Source Byte – Telegram
Source Byte
@sourcebyte
7.74K subscribers
846 photos
73 videos
678 files
1.68K links
هشیار کسی باید کز عشق بپرهیزد
وین طبع که من دارم با عقل نیامیزد
Saadi Shirazi 187
Download Telegram
About
Blog
Apps
Platform
Join
Source Byte
7.74K subscribers
Source Byte
Forwarded from Ehsun
2019-12-10-insidethepythonvirtualmachine.pdf
5.1 MB
Inside the Python
👍9👎1
2.28K viewsAnastasia 🐞
Source Byte
DLL Hijacking Overview.pdf
249.1 KB
DLL Hijacking Overview.pdf
6👍1👎1
2.81K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌P҉d҉y҉👾
Source Byte
Forwarded from Source Chat (Friend)
Please open Telegram to view this post
VIEW IN TELEGRAM
‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌P҉d҉y҉👾
Source Byte
Forwarded from Source Byte (Anastasia 🐞)
[ 1 ] From a Windows driver to a fully functionnal driver.
In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR.

https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/



[ 2 ] internal mecanisms of EDR's :

https://www.youtube.com/watch?v=yacpjV6kWpM&t=387s


[ 3 ] MyDumbEDR ( written in C )

https://github.com/sensepost/mydumbedr


———
@islemolecule_source
5👍2👎1
1.82K viewsAnastasia 🐞
Source Byte
Forwarded from Source Chat (GOJO)
Please open Telegram to view this post
VIEW IN TELEGRAM
‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌P҉d҉y҉👾
Source Byte
Forwarded from Source Byte (Anastasia 🐞)
series on virtualization technologies and internals of various solutions (QEMU, Xen and VMWare)
Credit: @LordNoteworthy

[ 0 ] Intro: virtualization internals part 1 intro to virtualization
[ 1 ] VMWare: Virtualization Internals Part 2 - VMWare and Full Virtualization using Binary Translation
[ 2 ] Xen: Virtualization Internals Part 3 - Xen and Paravirtualization
[ 4 ] QEMU: Virtualization Internals Part 4 - QEMU

——-

related posts :
[ 0 ] Writing a simple 16 bit VM in less than 125 lines of C
[ 1 ] Write your Own Virtual Machine
[ 2 ] notes on vm and qemu escape exploit
[ 3 ] notes on VMware escape exploits by version
[ 4 ] Unpack VMProtect



#VM , #cve_analysis , #VM_internals
—-
https://news.1rj.ru/str/Source_byte
👍3🔥2👎1
1.74K viewsAnastasia 🐞
Source Byte
APT1
aka: Brown Fox, Byzantine Candor, COMMENT PANDA, Comment Crew, Comment Group, G0006, GIF89a, Group 3, PLA Unit 61398, ShadyRAT, TG-8223

PLA Unit 61398 (Chinese: 61398部队, Pinyin: 61398 bùduì) is the Military Unit Cover Designator (MUCD)[1] of a People's Liberation Army advanced persistent threat unit that has been alleged to be a source of Chinese computer hacking attacks


* Download samples *

#APT #APT1 #PAPER
👍4
2K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌P҉d҉y҉👾
Source Byte
apt1_one_of_chinas_cyber_espionage_units_Pranshu_Bajpai.pdf
658.6 KB
apt1_one_of_chinas_cyber_espionage_units_Pranshu_Bajpai

#report
👍4
2.04K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌P҉d҉y҉👾
Source Byte
mandiant-apt1-report.pdf
6.5 MB
Mandiant report about APT1

#report
👍5
2.16K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌P҉d҉y҉👾
Source Byte
hell yeah , my teacher MR.Amirheidari achieved rank 72 on microsoft's MSRC leaderboard

i think i have more excitement than he has 😂

https://msrc.microsoft.com/leaderboard
🔥22👏14👍3🍌32👾21
2.51K viewsAnastasia 🐞
Source Byte
This media is not supported in your browser
VIEW IN TELEGRAM
I'm not really a reverse engineer 🤷‍♂
🔥7👾4👍3
2.44K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌P҉d҉y҉👾, edited  
Source Byte
Understanding ETW Patching
Credit: jsecurity101

https://jsecurity101.medium.com/understanding-etw-patching-9f5af87f9d7b

#internals #windows #ETW
3👍1
2.01K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌P҉d҉y҉👾
Source Byte
Forwarded from Reverse Dungeon
Поскольку контента нет, напомню, что есть бложик с каким-то количество всяких статей
ブログ.きく.コム

В том числе подборка кучи всяких полезностей, связанных с ревёрсом
ブログ.きく.コム/2021/10/02/Reverse-Engineering-Roadmap/

😎❤️
Please open Telegram to view this post
VIEW IN TELEGRAM
Windows Internals Blog
Reverse Engineering Roadmap
Склад / Чулан / Сундук ссылок на всё, что только можно, связанное с ревёрсом / книжечки / курсы / много инфы
👾94👍1🔥1
2.19K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌P҉d҉y҉👾
Source Byte
APC Series: User APC Internals
Credit: @0xrepnz
https://repnz.github.io/posts/apc/kernel-user-apc-api


#windows #internals #apc #note
👍3🔥3👾3👏1
2.21K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌P҉d҉y҉👾
Source Byte
Powershell AMSI Bypass technique via Vectored Exception Handler (VEH).
This technique does not perform assembly instruction patching, function hooking or Import Address Table (IAT) modification.

https://github.com/vxCrypt0r/AMSI_VEH
👍71
2.37K viewst a h a, edited  
Source Byte
Syscalls via Vectored Exception Handling

https://redops.at/en/blog/syscalls-via-vectored-exception-handling

GitHub
6👍1
2.4K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌P҉d҉y҉👾
Source Byte
Forwarded from CyberSecurity Shield (Pouyan Zamani)
SANS SEC450-2-Black.pdf
12.2 MB
👍51🔥1🍓1
2.16K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌P҉d҉y҉👾
Source Byte
Forwarded from CyberSecurity Shield (Pouyan Zamani)
با سلام و خسته نباشید خدمت همه عزیزان
عذرخواهی ویژه بابت تاخیر طولانی،
بخش دوم دوره SCE 450 با همون فرمون قبلی خدمت شما عزیزان 😁🌹🙏🏻
4👍2
2.23K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌P҉d҉y҉👾
Source Byte
Injecting Malicious Code into PDF Files and Creating a PDF Dropper

PDF files are often considered static documents by most people. However, the PDF standard allows for the execution of JavaScript code within the document. This feature offers various attack vectors that can be used for Red Team tests and cybersecurity research. In this article, we will examine how to inject JavaScript into a PDF file to download a file from a specific URL and establish a Command and Control (C2) connection using this method.


https://cti.monster/blog/2024/07/25/pdfdropper.html
👍7🤣3
2.61K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌P҉d҉y҉👾, edited  
Source Byte
🤣2114👾1
2.37K viewsAnastasia 🐞
Source Byte
JonMon.pdf
2.5 MB
Unleashing JonMon:
Deep Insights into Your Windows Activity
By: Jonny Johnson
🔥3👍21
2.07K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌P҉d҉y҉👾