Forwarded from [ deprecated_bytes ]
#reverse #IDA #hardware #research
.noscript
Mouse Adventures
.text
Wherein I delve into the internals of my no-name brand "Tecknet Hypertrak Gaming Mouse" in an attempt to write a cross-platform tool that can manipulate its configuration without having to use the awful Windows-only tool it's shipped with. In this first part we tear apart said tool to figure out how it communicates with the mouse.
.comment
Practical field story about "simple" hardware reverse engineering. Part 7 is noticeable as rare info about IDA's processor module creation.
.data
#1: Introduction
#2: Extracting the Firmware
#3: Writing a Disassembler
#4: Writing a custom tool
#5: Dumping and Parsing the USB Denoscriptors
#6: Enabling the Bootloader
#7: Writing an IDA Processor Module
#8: Dissecting the USB Code and Unbricking the Mouse
[ deprecated_bytes ]
.noscript
Mouse Adventures
.text
Wherein I delve into the internals of my no-name brand "Tecknet Hypertrak Gaming Mouse" in an attempt to write a cross-platform tool that can manipulate its configuration without having to use the awful Windows-only tool it's shipped with. In this first part we tear apart said tool to figure out how it communicates with the mouse.
.comment
Practical field story about "simple" hardware reverse engineering. Part 7 is noticeable as rare info about IDA's processor module creation.
.data
#1: Introduction
#2: Extracting the Firmware
#3: Writing a Disassembler
#4: Writing a custom tool
#5: Dumping and Parsing the USB Denoscriptors
#6: Enabling the Bootloader
#7: Writing an IDA Processor Module
#8: Dissecting the USB Code and Unbricking the Mouse
[ deprecated_bytes ]
❤3👍1
Defeating malware's Anti-VM techniques (CPUID-Based Instructions)
By Sina Karvandi
https://rayanfam.com/topics/defeating-malware-anti-vm-techniques-cpuid-based-instructions/
By Sina Karvandi
https://rayanfam.com/topics/defeating-malware-anti-vm-techniques-cpuid-based-instructions/
❤2
we lost our previous group :(
have no idea why , telegram is so strange
have no idea why , telegram is so strange
💔26❤3
Source Byte
we lost our previous group :( have no idea why , telegram is so strange
The Source Chat group has been banned, but we’re back with a new space. Join us to continue our discussions, share knowledge, and stay ahead in the security world. Let’s keep moving forward!
Group chat
Group chat
❤10💔2
Telegram has deleted the channel 1N73LL1G3NC3 for some unknown reason. However, the author decided to continue sharing cool stuff and started the channel anew. Sharing
https://news.1rj.ru/str/P0x3k_1N73LL1G3NC3
https://news.1rj.ru/str/P0x3k_1N73LL1G3NC3
Telegram
1N73LL1G3NC3
Reborn…
❤9
Green with Evil: Analyzing the new Lockbit 4 Green
https://elis531989.medium.com/green-with-evil-analyzing-the-new-lockbit-4-green-7f5783c4414c
https://elis531989.medium.com/green-with-evil-analyzing-the-new-lockbit-4-green-7f5783c4414c
Forwarded from Reverse Dungeon
https://github.com/nuta/operating-system-in-1000-lines
https://habr.com/ru/companies/ruvds/articles/874154/
https://habr.com/ru/companies/ruvds/articles/874154/
GitHub
GitHub - nuta/operating-system-in-1000-lines: Writing an OS in 1,000 lines.
Writing an OS in 1,000 lines. Contribute to nuta/operating-system-in-1000-lines development by creating an account on GitHub.
Forwarded from ..: لیکفا | Leakfa :..
🚨 نقض جدید: اطلاعات میلیونها شهروند ایرانی تحت پوشش سازمان بیمه سلامت در خطر افشای گسترده
مهاجمان توانستهاند به اطلاعات شخصی و بیمهای شهروندان، کارکنان دولت و سایر بیمه شدگان "سازمان بیمه سلامت ایران" دسترسی پیدا کنند. هنوز جزئیات دقیقی از میزان اطلاعات به سرقت رفته و یا استفاده احتمالی از آنها منتشر نشده است. با این حال، تاکنون مجموعه بزرگی در حدود 1 میلیون خط نام، نام خانوادگی، تاریخ تولد، نام پدر، شماره ملی، شماره تلفن همراه، وضعیت حیات، شناسه بیمه گذار، نام بیمه گذار و اطلاعات دیگری از این دادهها توسط هکر/هکرها به صورت عمومی منتشر شده است.
