RedTeam Workshop - Part 3
APT38 attacks simulation
https://www.youtube.com/watch?v=XjeIPE4g33s
slides / notes :
https://github.com/soheilsec/RT-workshop-2024
credit : @soheilsec
language : persian
APT38 attacks simulation
Execution
+ T1059.001 | PowerShell
+ T1059.003 | Windows Command Shell
+ T1059.005 | Visual Basic
+ T1106 | Native API
+ T1053.005 | Scheduled Task
+ T1569.002 | Service Execution
+ T1024.002 | Malicious File
Persistence
+ T1543.003 | Windows Service
https://www.youtube.com/watch?v=XjeIPE4g33s
slides / notes :
https://github.com/soheilsec/RT-workshop-2024
credit : @soheilsec
🔥7👎2👾1
Forwarded from APT
⚙️From COM Object Fundamentals To UAC Bypasses
A 25-minute crash course covering Tokens, Privileges, UAC, COM, and ultimately bypassing UAC.
🔗Research:
https://www.youtube.com/watch?v=481SI_HWlLs
🔗Source:
https://github.com/tijme/conferences/tree/master/2024-09%20OrangeCon/code
#windows #com #uac #bypass
A 25-minute crash course covering Tokens, Privileges, UAC, COM, and ultimately bypassing UAC.
🔗Research:
https://www.youtube.com/watch?v=481SI_HWlLs
🔗Source:
https://github.com/tijme/conferences/tree/master/2024-09%20OrangeCon/code
#windows #com #uac #bypass
YouTube
From COM Object Fundamentals To UAC Bypasses - Tijme Gommers
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
👍5❤4👎1👾1
Forwarded from SoheilSec (Soheil Hashemi)
RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software
https://www.bleepingcomputer.com/news/security/ransomhub-ransomware-abuses-kaspersky-tdsskiller-to-disable-edr-software/
https://www.bleepingcomputer.com/news/security/ransomhub-ransomware-abuses-kaspersky-tdsskiller-to-disable-edr-software/
BleepingComputer
RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software
The RansomHub ransomware gang has been using TDSSKiller, a legitimate tool from Kaspersky, to attempt disabling endpoint detection and response (EDR) services on target systems.
🔥2
Forwarded from Peneter Tools (Soheil Hashemi)
👍6👾2
APT
⚙️From COM Object Fundamentals To UAC Bypasses A 25-minute crash course covering Tokens, Privileges, UAC, COM, and ultimately bypassing UAC. 🔗Research: https://www.youtube.com/watch?v=481SI_HWlLs 🔗Source: https://github.com/tijme/conferences/tree/master/2024…
This media is not supported in your browser
VIEW IN TELEGRAM
👾4👍2
Forwarded from iCe 𖤍
The changes to the IDAPython API in IDA 9 has broken some plugins and noscripts
Here's how to fix some of these issues:
https://blog.junron.dev/IDAPython%20Research/IDAPython%208%20to%209.html
Here's how to fix some of these issues:
https://blog.junron.dev/IDAPython%20Research/IDAPython%208%20to%209.html
jro.sg
Porting an IDAPython Plugin to IDA 9
Alternatives for some APIs removed in IDA 9
👍4
Iran_Cyber_Final_Full_v2.pdf
752.8 KB
It's for 2018 (EN)
Iran_Cyber_Threat-Final_.pdf
489.4 KB
Iran Cyber Threat Final
به زبان فارسی
👍7🤣3
Analysis of some feature of vmprotect
https://sachiel-archangel.medium.com/analysis-of-vmprotect-0b28c8e47ca5
#protector
https://sachiel-archangel.medium.com/analysis-of-vmprotect-0b28c8e47ca5
#protector
👍7😁2
Source Byte
😂😂😂 https://github.com/JohnHammond/recaptcha-phish
Anatomy of a Lumma Stealer Attack via Fake CAPTCHA Pages - Part 1
https://denwp.com/anatomy-of-a-lumma-stealer/
https://denwp.com/anatomy-of-a-lumma-stealer/
👍4
Forwarded from Offensive Xwitter
😈 [ Kurosh Dabbagh @_Kudaes_ ]
Somebody asked if you can run a dll directly without rundll32 as you would do with an exe. You just need to remove the IMAGE_FILE_DLL flag from IMAGE_FILE_HEADER->Characteristics, which can be done with the option -e. Don't see much use for it tho ^^
🔗 https://github.com/Kudaes/CustomEntryPoint
🐥 [ tweet ]
Somebody asked if you can run a dll directly without rundll32 as you would do with an exe. You just need to remove the IMAGE_FILE_DLL flag from IMAGE_FILE_HEADER->Characteristics, which can be done with the option -e. Don't see much use for it tho ^^
🔗 https://github.com/Kudaes/CustomEntryPoint
🐥 [ tweet ]
👍3❤2
CreateSvcRpc
https://www.x86matthew.com/view_post?id=create_svc_rpc
#RPC
A custom RPC client to execute programs as the SYSTEM user
https://www.x86matthew.com/view_post?id=create_svc_rpc
#RPC
👍11
تبریک !
Congratulations to the Iran WorldSkills Cyber Security Team! 💎
https://results.worldskills.org/results?offset=0&base_skill=546
Congratulations to the Iran WorldSkills Cyber Security Team! 💎
Your dedication, hard work, and exceptional skills have truly paid off. Competing on the world stage and showcasing your talents in cyber security is a remarkable achievement. Your success not only brings pride to our nation but also inspires future generations of cyber security enthusiasts. Keep pushing the boundaries and setting new standards of excellence. We are incredibly proud of you!https://results.worldskills.org/results?offset=0&base_skill=546
1🍾15🏆7❤3👍2☃1🤡1