Forwarded from CyberSecurityTechnologies (-CST-)
HookChain_new_perspective.pdf
14.4 MB
#Red_Team_Tactics
"HookChain: A new perspective for Bypassing EDR Solutions", 2024.
]-> https://github.com/helviojunior/hookchain
"HookChain: A new perspective for Bypassing EDR Solutions", 2024.
]-> https://github.com/helviojunior/hookchain
👍4❤2🔥1👏1
Kimsuky Group's new backdoor appeared (HappyDoor)
https://web.archive.org/web/20240626161026/https://asec.ahnlab.com/ko/67128/
https://web.archive.org/web/20240626161026/https://asec.ahnlab.com/ko/67128/
🔥3👍2
Forwarded from Offensive Xwitter
😈 [ Check Point Research @_CPResearch_ ]
10 years of DLL hijacking - featuring abused executables that shouldn't have existed, exported and malicious DLLs with discount bin "packing." Includes a PoC for app developers to pre-emptively stop hijacking without dealing with a certificate authority.
🔗 https://research.checkpoint.com/2024/10-years-of-dll-hijacking-and-what-we-can-do-to-prevent-10-more/
🐥 [ tweet ]
10 years of DLL hijacking - featuring abused executables that shouldn't have existed, exported and malicious DLLs with discount bin "packing." Includes a PoC for app developers to pre-emptively stop hijacking without dealing with a certificate authority.
🔗 https://research.checkpoint.com/2024/10-years-of-dll-hijacking-and-what-we-can-do-to-prevent-10-more/
🐥 [ tweet ]
👍5
Source Byte
Process Injection via Component Object Model (COM) IRundown::DoCallback() From MDSec https://www.mdsec.co.uk/2022/04/process-injection-via-component-object-model-com-irundowndocallback/ #malware_dev
Injecting Code into Windows Protected Processes using COM, Part 1 and Part 2 by James Forshaw of the Project Zero team prompted an interest in COM internals and, more specifically, the undocumented DoCallback method part of the IRundown interface.
- POC
#COM
- POC
#COM
👍7
Forwarded from Order of Six Angles
Охуенная статья
Red Teaming in the age of EDR: Evasion of Endpoint Detection Through Malware Virtualisation
https://blog.fox-it.com/2024/09/25/red-teaming-in-the-age-of-edr-evasion-of-endpoint-detection-through-malware-virtualisation/
Red Teaming in the age of EDR: Evasion of Endpoint Detection Through Malware Virtualisation
https://blog.fox-it.com/2024/09/25/red-teaming-in-the-age-of-edr-evasion-of-endpoint-detection-through-malware-virtualisation/
Fox-IT International blog
Red Teaming in the age of EDR: Evasion of Endpoint Detection Through Malware Virtualisation
Authors: Boudewijn Meijer && Rick Veldhoven Introduction As defensive security products improve, attackers must refine their craft. Gone are the days of executing malicious binaries from di…
👍5
The Anti-EDR Compendium
EDR functionality and bypasses in 2024, with focus on undetected shellcode loader.
https://blog.deeb.ch/posts/how-edr-works/
credit : Dobin Rutishauser
EDR functionality and bypasses in 2024, with focus on undetected shellcode loader.
https://blog.deeb.ch/posts/how-edr-works/
credit : Dobin Rutishauser
1👍4
x64 WINAPI Recursive Loader
https://web.archive.org/web/20240928164510/https://github.com/Evi1Grey5/Recursive-Loader
#Loader #malware_dev
"Code provided by smelly - vx-underground"
https://web.archive.org/web/20240928164510/https://github.com/Evi1Grey5/Recursive-Loader
#Loader #malware_dev
👍3
Source Byte
Process Injection via Component Object Model (COM) IRundown::DoCallback() From MDSec https://www.mdsec.co.uk/2022/04/process-injection-via-component-object-model-com-irundowndocallback/ #malware_dev
COM PROCESS INJECTION for RUST
https://github.com/0xlane/com-process-inject.git
#malware_dev
Process Injection via Component Object Model (COM) IRundown::DoCallback().
https://github.com/0xlane/com-process-inject.git
#malware_dev
🔥4
RedTeam Workshop - Part 4
* How do North Korean hackers bypass security mechanisms? *
APT38 attacks simulation , in this section, "defense evasion" was discussed.
https://youtu.be/zDyPRrtXjus?si=265TY6KyElHGr-eR
slides / notes :
https://github.com/soheilsec/RT-workshop-2024
credit : @soheilsec
language : persian
* How do North Korean hackers bypass security mechanisms? *
APT38 attacks simulation , in this section, "defense evasion" was discussed.
