Slides deck on signal handling in Linux
courses.cms.caltech.edu/cs12…
courses.cms.caltech.edu/cs12…
Mockingjay revisisted - Process stomping and loading beacon with sRDI
naksyn.com/edr%20evasion/202…
naksyn.com/edr%20evasion/202…
Event Tracing for Windows (ETW) is crucial for modern EDR solutions. But what do you really know about its internal workings? Dive into ETW to discover useful attack targets and forensic information.
https://blog.trailofbits.com/2023/11/22/etw-internals-for-security-research-and-forensics/
@islemolecule_SOURCE
https://blog.trailofbits.com/2023/11/22/etw-internals-for-security-research-and-forensics/
@islemolecule_SOURCE
🎃2
Forwarded from vx-underground
Media is too big
VIEW IN TELEGRAM
Today EUROPOL in conjunction with the Ukraine National Police arrested individuals operating a ransomware group out of Ukraine. The group is believed to be behind the ransoming of 'over 1,000 servers'.
They released footage of some of the arrests
They released footage of some of the arrests
🤓1
#pwn #edu #guide
Understanding the Heap - a beautiful mess
https://jackfromeast.site/2023-01/understand-the-heap-a-beautiful-mess.html
See also heap exploitation series
#heap , #internals ,
Understanding the Heap - a beautiful mess
https://jackfromeast.site/2023-01/understand-the-heap-a-beautiful-mess.html
See also heap exploitation series
#heap , #internals ,
❤🔥4
Forwarded from Private Shizo
🔥Operator’s Guide to the Meterpreter BOFLoader
Recently, Kevin Clark and a few him friends decided to port him coworker Kevin Haubris‘ COFFLoader project to Metasploit. This new BOFLoader extension allows Beacon Object Files (BOFs) to be used from a Meterpreter session. This addition unlocks many new possibilities for Meterpreter and he think what, elevates Meterpreter back up to the status of a ‘modern C2 payload’. In this blog, Kevin Clark want to demonstrate uses of the BOFLoader and common errors an operator might make when using the BOFLoader for the first time.
These BOF examples barely scratch the surface of the BOFLoader’s capabilities. Hopefully this blog helps illustrate the possibilities of what can be done with BOFs. If it can be written in C, it can be a BOF.
Recently, Kevin Clark and a few him friends decided to port him coworker Kevin Haubris‘ COFFLoader project to Metasploit. This new BOFLoader extension allows Beacon Object Files (BOFs) to be used from a Meterpreter session. This addition unlocks many new possibilities for Meterpreter and he think what, elevates Meterpreter back up to the status of a ‘modern C2 payload’. In this blog, Kevin Clark want to demonstrate uses of the BOFLoader and common errors an operator might make when using the BOFLoader for the first time.
These BOF examples barely scratch the surface of the BOFLoader’s capabilities. Hopefully this blog helps illustrate the possibilities of what can be done with BOFs. If it can be written in C, it can be a BOF.
❤🔥2👍1
The Role of the Control Flow Graph in Static Analysis
nicolo.dev/en/blog/role-cont…
nicolo.dev/en/blog/role-cont…
Linux kernel SLUB allocators internals (and how to debug it)
Credits Imran Khan
Part 1: blogs.oracle.com/linux/post/…
Part 2: blogs.oracle.com/linux/post/…
Part 3: blogs.oracle.com/linux/post/…
Part 4: blogs.oracle.com/linux/post/…
Credits Imran Khan
Part 1: blogs.oracle.com/linux/post/…
Part 2: blogs.oracle.com/linux/post/…
Part 3: blogs.oracle.com/linux/post/…
Part 4: blogs.oracle.com/linux/post/…
Operator Bloopers Cobalt Strike Commands
detection.fyi/sigmahq/sigma/…
detection.fyi/sigmahq/sigma/…
ساخت یک آزمایشگاه Breach and Attack simulation
One Linux server deploying Caldera, Prelude Operator Headless, and VECTR
One Windows Client (Windows Server 2022) auto-configured for Caldera agent deployment, Prelude pneuma, and other Red & Blue tools
SH ✍🏻
One Linux server deploying Caldera, Prelude Operator Headless, and VECTR
One Windows Client (Windows Server 2022) auto-configured for Caldera agent deployment, Prelude pneuma, and other Red & Blue tools
SH ✍🏻
GitHub
GitHub - iknowjason/AutomatedEmulation: An automated Breach and Attack Simulation lab with terraform. Built for IaC stability…
An automated Breach and Attack Simulation lab with terraform. Built for IaC stability, consistency, and speed. - iknowjason/AutomatedEmulation
Reverse Engineering Go Binaries with Ghidra (Part 1)
https://forum.reverse4you.org/t/reverse-engineering-go-binaries-with-ghidra-part-1/20096/1
Reverse Engineering Go Binaries with Ghidra (Part 2)
https://forum.reverse4you.org/t/reverse-engineering-go-binaries-with-ghidra-part-2/20097
#reverse #ghidra #golang
https://forum.reverse4you.org/t/reverse-engineering-go-binaries-with-ghidra-part-1/20096/1
Reverse Engineering Go Binaries with Ghidra (Part 2)
https://forum.reverse4you.org/t/reverse-engineering-go-binaries-with-ghidra-part-2/20097
#reverse #ghidra #golang
R0 CREW
Reverse Engineering Go Binaries with Ghidra (Part 1)
Source: cujo.com Go (also called Golang) is an open source programming language designed by Google in 2007 and made available to the public in 2012. It gained popularity among developers over the years, but it’s not always used for good purposes. As it often…
👍3