Forwarded from Infosec Fortress
Happy New Year 2025! Wishing you a year filled with joy, health, and success. 🎉🎄
🔥10🍾2
Forwarded from /mdre/
A primer on writing a credential provider in Windows.
Sequence of calls to a credential provider in Windows.
Please open Telegram to view this post
VIEW IN TELEGRAM
🤓5❤2👍2
Forwarded from CyberSecurity Shield (Pouyan Zamani)
SANS SEC 450-Full Course-2023 (1).pdf
74.1 MB
❤2👍2🔥2🗿2
Source Byte
Jonathan Reiter is the Authors of sans SEC670 (Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Control) so don't miss this one ! https://www.sans.org/webcasts/intro-c-windows-devs/ --> LINK @islemolecule_SOURCE
Mastering PE Parsing with WinDbg
Speaker: Jonathan Reiter , 13 Jan
Register :
https://www.sans.org/webcasts/mastering-pe-parsing-windbg/
Speaker: Jonathan Reiter , 13 Jan
Register :
https://www.sans.org/webcasts/mastering-pe-parsing-windbg/
👍3❤1
Database Viewer and Exporter
https://github.com/MrAmirRezaie/readDatabase
This is a Python tool for viewing and exporting data from various databases and JSON files. It supports SQLite, MySQL, PostgreSQL, MSSQL, and JSON files. Users can also export query results in CSV or JSON formats. The tool is designed to handle encrypted data using multiple encryption algorithms and can decrypt data that has been encrypted with a combination of algorithms.
https://github.com/MrAmirRezaie/readDatabase
Forwarded from /v/‘s Video Memes (ᅠ ᅠ)
This media is not supported in your browser
VIEW IN TELEGRAM
👍2
Lnk series 📄
+ Forensic Analysis of LNK Files
https://belkasoft.com/forensic-analysis-of-lnk-files
+ Deep Dive: Analysis of Shell Link (.lnk) Files
https://www.docguard.io/deep-dive-analysis-of-shell-link-lnk-binary-file-format-and-malicious-lnk-files/
Finding the LNK: Techniques and methodology for advanced analysis with Velociraptor
https://www.rapid7.com/blog/post/2024/11/01/finding-the-lnk-techniques-and-methodology-for-advanced-analysis-with-velociraptor/
Exploring Windows Artifacts : LNK Files
https://u0041.co/posts/articals/lnk-files-artifact/
Forwarded from Infosec Fortress
Qrious Secure
Analysis of VirtualBox CVE-2023-21987 and CVE-2023-21991
Introduction Hi, I am Trung (xikhud). Last month, I joined Qrious Secure team as a new member, and my first target was to find and reproduce the security bugs that @bienpnn used at the Pwn2Own Vancouver 2023 to escape the VirtualBox VM.
Since VirtualBox is…
Since VirtualBox is…
Analysis of VirtualBox CVE-2023-21987 and CVE-2023-21991
🔗 Link
#binary
#exploitation
#virtualbox
#pwn2own
#cve
#CVE_2023_21987
#CVE_2023_21991
———
🆔 @Infosec_Fortress
🔗 Link
#binary
#exploitation
#virtualbox
#pwn2own
#cve
#CVE_2023_21987
#CVE_2023_21991
———
🆔 @Infosec_Fortress
GoDefender
https://github.com/EvilBytecode/GoDefender.git
Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package.
https://github.com/EvilBytecode/GoDefender.git
Forwarded from Malware Research / RedTeam / News
New blog on using CLR customizations to improve the OPSEC of your .NET execution harness. This includes a novel AMSI bypass that identified by author in 2023. By taking control of CLR assembly loads, we can load assemblies from memory with no AMSI scan.
https://securityintelligence.com/x-force/being-a-good-clr-host-modernizing-offensive-net-tradecraft/
Proof-of-concept for the AMSI bypass and an implementation of a CLR memory manager is on GitHub. We can implement custom memory routines and track all allocations made by the CLR.
https://github.com/passthehashbrowns/Being-A-Good-CLR-Host
#redteam #net #clr
https://securityintelligence.com/x-force/being-a-good-clr-host-modernizing-offensive-net-tradecraft/
Proof-of-concept for the AMSI bypass and an implementation of a CLR memory manager is on GitHub. We can implement custom memory routines and track all allocations made by the CLR.
https://github.com/passthehashbrowns/Being-A-Good-CLR-Host
#redteam #net #clr
Security Intelligence
Being a good CLR host – Modernizing offensive .NET tradecraft
Learn how red teams can modernize their use of .NET assemblies using CLR customizations.
👍1