Finding Metasploit & Cobalt Strike URLs
Metasploit and Cobalt Strike generate shellcode for http(s) shells. The URLs found in this shellcode have a path that consist of 4 random alphanumeric characters. But they are not completely random: their 8-bit checksum is a member of a small set of constants.
https://isc.sans.edu/diary/Finding+Metasploit+Cobalt+Strike+URLs/27204
#Cobalt_Strike , #Metasploit ,
Metasploit and Cobalt Strike generate shellcode for http(s) shells. The URLs found in this shellcode have a path that consist of 4 random alphanumeric characters. But they are not completely random: their 8-bit checksum is a member of a small set of constants.
https://isc.sans.edu/diary/Finding+Metasploit+Cobalt+Strike+URLs/27204
#Cobalt_Strike , #Metasploit ,
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
https://github.com/LearningKijo/SecurityResearcher-Note
#Malware_analysis
https://github.com/LearningKijo/SecurityResearcher-Note
#Malware_analysis
#Malware_analysis
GULOADER: deobfuscating the downloader
https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader
Rhadamanthys v0.5.0 - a deep dive into the stealer’s components
https://research.checkpoint.com/2023/rhadamanthys-v0-5-0-a-deep-dive-into-the-stealers-components
GULOADER: deobfuscating the downloader
https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader
Rhadamanthys v0.5.0 - a deep dive into the stealer’s components
https://research.checkpoint.com/2023/rhadamanthys-v0-5-0-a-deep-dive-into-the-stealers-components
❤🔥1
Offensive Tool Development - The Shellcode Compiler Was Right There All Along
Part 1 :
https://sh3llsp4wn.github.io/Shellcode-With-The-Default-Linux-Toolchain/
Part 2 :
https://sh3llsp4wn.github.io/Shellcode-With-The-Default-Linux-Toolchain-2/
Part 1 :
https://sh3llsp4wn.github.io/Shellcode-With-The-Default-Linux-Toolchain/
Part 2 :
https://sh3llsp4wn.github.io/Shellcode-With-The-Default-Linux-Toolchain-2/
UAL-EN.pdf
11.8 MB
thanks X-L-R-8 for sharing this two books
Rebase the program when we load it to ida
https://malware.news/t/igor-s-tip-of-the-week-168-rebasing/76756
#reverse
https://malware.news/t/igor-s-tip-of-the-week-168-rebasing/76756
#reverse
Malware Analysis, News and Indicators
Igor’s Tip of the Week #168: Rebasing
When you load a file into IDA, whether a standard executable format (e.g. PE, ELF, Macho-O), or a raw binary, IDA assigns a particular address range to the data loaded from it, either from the file’s metadata or user’s input (in case of binary file). The…
How do we write a shellcode to elevate privileges and gracefully return to userland?
mdanilor.github.io/posts/hev…
#shellcode , #privilege_scalation
mdanilor.github.io/posts/hev…
#shellcode , #privilege_scalation
Windows Functions in Malware Analysis – Cheat Sheet
https://gist.github.com/404NetworkError/a81591849f5b6b5fe09f517efc189c1d#internetwritefile-top
#malware_analysis
#malware_dev
https://gist.github.com/404NetworkError/a81591849f5b6b5fe09f517efc189c1d#internetwritefile-top
#malware_analysis
#malware_dev
Gist
Concise Windows Functions in Malware Analysis List
Concise Windows Functions in Malware Analysis List - Windows_Functions_in_Malware.md
Malware Analysis Resources
(Anything that you want)
https://ryandinho.me/2022/01/27/malware-analysis-resources.html
#malware_analysis
(Anything that you want)
https://ryandinho.me/2022/01/27/malware-analysis-resources.html
#malware_analysis
Ryandinho
Malware Analysis Resources
Malware Analysis Resources This post encompasses all of the resources I have collected during my tenure as a cybersecurity professional and malware analyst. Although all of these resources may not be directly related to malware analysis, the information will…
Source Byte
https://www.safebreach.com/blog/process-injection-using-windows-thread-pools/
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
https://github.com/SafeBreach-Labs/PoolParty
#process_injection , #tools
https://github.com/SafeBreach-Labs/PoolParty
#process_injection , #tools
❤🔥2🎃1