perfctl: A Stealthy Malware Targeting Millions of Linux Servers

https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/

Rate Limit Bypass using HTTP Headers

CACHE_INFO: 127.0.0.1
CF_CONNECTING_IP: 127.0.0.1
CF-Connecting-IP: 127.0.0.1
CLIENT_IP: 127.0.0.1
Client-IP: 127.0.0.1
COMING_FROM: 127.0.0.1
CONNECT_VIA_IP: 127.0.0.1
FORWARD_FOR: 127.0.0.1
FORWARD-FOR: 127.0.0.1
FORWARDED_FOR_IP: 127.0.0.1
FORWARDED_FOR: 127.0.0.1
FORWARDED-FOR-IP: 127.0.0.1
FORWARDED-FOR: 127.0.0.1
FORWARDED: 127.0.0.1
HTTP-CLIENT-IP: 127.0.0.1
HTTP-FORWARDED-FOR-IP: 127.0.0.1
HTTP-PC-REMOTE-ADDR: 127.0.0.1
HTTP-PROXY-CONNECTION: 127.0.0.1
HTTP-VIA: 127.0.0.1
HTTP-X-FORWARDED-FOR-IP: 127.0.0.1
HTTP-X-IMFORWARDS: 127.0.0.1
HTTP-XROXY-CONNECTION: 127.0.0.1
PC_REMOTE_ADDR: 127.0.0.1
PRAGMA: 127.0.0.1
PROXY_AUTHORIZATION: 127.0.0.1
PROXY_CONNECTION: 127.0.0.1
Proxy-Client-IP: 127.0.0.1
PROXY: 127.0.0.1
REMOTE_ADDR: 127.0.0.1
Source-IP: 127.0.0.1
True-Client-IP: 127.0.0.1
Via: 127.0.0.1
VIA: 127.0.0.1
WL-Proxy-Client-IP: 127.0.0.1
X_CLUSTER_CLIENT_IP: 127.0.0.1
X_COMING_FROM: 127.0.0.1
X_DELEGATE_REMOTE_HOST: 127.0.0.1
X_FORWARDED_FOR_IP: 127.0.0.1
X_FORWARDED_FOR: 127.0.0.1
X_FORWARDED: 127.0.0.1
X_IMFORWARDS: 127.0.0.1
X_LOCKING: 127.0.0.1
X_LOOKING: 127.0.0.1
X_REAL_IP: 127.0.0.1
X-Backend-Host: 127.0.0.1
X-BlueCoat-Via: 127.0.0.1
X-Cache-Info: 127.0.0.1
X-Forward-For: 127.0.0.1
X-Forwarded-By: 127.0.0.1
X-Forwarded-For-Original: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-For: 127.0.0.1, 127.0.0.1, 127.0.0.1
X-Forwarded-Server: 127.0.0.1
X-Forwarded-Host: 127.0.0.1
X-From-IP: 127.0.0.1
X-From: 127.0.0.1
X-Gateway-Host: 127.0.0.1
X-Host: 127.0.0.1
X-Ip: 127.0.0.1
X-Original-Host: 127.0.0.1
X-Original-IP: 127.0.0.1
X-Original-Remote-Addr: 127.0.0.1
X-Original-Url: 127.0.0.1
X-Originally-Forwarded-For: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-ProxyMesh-IP: 127.0.0.1
X-ProxyUser-IP: 127.0.0.1
X-Real-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-True-Client-IP: 127.0.0.1
XONNECTION: 127.0.0.1
XPROXY: 127.0.0.1
XROXY_CONNECTION: 127.0.0.1
Z-Forwarded-For: 127.0.0.1
ZCACHE_CONTROL: 127.0.0.1

For more join to channel (:

https://news.1rj.ru/str/rootdr_research

#Web
#Payloads
#bugbounty

VMProtect 2 - Part Two, Complete Static Analysis
https://blog.back.engineering/21/06/2021/

The Exploit Development Lifecycle

#exploitation
#conference
———
🆔 @Infosec_Fortress

#slides
#exploitation
#conference
———
🆔 @Infosec_Fortress

DEF CON 32 (2024 July 27-30)
Presentations :
https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations
Video and slides:
https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20video%20and%20slides



DEFCON 31 DEFCON 30 DEFCON 29
DEFCON 28 DEFCON 27 DEFCON 26

Indirect Waffles - Shellcode Loader to Bypass EDRs

https://wafflesexploits.github.io/posts/Indirect-Waffles-Shellcode-Loader-to-Bypass-EDRs/



Dynamic HTTP(S) Payload Stager
https://wafflesexploits.github.io/posts/Dynamic-HTTP-Payload-Stager/

Ребята из F.A.C.C.T. выпустили фундаментальное исследование про Shadow и Twelve и релевантные им проекты. Док крайне полезен для понимания современного ландшафта угроз для РФ, о чем, вроде бы, написано немало (1 , 2 ), но знания не бывают лишними (тем более, всегда интересно сравнивать отчеты разных поставщиков на схожие темы - это позволяет создать более объективное представление и сопоставить собственные наблюдения)! Делюсь.

#MDR

#SEC511 #Persian #2023

Chrome Exploitation from Zero to Heap-Sandbox Escape

#browser
#exploitation
———
🆔 @Infosec_Fortress

#browser
#exploitation
———
🆔 @Infosec_Fortress

امروز اولین ویدیو از مجموعه ویدیو های windbg در یوتیوب قرار گرفت
سعی کردم این کورس متفاوت باشه و مباحثی که مرتبط با اینترنالز ویندوز هست رو در حد نیاز بگم که مخاطب مشکلی نداشته باشه ولی همچنان باید مخاطب باید آشنایی با اینترنالز سیستم عامل و اسمبلی داشته باشه.

همچنین سعی کردم در این دوره مفاهیم جالبی رو در ادامه ارائه بدم که فعلا چیزی نمیگم که سوپرایز شید:))

ویدیو قسمت اول
اسکریپتی که برای بالا اوردن lab اماده کردم
@cafe_security