Deep Sea Phishing
[ 00 ] How to Bypass EDR With Custom Payloads
[ 01 ] Making Your Malware Look Legit to Bypasses EDR
[ 00 ] How to Bypass EDR With Custom Payloads
If endpoint detection and response (EDR) protections keep blocking your phishing payloads, you really should learn how to write custom payloads. If you’ve never written a custom payload, this is a great place to start. If you have some experience with custom payloads, I hope I can at least simplify the way you think about payload design to make it easy and fun.
[ 01 ] Making Your Malware Look Legit to Bypasses EDR
I wanted to write this blog about several good techniques for endpoint detection and response (EDR) evasion; however, as I was writing about how to evade EDRs, I was hit with an epiphany:“EDR evasion is all about looking like legitimate software” — ph3eds, 2024
👾9👍3🔥2
Forwarded from CyberSecurityTechnologies (-CST-)
#exploit
Techniques for Privilege Escalation on Windows
Part 1: https://www.zerodayinitiative.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1
Part 2: https://www.zerodayinitiative.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2
Part 3: https://www.zerodayinitiative.com/blog/2024/7/31/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-3
Techniques for Privilege Escalation on Windows
Part 1: https://www.zerodayinitiative.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1
Part 2: https://www.zerodayinitiative.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2
Part 3: https://www.zerodayinitiative.com/blog/2024/7/31/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-3
❤4🥱2👍1
https://web.archive.org/web/20240719160444/http://undocumented.ntinternals.net/
Xray(actually nudes) of windows internals
Xray(actually nudes) of windows internals
💅3😘2👍1
PowerOfTcb
https://github.com/daem0nc0re/PrivFu/tree/main/PowerOfTcb
This directory covers how to use SeTcbPrivilege for educational purpose. SeTcbPrivilege is a multi puropse privilege. A user has SeTcbPrivilege is able to perform various token manipulation. For example, following token factors class can be manipulated with SeTcbPrivilege (but most of them cannot be manipulated for assigned primary token):
Session ID
Origin
Mandatory Policy
Integrity Level (downgrade operation does not require SeTcbPrivilege)
https://github.com/daem0nc0re/PrivFu/tree/main/PowerOfTcb
👍3
Windows Process Access Token and user privilege
Stealing Access Tokens From Office Desktop Applications
#windows #token #internals
Privileges are listed and explained at: MSDN
use the Windows Privileges to elevate your rights within the OS.
Priv2Admin
Understanding and Abusing Process Tokens — Part I
Understanding and Abusing Process Tokens — Part II
Access Tokens
Abusing Tokens
Adjusting Process Token Privileges
Stealing Access Tokens From Office Desktop Applications
#windows #token #internals
👾11❤2👍1🔥1
Forwarded from Yashar Mahmoudnia
windows-security-internals-deep-dive.pdf
6.3 MB
Windows Security Internals: A Deep Dive into Windows Authentication, Authorization, and Auditing
True PDF - Final
_
True PDF - Final
_
❤11👍1
IDA Pro 9.0.zip
463 MB
1. edit license owner and shit to whatever you want
2. place ida/ida64 dll/so/dylib in same dir as noscript
3. run the noscript to generate a license
4. copy the generated license and replace dlls with patched ones
5. run
#ida
👍4👏2😱1
Forwarded from Tim
IDA Professional 9.0.zip
416.4 MB
working crack for ida 9.0 arm64 mac os. Ill upload x86 mac os and linux once i wake up again. Just extract and place in your mac os applications folder
❤3👍2
Forwarded from Tim
might need to ad-hoc sign the libida64.dylib for it to launch
👍2
Check here if you have any Question:
https://news.1rj.ru/str/ida_pro_chat
👍1