reverse-Engineering-Roadmap/
😎 ❤️
ブログ.きく.コム
В том числе подборка кучи всяких полезностей, связанных с ревёрсом
ブログ.きく.コム/2021/10/02/Reverse-Engineering-Roadmap/
Please open Telegram to view this post
VIEW IN TELEGRAM
Windows Internals Blog
Reverse Engineering Roadmap
Склад / Чулан / Сундук ссылок на всё, что только можно, связанное с ревёрсом / книжечки / курсы / много инфы
👾9❤4👍1🔥1
APC Series: User APC Internals
Credit: @0xrepnz
#windows #internals #apc #note
Credit: @0xrepnz
https://repnz.github.io/posts/apc/kernel-user-apc-api
#windows #internals #apc #note
👍3🔥3👾3👏1
Powershell AMSI Bypass technique via Vectored Exception Handler (VEH).
https://github.com/vxCrypt0r/AMSI_VEH
This technique does not perform assembly instruction patching, function hooking or Import Address Table (IAT) modification.
https://github.com/vxCrypt0r/AMSI_VEH
👍7❤1
Syscalls via Vectored Exception Handling
https://redops.at/en/blog/syscalls-via-vectored-exception-handling
GitHub
https://redops.at/en/blog/syscalls-via-vectored-exception-handling
GitHub
❤6👍1
Forwarded from CyberSecurity Shield (Pouyan Zamani)
با سلام و خسته نباشید خدمت همه عزیزان
عذرخواهی ویژه بابت تاخیر طولانی،
بخش دوم دوره SCE 450 با همون فرمون قبلی خدمت شما عزیزان 😁🌹🙏🏻
عذرخواهی ویژه بابت تاخیر طولانی،
بخش دوم دوره SCE 450 با همون فرمون قبلی خدمت شما عزیزان 😁🌹🙏🏻
❤4👍2
Injecting Malicious Code into PDF Files and Creating a PDF Dropper
https://cti.monster/blog/2024/07/25/pdfdropper.html
PDF files are often considered static documents by most people. However, the PDF standard allows for the execution of JavaScript code within the document. This feature offers various attack vectors that can be used for Red Team tests and cybersecurity research. In this article, we will examine how to inject JavaScript into a PDF file to download a file from a specific URL and establish a Command and Control (C2) connection using this method.
https://cti.monster/blog/2024/07/25/pdfdropper.html
👍7🤣3