hell yeah , my teacher MR.Amirheidari achieved rank 72 on microsoft's MSRC leaderboard
i think i have more excitement than he has 😂
https://msrc.microsoft.com/leaderboard
i think i have more excitement than he has 😂
https://msrc.microsoft.com/leaderboard
🔥22👏14👍3🍌3❤2👾2⚡1
This media is not supported in your browser
VIEW IN TELEGRAM
I'm not really a reverse engineer 🤷♂
🔥7👾4👍3
Understanding ETW Patching
Credit: jsecurity101
https://jsecurity101.medium.com/understanding-etw-patching-9f5af87f9d7b
#internals #windows #ETW
Credit: jsecurity101
https://jsecurity101.medium.com/understanding-etw-patching-9f5af87f9d7b
#internals #windows #ETW
❤3👍1
Forwarded from Reverse Dungeon
Поскольку контента нет, напомню, что есть бложик с каким-то количество всяких статей
ブログ.きく.コム
В том числе подборка кучи всяких полезностей, связанных с ревёрсом
ブログ.きく.コム/2021/10/02/Reverse-Engineering-Roadmap/
😎 ❤️
ブログ.きく.コム
В том числе подборка кучи всяких полезностей, связанных с ревёрсом
ブログ.きく.コム/2021/10/02/Reverse-Engineering-Roadmap/
Please open Telegram to view this post
VIEW IN TELEGRAM
Windows Internals Blog
Reverse Engineering Roadmap
Склад / Чулан / Сундук ссылок на всё, что только можно, связанное с ревёрсом / книжечки / курсы / много инфы
👾9❤4👍1🔥1
APC Series: User APC Internals
Credit: @0xrepnz
#windows #internals #apc #note
Credit: @0xrepnz
https://repnz.github.io/posts/apc/kernel-user-apc-api
#windows #internals #apc #note
👍3🔥3👾3👏1
Powershell AMSI Bypass technique via Vectored Exception Handler (VEH).
https://github.com/vxCrypt0r/AMSI_VEH
This technique does not perform assembly instruction patching, function hooking or Import Address Table (IAT) modification.
https://github.com/vxCrypt0r/AMSI_VEH
👍7❤1
Syscalls via Vectored Exception Handling
https://redops.at/en/blog/syscalls-via-vectored-exception-handling
GitHub
https://redops.at/en/blog/syscalls-via-vectored-exception-handling
GitHub
❤6👍1
Forwarded from CyberSecurity Shield (Pouyan Zamani)
با سلام و خسته نباشید خدمت همه عزیزان
عذرخواهی ویژه بابت تاخیر طولانی،
بخش دوم دوره SCE 450 با همون فرمون قبلی خدمت شما عزیزان 😁🌹🙏🏻
عذرخواهی ویژه بابت تاخیر طولانی،
بخش دوم دوره SCE 450 با همون فرمون قبلی خدمت شما عزیزان 😁🌹🙏🏻
❤4👍2
Injecting Malicious Code into PDF Files and Creating a PDF Dropper
https://cti.monster/blog/2024/07/25/pdfdropper.html
PDF files are often considered static documents by most people. However, the PDF standard allows for the execution of JavaScript code within the document. This feature offers various attack vectors that can be used for Red Team tests and cybersecurity research. In this article, we will examine how to inject JavaScript into a PDF file to download a file from a specific URL and establish a Command and Control (C2) connection using this method.
https://cti.monster/blog/2024/07/25/pdfdropper.html
👍7🤣3
JonMon.pdf
2.5 MB
Unleashing JonMon:
Deep Insights into Your Windows Activity
Deep Insights into Your Windows Activity
By: Jonny Johnson
🔥3👍2❤1
https://github.com/wikiZ/RedGuard
RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.
RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.
GitHub
GitHub - wikiZ/RedGuard: RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.
RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check. - wikiZ/RedGuard
🔥3👍2❤🔥1
Deep Sea Phishing
[ 00 ] How to Bypass EDR With Custom Payloads
[ 01 ] Making Your Malware Look Legit to Bypasses EDR
[ 00 ] How to Bypass EDR With Custom Payloads
If endpoint detection and response (EDR) protections keep blocking your phishing payloads, you really should learn how to write custom payloads. If you’ve never written a custom payload, this is a great place to start. If you have some experience with custom payloads, I hope I can at least simplify the way you think about payload design to make it easy and fun.
[ 01 ] Making Your Malware Look Legit to Bypasses EDR
I wanted to write this blog about several good techniques for endpoint detection and response (EDR) evasion; however, as I was writing about how to evade EDRs, I was hit with an epiphany:“EDR evasion is all about looking like legitimate software” — ph3eds, 2024
👾9👍3🔥2
Forwarded from CyberSecurityTechnologies (-CST-)
#exploit
Techniques for Privilege Escalation on Windows
Part 1: https://www.zerodayinitiative.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1
Part 2: https://www.zerodayinitiative.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2
Part 3: https://www.zerodayinitiative.com/blog/2024/7/31/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-3
Techniques for Privilege Escalation on Windows
Part 1: https://www.zerodayinitiative.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1
Part 2: https://www.zerodayinitiative.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2
Part 3: https://www.zerodayinitiative.com/blog/2024/7/31/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-3
❤4🥱2👍1
https://web.archive.org/web/20240719160444/http://undocumented.ntinternals.net/
Xray(actually nudes) of windows internals
Xray(actually nudes) of windows internals
💅3😘2👍1
PowerOfTcb
https://github.com/daem0nc0re/PrivFu/tree/main/PowerOfTcb
This directory covers how to use SeTcbPrivilege for educational purpose. SeTcbPrivilege is a multi puropse privilege. A user has SeTcbPrivilege is able to perform various token manipulation. For example, following token factors class can be manipulated with SeTcbPrivilege (but most of them cannot be manipulated for assigned primary token):
Session ID
Origin
Mandatory Policy
Integrity Level (downgrade operation does not require SeTcbPrivilege)
https://github.com/daem0nc0re/PrivFu/tree/main/PowerOfTcb
👍3