Lnk series 📄
+ Forensic Analysis of LNK Files
https://belkasoft.com/forensic-analysis-of-lnk-files
+ Deep Dive: Analysis of Shell Link (.lnk) Files
https://www.docguard.io/deep-dive-analysis-of-shell-link-lnk-binary-file-format-and-malicious-lnk-files/
Finding the LNK: Techniques and methodology for advanced analysis with Velociraptor
https://www.rapid7.com/blog/post/2024/11/01/finding-the-lnk-techniques-and-methodology-for-advanced-analysis-with-velociraptor/
Exploring Windows Artifacts : LNK Files
https://u0041.co/posts/articals/lnk-files-artifact/
Forwarded from Infosec Fortress
Qrious Secure
Analysis of VirtualBox CVE-2023-21987 and CVE-2023-21991
Introduction Hi, I am Trung (xikhud). Last month, I joined Qrious Secure team as a new member, and my first target was to find and reproduce the security bugs that @bienpnn used at the Pwn2Own Vancouver 2023 to escape the VirtualBox VM.
Since VirtualBox is…
Since VirtualBox is…
Analysis of VirtualBox CVE-2023-21987 and CVE-2023-21991
🔗 Link
#binary
#exploitation
#virtualbox
#pwn2own
#cve
#CVE_2023_21987
#CVE_2023_21991
———
🆔 @Infosec_Fortress
🔗 Link
#binary
#exploitation
#virtualbox
#pwn2own
#cve
#CVE_2023_21987
#CVE_2023_21991
———
🆔 @Infosec_Fortress
GoDefender
https://github.com/EvilBytecode/GoDefender.git
Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package.
https://github.com/EvilBytecode/GoDefender.git
Forwarded from Malware Research / RedTeam / News
New blog on using CLR customizations to improve the OPSEC of your .NET execution harness. This includes a novel AMSI bypass that identified by author in 2023. By taking control of CLR assembly loads, we can load assemblies from memory with no AMSI scan.
https://securityintelligence.com/x-force/being-a-good-clr-host-modernizing-offensive-net-tradecraft/
Proof-of-concept for the AMSI bypass and an implementation of a CLR memory manager is on GitHub. We can implement custom memory routines and track all allocations made by the CLR.
https://github.com/passthehashbrowns/Being-A-Good-CLR-Host
#redteam #net #clr
https://securityintelligence.com/x-force/being-a-good-clr-host-modernizing-offensive-net-tradecraft/
Proof-of-concept for the AMSI bypass and an implementation of a CLR memory manager is on GitHub. We can implement custom memory routines and track all allocations made by the CLR.
https://github.com/passthehashbrowns/Being-A-Good-CLR-Host
#redteam #net #clr
Security Intelligence
Being a good CLR host – Modernizing offensive .NET tradecraft
Learn how red teams can modernize their use of .NET assemblies using CLR customizations.
👍1
Botnets Never Die: An Analysis of the Large Scale Botnet AIRASHI
https://blog.xlab.qianxin.com/large-scale-botnet-airashi-en/
https://blog.xlab.qianxin.com/large-scale-botnet-airashi-en/
奇安信 X 实验室
Botnets Never Die: An Analysis of the Large Scale Botnet AIRASHI
Overview
In August 2024, XLab observed a premeditated large-scale DDoS attack targeting the distribution platforms of the chinese game Black Myth: Wukong, namely Steam and Perfect World.This attack operation was divided into four waves, with the attackers…
In August 2024, XLab observed a premeditated large-scale DDoS attack targeting the distribution platforms of the chinese game Black Myth: Wukong, namely Steam and Perfect World.This attack operation was divided into four waves, with the attackers…
Forwarded from [ deprecated_bytes ]
#reverse #IDA #hardware #research
.noscript
Mouse Adventures
.text
Wherein I delve into the internals of my no-name brand "Tecknet Hypertrak Gaming Mouse" in an attempt to write a cross-platform tool that can manipulate its configuration without having to use the awful Windows-only tool it's shipped with. In this first part we tear apart said tool to figure out how it communicates with the mouse.
.comment
Practical field story about "simple" hardware reverse engineering. Part 7 is noticeable as rare info about IDA's processor module creation.
.data
#1: Introduction
#2: Extracting the Firmware
#3: Writing a Disassembler
#4: Writing a custom tool
#5: Dumping and Parsing the USB Denoscriptors
#6: Enabling the Bootloader
#7: Writing an IDA Processor Module
#8: Dissecting the USB Code and Unbricking the Mouse
[ deprecated_bytes ]
.noscript
Mouse Adventures
.text
Wherein I delve into the internals of my no-name brand "Tecknet Hypertrak Gaming Mouse" in an attempt to write a cross-platform tool that can manipulate its configuration without having to use the awful Windows-only tool it's shipped with. In this first part we tear apart said tool to figure out how it communicates with the mouse.
.comment
Practical field story about "simple" hardware reverse engineering. Part 7 is noticeable as rare info about IDA's processor module creation.
.data
#1: Introduction
#2: Extracting the Firmware
#3: Writing a Disassembler
#4: Writing a custom tool
#5: Dumping and Parsing the USB Denoscriptors
#6: Enabling the Bootloader
#7: Writing an IDA Processor Module
#8: Dissecting the USB Code and Unbricking the Mouse
[ deprecated_bytes ]
❤3👍1
Defeating malware's Anti-VM techniques (CPUID-Based Instructions)
By Sina Karvandi
https://rayanfam.com/topics/defeating-malware-anti-vm-techniques-cpuid-based-instructions/
By Sina Karvandi
https://rayanfam.com/topics/defeating-malware-anti-vm-techniques-cpuid-based-instructions/
❤2
we lost our previous group :(
have no idea why , telegram is so strange
have no idea why , telegram is so strange
💔26❤3
Source Byte
we lost our previous group :( have no idea why , telegram is so strange
The Source Chat group has been banned, but we’re back with a new space. Join us to continue our discussions, share knowledge, and stay ahead in the security world. Let’s keep moving forward!
Group chat
Group chat
❤10💔2
Telegram has deleted the channel 1N73LL1G3NC3 for some unknown reason. However, the author decided to continue sharing cool stuff and started the channel anew. Sharing
https://news.1rj.ru/str/P0x3k_1N73LL1G3NC3
https://news.1rj.ru/str/P0x3k_1N73LL1G3NC3
Telegram
1N73LL1G3NC3
Reborn…
❤9
Green with Evil: Analyzing the new Lockbit 4 Green
https://elis531989.medium.com/green-with-evil-analyzing-the-new-lockbit-4-green-7f5783c4414c
https://elis531989.medium.com/green-with-evil-analyzing-the-new-lockbit-4-green-7f5783c4414c
Forwarded from Reverse Dungeon
https://github.com/nuta/operating-system-in-1000-lines
https://habr.com/ru/companies/ruvds/articles/874154/
https://habr.com/ru/companies/ruvds/articles/874154/
GitHub
GitHub - nuta/operating-system-in-1000-lines: Writing an OS in 1,000 lines.
Writing an OS in 1,000 lines. Contribute to nuta/operating-system-in-1000-lines development by creating an account on GitHub.