📌 اطلاعات افشاشده میتواند پیامدهای جدی مانند سرقت هویت، افزایش کلاهبرداریهای فیشینگ و کاهش اعتماد عمومی را به دنبال داشته باشد. کاربران باید هوشیار بوده و از ارائه اطلاعات شخصی در تماسها یا پیامهای مشکوک خودداری کنند.
✅ صحت دادههای نمونه بررسی شده و قابل تایید است!
🆔 @leakfarsi
مهاجمان توانستهاند به اطلاعات شخصی و بیمهای شهروندان، کارکنان دولت و سایر بیمه شدگان "سازمان بیمه سلامت ایران" دسترسی پیدا کنند. هنوز جزئیات دقیقی از میزان اطلاعات به سرقت رفته و یا استفاده احتمالی از آنها منتشر نشده است. با این حال، تاکنون مجموعه بزرگی در حدود 1 میلیون خط نام، نام خانوادگی، تاریخ تولد، نام پدر، شماره ملی، شماره تلفن همراه، وضعیت حیات، شناسه بیمه گذار، نام بیمه گذار و اطلاعات دیگری از این دادهها توسط هکر/هکرها به صورت عمومی منتشر شده است.
📌 اطلاعات افشاشده میتواند پیامدهای جدی مانند سرقت هویت، افزایش کلاهبرداریهای فیشینگ و کاهش اعتماد عمومی را به دنبال داشته باشد. کاربران باید هوشیار بوده و از ارائه اطلاعات شخصی در تماسها یا پیامهای مشکوک خودداری کنند.
✅ صحت دادههای نمونه بررسی شده و قابل تایید است!
🆔 @leakfarsi
..: لیکفا | Leakfa :..
🚨 نقض جدید: اطلاعات میلیونها شهروند ایرانی تحت پوشش سازمان بیمه سلامت در خطر افشای گسترده مهاجمان توانستهاند به اطلاعات شخصی و بیمهای شهروندان، کارکنان دولت و سایر بیمه شدگان "سازمان بیمه سلامت ایران" دسترسی پیدا کنند. هنوز جزئیات دقیقی از میزان اطلاعات…
maybe only the company info and not customers ...
( Only around 1000 users )
( Only around 1000 users )
💔4
Master Code Security Review
Learn to research vulnerabilities by reviewing the source code of real-world cases.
http://vulnerable.codes/register
Learn to research vulnerabilities by reviewing the source code of real-world cases.
http://vulnerable.codes/register
❤6
Hi everyone ,
I see my duty to inform you you should not share your sensitive information ( specially your resume - which may contains your contact information, city , abilities ... ) to unofficial individuals .
Like this case , an unofficial individual collecting job résumé from people for a job opportunity
Plz find a job through popular/official platform and not from a unknown risky guy on telegram
Have a nice day
I see my duty to inform you you should not share your sensitive information ( specially your resume - which may contains your contact information, city , abilities ... ) to unofficial individuals .
Like this case , an unofficial individual collecting job résumé from people for a job opportunity
Plz find a job through popular/official platform and not from a unknown risky guy on telegram
Have a nice day
👍45🤯28❤1
Win_Sec_Int.pdf
6.3 MB
"Windows Security Internals:
A Deep Dive into Windows Authentication, Authorization, and Auditing", 2024.
👍12
Forwarded from /mdre/
Guys if you like my posts, please don't mind to share them, it will help channel grow :)
👍6
𝐅𝐢𝐧𝐝 𝐚𝐥𝐥 𝐩𝐫𝐢𝐯𝐚𝐭𝐞 𝐠𝐫𝐨𝐮𝐩𝐬 𝐜𝐫𝐞𝐚𝐭𝐞𝐝 𝐛𝐲 𝐚 𝐓𝐞𝐥𝐞𝐠𝐫𝐚𝐦 𝐮𝐬𝐞𝐫 𝐮𝐬𝐢𝐧𝐠 𝐭𝐡𝐞𝐢𝐫 𝐓𝐆 𝐈𝐃!
This method is extremely handy for SOCMINT investigations and can potentially reveal all private groups created by a specific Telegram user.
