Source Byte
🔴 این روزها احتمالا خبر اضافه شدن زبان فارسی به NotebookLM رو شندید که امکان ساخت پادکست و خلاصه صوتی رو میده. برای تستش ارائه ی خانم Valentina Palmiotti با عنوان "The Exploit Development Life Cycle: From Concept to Compromise" در کنفرانس BSides Canberra…
This media is not supported in your browser
VIEW IN TELEGRAM
👍3
CoffLoader
Introduction
Portable Executable (PE)
Store data in a PE
Reference to functions and variables during execution
Object files
Overview
Coff Loader
BOF or COFF ?
BOF advantages
BOF disadvantage
Hands on : COFF Loader
Blueprint
COFF specification
COFF Header
Sections Header
Navigate into sections
Relocations Table
Absolute and Relative address
Symbol Table
Symbol Table String
Conclusion
Write sections in memory
Perform relocations
Special symbol
Standard symbol relocation
Put things altogether
Run the code
Upgrade
Compatibility with CobaltStrike BOF
CobaltStrike BOF specificities
Add support for beacon internal functions
Format parameters for CobalStrike BOF
Dynamic .got and .bss
Conclusion
Ressources
External contribution
❤3🔥1
Forwarded from Sec Note
LoudSunRun
Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
- Mgeeky implementation
Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
- Mgeeky implementation
🔥7❤3👍2
STUXNET AND THE CONSEQUENCES
https://www.langner.com/wp-content/uploads/2017/08/Stuxnet-und-die-Folgen.pdf
auto translated versions on next post
https://www.langner.com/wp-content/uploads/2017/08/Stuxnet-und-die-Folgen.pdf
auto translated versions on next post
👍3❤1🗿1
Decrypt App-Bound encrypted keys in Chrome 127+, using the IElevator COM interface bypassing path validation and encryption protections.
Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) — all in user mode, no admin rights required.
If you find this useful, I’d appreciate a coffee: ko-fi
👍2
Forwarded from Blue Team Alerts
AMSI-PeParse-Patch
This tool locates AmsiScanBuffer in remote processes by reading PE headers with multiple ReadProcessMemory calls, then extracts function addresses from the export table and patches the function's memory to return "clean" (0) for any scan using VirtualProtectEx and WriteProcessMemory.EvilBytecode/EvilByte-Remote-AMSI-Bypass: Bypasses AMSI protection through remote memory patching and parsing technique.
Discuss on Reddit: https://ift.tt/IDKhBrP
@blueteamalerts
This tool locates AmsiScanBuffer in remote processes by reading PE headers with multiple ReadProcessMemory calls, then extracts function addresses from the export table and patches the function's memory to return "clean" (0) for any scan using VirtualProtectEx and WriteProcessMemory.EvilBytecode/EvilByte-Remote-AMSI-Bypass: Bypasses AMSI protection through remote memory patching and parsing technique.
Discuss on Reddit: https://ift.tt/IDKhBrP
@blueteamalerts
GitHub
GitHub - EvilBytecode/EvilByte-Remote-AMSI-Bypass: Bypasses AMSI protection through remote memory patching and parsing technique.
Bypasses AMSI protection through remote memory patching and parsing technique. - EvilBytecode/EvilByte-Remote-AMSI-Bypass
❤2👍2
Forwarded from OnHex
🔴 ویدیوی ارائه های کنفرانس Black Hat Europe 2024 در یوتیوب بروز شده که اگه علاقمند بودید، مشاهده کنید.
یکی از ارائه ها با عنوان UNC1860 and The Temple of Oats - Iran's hidden hand in Middle Eastern Networks در خصوص یک گروه هکری منتسب به ایران هستش.
#کنفرانس
#BlackhatEurope2024 #BlackhatEu2024 #Blackhat
🆔 @onhex_ir
➡️ ALL Link
یکی از ارائه ها با عنوان UNC1860 and The Temple of Oats - Iran's hidden hand in Middle Eastern Networks در خصوص یک گروه هکری منتسب به ایران هستش.
#کنفرانس
#BlackhatEurope2024 #BlackhatEu2024 #Blackhat
🆔 @onhex_ir
➡️ ALL Link
❤1👍1
Forwarded from Orca Cyber Weapons
RE-MA Roadmap Repository Update
The RE-MA Roadmap has been updated with new resources. Check it out to explore more materials for mastering reverse engineering and malware analysis!
Explore the updated roadmap here
@OrcaCyberWeapons
The RE-MA Roadmap has been updated with new resources. Check it out to explore more materials for mastering reverse engineering and malware analysis!
Explore the updated roadmap here
@OrcaCyberWeapons
GitHub
GitHub - x86byte/RE-MA-Roadmap: Reverse Engineering and Malware Analysis Roadmap
Reverse Engineering and Malware Analysis Roadmap. Contribute to x86byte/RE-MA-Roadmap development by creating an account on GitHub.
🔥5👍2❤1
If you remove the first word from the string "hello world", what should the result be? This is the story of how we discovered that the answer could be your root password!
https://lock.cmpxchg8b.com/zenbleed.html
https://lock.cmpxchg8b.com/zenbleed.html
🤔4👍2🔥1
Visualizing entire Chromium include graph
https://blog.bkryza.com/posts/visualizing-chromium-include-graph/
https://blog.bkryza.com/posts/visualizing-chromium-include-graph/
❤2👍1
Forwarded from Z_Intelligence is scam
Z_Intelligence is scammer
chat here as Z_Intelligence and support do not response
chat here as Z_Intelligence and support do not response
Z_Intelligence is scam
Z_Intelligence is scammer chat here as Z_Intelligence and support do not response
personally i pay for they enterprise plan and their service just worked for few days :/
and their support don't answer anything 🤔
RIP my money😭😂
and their support don't answer anything 🤔
RIP my money😭😂
😁11❤7👍1🤔1
Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware
https://www.justice.gov/opa/pr/iranian-man-pleaded-guilty-role-robbinhood-ransomware
https://www.justice.gov/opa/pr/iranian-man-pleaded-guilty-role-robbinhood-ransomware
🔥3👍2❤1
Source Byte
Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware https://www.justice.gov/opa/pr/iranian-man-pleaded-guilty-role-robbinhood-ransomware
SentinelOne
From “RobbinHood” to APT28: Crimeware Virus & APT Journey
What is crimeware? Vitali Kremez explores Golang malware through a comparison of Robbinhood ransomware to APT 28. Learn more here.
👍3