Defense Evasion
+ T1562.003 | Impair Command History Logging
+ T1562.004 | Disable or Modify System Firewall
+ T1070.001 | Clear Windows Event Logs
+ T1070.006 | Timestomp
+ T1112 | Modify Registry
+ T1218.001 | Compiled HTML File
+ T1218.011 | Rundll32
https://youtu.be/zDyPRrtXjus?si=265TY6KyElHGr-eR
slides / notes :
https://github.com/soheilsec/RT-workshop-2024
credit : @soheilsec
👍4
How to get the COM concurrency model for the current thread.
by Rbmm & Dennis A. Babkin
https://dennisbabkin.com/blog/?t=things-you-thought-you-knew-how-to-get-com-concurrency-model-for-current-thread
#com #reverse_engineer #cpp
by Rbmm & Dennis A. Babkin
https://dennisbabkin.com/blog/?t=things-you-thought-you-knew-how-to-get-com-concurrency-model-for-current-thread
#com #reverse_engineer #cpp
www.dennisbabkin.com
Blog Author - Rbmm
Information about blog author at www.dennisbabkin.com - Rbmm
🔥6🤡2
Source Byte pinned «Process Injection via Component Object Model (COM) IRundown::DoCallback() From MDSec https://www.mdsec.co.uk/2022/04/process-injection-via-component-object-model-com-irundowndocallback/ #malware_dev»
Function Graph Overview
https://marketplace.visualstudio.com/items?itemName=tamir-bahar.function-graph-overview
https://marketplace.visualstudio.com/items?itemName=tamir-bahar.function-graph-overview
🔥3👍1
ProxyAlloc: evading NtAllocateVirtualMemory detection ft. Elastic Defend & Binary Ninja
In this article, we will explore a method for in-process shellcode execution evasion. This method is specifically designed to avoid the detection of NtAllocateVirtualMemory calls from unsigned DLLs.
https://blog.cryptoplague.net/main/research/windows-research/proxyalloc-evading-ntallocatevirtualmemory-detection-ft.-elastic-defend-and-binary-ninja
credit : Daniil Nababkin
In this article, we will explore a method for in-process shellcode execution evasion. This method is specifically designed to avoid the detection of NtAllocateVirtualMemory calls from unsigned DLLs.
https://blog.cryptoplague.net/main/research/windows-research/proxyalloc-evading-ntallocatevirtualmemory-detection-ft.-elastic-defend-and-binary-ninja
credit : Daniil Nababkin
👍3
Note during self-study OSEP course from the Internet.
https://github.com/col-1002/OSEP-Notes/tree/main
https://github.com/col-1002/OSEP-Notes/tree/main
GitHub
GitHub - col-1002/OSEP-Notes: Note during self-study OSEP course from the Internet.
Note during self-study OSEP course from the Internet. - col-1002/OSEP-Notes
Forwarded from کانال بایت امن
#Article
Design a real-time data processing By Ramin Farajpour
در این مقاله شما با طراحی سیستم بلادرنگ [ real-time data processing] اشنا می شوید.این سیستم به منظور اقدامات ضروری برای سناریو های تصمیم گیری مانند کشف تقلب، معاملات سهام، سیستمهای نظارت یا ضد ویروسها، حیاتی است.
1- Apache Kafka (Data Ingestion)
2- Apache Flink (Stream Processing)
3- Apache Druid (Analytics and Querying)
4- CEPFlink ( Complex Event Processing)
5- Kubernetes (Scalability)
6- Data Storage (Apache Cassandra or Amazon Kinesis)
🦅 کانال بایت امن | گروه بایت امن
_
Design a real-time data processing By Ramin Farajpour
در این مقاله شما با طراحی سیستم بلادرنگ [ real-time data processing] اشنا می شوید.این سیستم به منظور اقدامات ضروری برای سناریو های تصمیم گیری مانند کشف تقلب، معاملات سهام، سیستمهای نظارت یا ضد ویروسها، حیاتی است.
1- Apache Kafka (Data Ingestion)
2- Apache Flink (Stream Processing)
3- Apache Druid (Analytics and Querying)
4- CEPFlink ( Complex Event Processing)
5- Kubernetes (Scalability)
6- Data Storage (Apache Cassandra or Amazon Kinesis)
_
Please open Telegram to view this post
VIEW IN TELEGRAM
👍1
Forwarded from SoheilSec (Soheil Hashemi)
سلام دوستان وقتتون بخیر،
انشالله امروز یه لایو ساعت 18 در خدمتتون هستم، روی APT 28 🇷🇺تا جایی که شد تاکتیک میریم جلو
https://youtube.com/live/M1JeQv-bhNM?feature=share
انشالله امروز یه لایو ساعت 18 در خدمتتون هستم، روی APT 28 🇷🇺تا جایی که شد تاکتیک میریم جلو
https://youtube.com/live/M1JeQv-bhNM?feature=share
Youtube
- YouTube
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
RedTeam Workshop - Part 5
* How do North Korean hackers extract user information on the network? *
APT38 attacks simulation , in this section, " credential access" was discussed.
https://youtu.be/3yVKOzEN8MQ?si=7xaSYpirk930_J8X
slides / notes :
https://github.com/soheilsec/RT-workshop-2024
credit : @soheilsec
language : persian
* How do North Korean hackers extract user information on the network? *
APT38 attacks simulation , in this section, " credential access" was discussed.
Credential Access
+ T1110 | Brute Force
+ T1056.001 | Keylogging
+ T1217 | Browser Information Discovery
+ T1083 | File and Directory Discovery
+ T1135 | Network Share Discovery
+ T1057 | Process Discovery
+ T1518.001 | Security Software Discovery
+ T1082 | System Information Discovery
+ T1049 | System Network Connections Discovery
+ T1033 | System Owner/User Discovery
https://youtu.be/3yVKOzEN8MQ?si=7xaSYpirk930_J8X
slides / notes :
https://github.com/soheilsec/RT-workshop-2024
credit : @soheilsec
❤1