When Telegram generates an invite link prefix for private groups, it translates the user ID into a 32-bit hexadecimal value and then encodes it using a base64 algorithm. The resulting invite link structure looks like this:
𝐭.𝐦𝐞/𝐣𝐨𝐢𝐧𝐜𝐡𝐚𝐭/𝐛𝐚𝐬𝐞64_𝐕𝐚𝐥𝐮𝐞
Alright… here’s how you do it. Say we have the following 𝐓𝐆 𝐈𝐃: 1111111111
Using e.g. Cryptii, simply insert the TG ID as input and convert it to a 32-bit hex string.
𝐓𝐡𝐞 𝐫𝐞𝐬𝐮𝐥𝐭𝐢𝐧𝐠 32-𝐛𝐢𝐭 𝐡𝐞𝐱 𝐢𝐬: 42 3𝐚 35 𝐜7
https://cryptii.com/pipes/integer-encoder
Next, with CyberChef, encode the 32-bit hex as base64.
𝐓𝐡𝐞 𝐫𝐞𝐬𝐮𝐥𝐭 𝐢𝐬: 𝐐𝐣𝐨1𝐱𝐰
https://gchq.github.io/CyberChef/
Since private chat invite URLs only consist of 5 characters, we remove the last character, leaving us with Qjo1x.
All private invite links follow this structure:
𝐭.𝐦𝐞/𝐣𝐨𝐢𝐧𝐜𝐡𝐚𝐭/𝐐𝐣𝐨1𝐱
Now, you can search for this in your preferred search engine:
"𝐭.𝐦𝐞/𝐣𝐨𝐢𝐧𝐜𝐡𝐚𝐭/𝐐𝐣𝐨1𝐱"
𝐁𝐨𝐧𝐮𝐬 𝐓𝐢𝐩:
You can also check the URL with the Wayback Machine to see if there are any archived versions of the target URL.
𝐡𝐭𝐭𝐩𝐬://𝐰𝐞𝐛.𝐚𝐫𝐜𝐡𝐢𝐯𝐞.𝐨𝐫𝐠/𝐰𝐞𝐛/*/𝐭.𝐦𝐞/𝐣𝐨𝐢𝐧𝐜𝐡𝐚𝐭/𝐐𝐣𝐨1𝐱/*
credits : Valdemar B.
This method is extremely handy for SOCMINT investigations and can potentially reveal all private groups created by a specific Telegram user.
When Telegram generates an invite link prefix for private groups, it translates the user ID into a 32-bit hexadecimal value and then encodes it using a base64 algorithm. The resulting invite link structure looks like this:
𝐭.𝐦𝐞/𝐣𝐨𝐢𝐧𝐜𝐡𝐚𝐭/𝐛𝐚𝐬𝐞64_𝐕𝐚𝐥𝐮𝐞
Alright… here’s how you do it. Say we have the following 𝐓𝐆 𝐈𝐃: 1111111111
Using e.g. Cryptii, simply insert the TG ID as input and convert it to a 32-bit hex string.
𝐓𝐡𝐞 𝐫𝐞𝐬𝐮𝐥𝐭𝐢𝐧𝐠 32-𝐛𝐢𝐭 𝐡𝐞𝐱 𝐢𝐬: 42 3𝐚 35 𝐜7
https://cryptii.com/pipes/integer-encoder
Next, with CyberChef, encode the 32-bit hex as base64.
𝐓𝐡𝐞 𝐫𝐞𝐬𝐮𝐥𝐭 𝐢𝐬: 𝐐𝐣𝐨1𝐱𝐰
https://gchq.github.io/CyberChef/
Since private chat invite URLs only consist of 5 characters, we remove the last character, leaving us with Qjo1x.
All private invite links follow this structure:
𝐭.𝐦𝐞/𝐣𝐨𝐢𝐧𝐜𝐡𝐚𝐭/𝐐𝐣𝐨1𝐱
Now, you can search for this in your preferred search engine:
"𝐭.𝐦𝐞/𝐣𝐨𝐢𝐧𝐜𝐡𝐚𝐭/𝐐𝐣𝐨1𝐱"
𝐁𝐨𝐧𝐮𝐬 𝐓𝐢𝐩:
You can also check the URL with the Wayback Machine to see if there are any archived versions of the target URL.
𝐡𝐭𝐭𝐩𝐬://𝐰𝐞𝐛.𝐚𝐫𝐜𝐡𝐢𝐯𝐞.𝐨𝐫𝐠/𝐰𝐞𝐛/*/𝐭.𝐦𝐞/𝐣𝐨𝐢𝐧𝐜𝐡𝐚𝐭/𝐐𝐣𝐨1𝐱/*
credits : Valdemar B.
👍10👎4🤔3🔥2🗿2