Database Viewer and Exporter
https://github.com/MrAmirRezaie/readDatabase
This is a Python tool for viewing and exporting data from various databases and JSON files. It supports SQLite, MySQL, PostgreSQL, MSSQL, and JSON files. Users can also export query results in CSV or JSON formats. The tool is designed to handle encrypted data using multiple encryption algorithms and can decrypt data that has been encrypted with a combination of algorithms.
https://github.com/MrAmirRezaie/readDatabase
Forwarded from /v/‘s Video Memes (ᅠ ᅠ)
This media is not supported in your browser
VIEW IN TELEGRAM
👍2
Lnk series 📄
+ Forensic Analysis of LNK Files
https://belkasoft.com/forensic-analysis-of-lnk-files
+ Deep Dive: Analysis of Shell Link (.lnk) Files
https://www.docguard.io/deep-dive-analysis-of-shell-link-lnk-binary-file-format-and-malicious-lnk-files/
Finding the LNK: Techniques and methodology for advanced analysis with Velociraptor
https://www.rapid7.com/blog/post/2024/11/01/finding-the-lnk-techniques-and-methodology-for-advanced-analysis-with-velociraptor/
Exploring Windows Artifacts : LNK Files
https://u0041.co/posts/articals/lnk-files-artifact/
Forwarded from Infosec Fortress
Qrious Secure
Analysis of VirtualBox CVE-2023-21987 and CVE-2023-21991
Introduction Hi, I am Trung (xikhud). Last month, I joined Qrious Secure team as a new member, and my first target was to find and reproduce the security bugs that @bienpnn used at the Pwn2Own Vancouver 2023 to escape the VirtualBox VM.
Since VirtualBox is…
Since VirtualBox is…
Analysis of VirtualBox CVE-2023-21987 and CVE-2023-21991
🔗 Link
#binary
#exploitation
#virtualbox
#pwn2own
#cve
#CVE_2023_21987
#CVE_2023_21991
———
🆔 @Infosec_Fortress
🔗 Link
#binary
#exploitation
#virtualbox
#pwn2own
#cve
#CVE_2023_21987
#CVE_2023_21991
———
🆔 @Infosec_Fortress
GoDefender
https://github.com/EvilBytecode/GoDefender.git
Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package.
https://github.com/EvilBytecode/GoDefender.git
Forwarded from Malware Research / RedTeam / News
New blog on using CLR customizations to improve the OPSEC of your .NET execution harness. This includes a novel AMSI bypass that identified by author in 2023. By taking control of CLR assembly loads, we can load assemblies from memory with no AMSI scan.
https://securityintelligence.com/x-force/being-a-good-clr-host-modernizing-offensive-net-tradecraft/
Proof-of-concept for the AMSI bypass and an implementation of a CLR memory manager is on GitHub. We can implement custom memory routines and track all allocations made by the CLR.
https://github.com/passthehashbrowns/Being-A-Good-CLR-Host
#redteam #net #clr
https://securityintelligence.com/x-force/being-a-good-clr-host-modernizing-offensive-net-tradecraft/
Proof-of-concept for the AMSI bypass and an implementation of a CLR memory manager is on GitHub. We can implement custom memory routines and track all allocations made by the CLR.
https://github.com/passthehashbrowns/Being-A-Good-CLR-Host
#redteam #net #clr
Security Intelligence
Being a good CLR host – Modernizing offensive .NET tradecraft
Learn how red teams can modernize their use of .NET assemblies using CLR customizations.
👍1
Botnets Never Die: An Analysis of the Large Scale Botnet AIRASHI
https://blog.xlab.qianxin.com/large-scale-botnet-airashi-en/
https://blog.xlab.qianxin.com/large-scale-botnet-airashi-en/
奇安信 X 实验室
Botnets Never Die: An Analysis of the Large Scale Botnet AIRASHI
Overview
In August 2024, XLab observed a premeditated large-scale DDoS attack targeting the distribution platforms of the chinese game Black Myth: Wukong, namely Steam and Perfect World.This attack operation was divided into four waves, with the attackers…
In August 2024, XLab observed a premeditated large-scale DDoS attack targeting the distribution platforms of the chinese game Black Myth: Wukong, namely Steam and Perfect World.This attack operation was divided into four waves, with the attackers…
Forwarded from [ deprecated_bytes ]
#reverse #IDA #hardware #research
.noscript
Mouse Adventures
.text
Wherein I delve into the internals of my no-name brand "Tecknet Hypertrak Gaming Mouse" in an attempt to write a cross-platform tool that can manipulate its configuration without having to use the awful Windows-only tool it's shipped with. In this first part we tear apart said tool to figure out how it communicates with the mouse.
.comment
Practical field story about "simple" hardware reverse engineering. Part 7 is noticeable as rare info about IDA's processor module creation.
.data
#1: Introduction
#2: Extracting the Firmware
#3: Writing a Disassembler
#4: Writing a custom tool
#5: Dumping and Parsing the USB Denoscriptors
#6: Enabling the Bootloader
#7: Writing an IDA Processor Module
#8: Dissecting the USB Code and Unbricking the Mouse
[ deprecated_bytes ]
.noscript
Mouse Adventures
.text
Wherein I delve into the internals of my no-name brand "Tecknet Hypertrak Gaming Mouse" in an attempt to write a cross-platform tool that can manipulate its configuration without having to use the awful Windows-only tool it's shipped with. In this first part we tear apart said tool to figure out how it communicates with the mouse.
.comment
Practical field story about "simple" hardware reverse engineering. Part 7 is noticeable as rare info about IDA's processor module creation.
.data
#1: Introduction
#2: Extracting the Firmware
#3: Writing a Disassembler
#4: Writing a custom tool
#5: Dumping and Parsing the USB Denoscriptors
#6: Enabling the Bootloader
#7: Writing an IDA Processor Module
#8: Dissecting the USB Code and Unbricking the Mouse
[ deprecated_bytes ]
❤3👍1
Defeating malware's Anti-VM techniques (CPUID-Based Instructions)
By Sina Karvandi
https://rayanfam.com/topics/defeating-malware-anti-vm-techniques-cpuid-based-instructions/
By Sina Karvandi
https://rayanfam.com/topics/defeating-malware-anti-vm-techniques-cpuid-based-instructions/
❤2
we lost our previous group :(
have no idea why , telegram is so strange
have no idea why , telegram is so strange
💔26❤3