Forwarded from Blue Team Alerts
AMSI-PeParse-Patch
This tool locates AmsiScanBuffer in remote processes by reading PE headers with multiple ReadProcessMemory calls, then extracts function addresses from the export table and patches the function's memory to return "clean" (0) for any scan using VirtualProtectEx and WriteProcessMemory.EvilBytecode/EvilByte-Remote-AMSI-Bypass: Bypasses AMSI protection through remote memory patching and parsing technique.
Discuss on Reddit: https://ift.tt/IDKhBrP
@blueteamalerts
This tool locates AmsiScanBuffer in remote processes by reading PE headers with multiple ReadProcessMemory calls, then extracts function addresses from the export table and patches the function's memory to return "clean" (0) for any scan using VirtualProtectEx and WriteProcessMemory.EvilBytecode/EvilByte-Remote-AMSI-Bypass: Bypasses AMSI protection through remote memory patching and parsing technique.
Discuss on Reddit: https://ift.tt/IDKhBrP
@blueteamalerts
GitHub
GitHub - EvilBytecode/EvilByte-Remote-AMSI-Bypass: Bypasses AMSI protection through remote memory patching and parsing technique.
Bypasses AMSI protection through remote memory patching and parsing technique. - EvilBytecode/EvilByte-Remote-AMSI-Bypass
❤2👍2
Forwarded from OnHex
🔴 ویدیوی ارائه های کنفرانس Black Hat Europe 2024 در یوتیوب بروز شده که اگه علاقمند بودید، مشاهده کنید.
یکی از ارائه ها با عنوان UNC1860 and The Temple of Oats - Iran's hidden hand in Middle Eastern Networks در خصوص یک گروه هکری منتسب به ایران هستش.
#کنفرانس
#BlackhatEurope2024 #BlackhatEu2024 #Blackhat
🆔 @onhex_ir
➡️ ALL Link
یکی از ارائه ها با عنوان UNC1860 and The Temple of Oats - Iran's hidden hand in Middle Eastern Networks در خصوص یک گروه هکری منتسب به ایران هستش.
#کنفرانس
#BlackhatEurope2024 #BlackhatEu2024 #Blackhat
🆔 @onhex_ir
➡️ ALL Link
❤1👍1
Forwarded from Orca Cyber Weapons
RE-MA Roadmap Repository Update
The RE-MA Roadmap has been updated with new resources. Check it out to explore more materials for mastering reverse engineering and malware analysis!
Explore the updated roadmap here
@OrcaCyberWeapons
The RE-MA Roadmap has been updated with new resources. Check it out to explore more materials for mastering reverse engineering and malware analysis!
Explore the updated roadmap here
@OrcaCyberWeapons
GitHub
GitHub - x86byte/RE-MA-Roadmap: Reverse Engineering and Malware Analysis Roadmap
Reverse Engineering and Malware Analysis Roadmap. Contribute to x86byte/RE-MA-Roadmap development by creating an account on GitHub.
🔥5👍2❤1
If you remove the first word from the string "hello world", what should the result be? This is the story of how we discovered that the answer could be your root password!
https://lock.cmpxchg8b.com/zenbleed.html
https://lock.cmpxchg8b.com/zenbleed.html
🤔4👍2🔥1
Visualizing entire Chromium include graph
https://blog.bkryza.com/posts/visualizing-chromium-include-graph/
https://blog.bkryza.com/posts/visualizing-chromium-include-graph/
❤2👍1
Forwarded from Z_Intelligence is scam
Z_Intelligence is scammer
chat here as Z_Intelligence and support do not response
chat here as Z_Intelligence and support do not response
Z_Intelligence is scam
Z_Intelligence is scammer chat here as Z_Intelligence and support do not response
personally i pay for they enterprise plan and their service just worked for few days :/
and their support don't answer anything 🤔
RIP my money😭😂
and their support don't answer anything 🤔
RIP my money😭😂
😁11❤7👍1🤔1
Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware
https://www.justice.gov/opa/pr/iranian-man-pleaded-guilty-role-robbinhood-ransomware
https://www.justice.gov/opa/pr/iranian-man-pleaded-guilty-role-robbinhood-ransomware
🔥3👍2❤1
Source Byte
Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware https://www.justice.gov/opa/pr/iranian-man-pleaded-guilty-role-robbinhood-ransomware
SentinelOne
From “RobbinHood” to APT28: Crimeware Virus & APT Journey
What is crimeware? Vitali Kremez explores Golang malware through a comparison of Robbinhood ransomware to APT 28. Learn more here.
👍3
Forwarded from Infosec Fortress
Blogspot
The Windows Registry Adventure #8: Practical exploitation of hive memory corruption
Posted by Mateusz Jurczyk, Google Project Zero In the previous blog post , we focused on the general security analysis of the registry a...
The Windows Registry Adventure #8: Practical exploitation of hive memory corruption
🔗 Link
#exploitation
#windows
———
🆔 @Infosec_Fortress
🔗 Link
#exploitation
#windows
———
🆔 @Infosec_Fortress
👍4❤2
Source Byte
https://github.com/Nooshdaroo-Code/Kaveh/blob/main/README-fa.md
ummmm interesting project , why not using this IOCs to detect infected devices using https://github.com/Divested-Mobile/Hypatia ? 🤔
GitHub
GitHub - Divested-Mobile/Hypatia: A realtime malware scanner
A realtime malware scanner. Contribute to Divested-Mobile/Hypatia development by creating an account on GitHub.
👍1
Driver Analyzer
A static analysis tool that helps security researchers scan a list of Windows kernel drivers for common vulnerability patterns in drivers (CVE makers!)
https://github.com/BehroozAbbassi/DriverAnalyzer
A static analysis tool that helps security researchers scan a list of Windows kernel drivers for common vulnerability patterns in drivers (CVE makers!)
https://github.com/BehroozAbbassi/DriverAnalyzer
❤7🔥2
OopsSec The bad, the worst and the ugly
of APT’s operations security
https://www.youtube.com/watch?v=StSLxFbVz0M
of APT’s operations security
https://www.youtube.com/watch?v=StSLxFbVz0M
👍4