Source Byte

DarkPulse is a shellcode packer written in Go. It is used to generate various shellcode loaders. https://github.com/fdx-xdf/darkPulse #maldev

🥁 رویداد امنیت سایبری PHDays روسیه از سال ۲۰۱۱ شروع‌به‌کار کرد و از سال گذشته، توی ابعادی وسیع‌تر، به یه جشنواره‌ی بین‌المللی و بزرگ‌ترین رویداد امنیت سایبری روسیه تبدیل شد. برنامه‌های این رویداد نه‌تنها برای متخصصان این حوزه، که برای عموم مردم، به‌خصوص کودکان و نوجوانان، ترتیب داده می‌شه. جشنواره‌ی PHDays 2 یا Positive Hack Days 2، امسال از ۳ تا ۶ خرداد، توی مجموعه‌ی ورزشی لوژنیکی مسکو برگزار شد. رویدادی که شامل بخش‌ها و برنامه‌های متنوع تخصصی و تعاملی امنیت سایبری و دنیای دیجیتال بود و توی بخش ارائه‌های فنی، «مهدی حاتمی» از آکادمی راوین هم یه ارائه داشت. 📣 یه ویدیوی کوتاه و گزارش تصویری از این رویداد رو آماده کردیم که تماشا کنی. 🔗 تماشای ویدیوی خلاصه‌ی رویداد: آپارات | YouTube @RavinAcademy

Lets play with memory

A memory-based evasion technique which makes shellcode invisible from process start to end. A tale of EDR bypass ZeroTotal: Rusty Calc The quest to achieve an undetectable self-injecting calc implant using Rust A Nim implementation of reflective PE-Loading from memory

Nightmangle Post-exploitation Telegram C2 Agent written in Rust Features: - Impersonation via token duplication - In-memory .NET Assembly Execution - BOF execution (custom implementation of the original Cobalt Strike's beacon_inline_execute) - Remote commands execution on victim - Steal saved credentials from browsers (Firefox, Edge, Chromium, Chrome, Brave) - Download/Upload files - Screenshot

bypass windows ACL permission https://www.tiraniddo.dev/2024/06/working-your-way-around-acl.html?m=1

gargoyle is a technique for hiding all of a program’s executable code in non-executable memory GitHub Link Blog #malware_dev

#meme

weaponizing Nim for implant development and general offensive operations https://github.com/byt3bl33d3r/OffensiveNim.git Interesting Nim libraries https://github.com/dom96/jester https://github.com/pragmagic/karax https://github.com/Niminem/Neel https://github.com/status-im/nim-libp2p https://github.com/PMunch/libkeepass https://github.com/def-/nim-syscall https://github.com/tulayang/asyncdocker https://github.com/treeform/ws https://github.com/guzba/zippy https://github.com/rockcavera/nim-iputils https://github.com/FedericoCeratto/nim-socks5 https://github.com/CORDEA/backoff https://github.com/treeform/steganography https://github.com/miere43/nim-registry https://github.com/status-im/nim-daemon #malware_dev #nim

OffensiveGolang is a collection of offensive Go packs inspired by different repositories. Ideas have been taken from OffensiveGoLang and Ben Kurtz's DEFCON 29 talk. https://github.com/MrTuxx/OffensiveGolang.git

🔸 1 بررسی مفاهیم اولیه رمزنگاری 🔸 2 بررسی Encoding and Encryption 🔸 3 بررسی Hash & HMAC 🔸 4 بررسی Password Storage, Salt & Pepper 🔸 5 رمزنگاری متقارن یا Symmetric Encryption 🔸6 رمزنگاری نامتقارن یا Asymmetric Encryption 🔸7 امضا و گواهینامه دیجیتال 🔸8 رمزنگاری سخت افزاری و خطرات دولت ها 🔸9 ریاضیات و شرح کارکرد الگریتم های نامتقارن 🔸10 رمزنگاری منحنی بیضوی یا Elliptic-Curve 🔸11 بررسی امنیت پروتوکول های شبکه 🔸12 بررسی حملات رمزنگاری 🔸13 مرور و جمع بندی

#ShortVideo How to Deal With Password Protect Video Master (PPVM) Integrity Check 🦅 کانال بایت امن | گروه بایت امن _

SWAPPALA: Why Change When You Can Hide? Advanced Module Stomping technique Github

CookieKatz Dump cookies directly from Chrome, Edge, or Msedgewebview2 process memory. Chromium-based browsers load all their cookies from the on-disk cookie database on startup. The benefits of this approach are:

  • Support dumping cookies from Chrome’s Incogntio and Edge’s In-Private processes
  • Access cookies of other user’s browsers when running elevated
  • Dump cookies from webview processes
  • No need to touch on-disk database file
  • DPAPI keys not needed to decrypt the cookies
  • Parse cookies offline from a minidump file

This solution consists of three projects:

   • CookieKatz - PE executable
   • CookieKatz-BOF - Beacon Object File version
   • CookieKatzMinidump - minidump parser.

Abusing the SeRelabelPrivilege

that a specific Group Poilcy granted via “User Right Assignments” the SeRelabelPrivilege to the built-in Users group and was applied on several computer accounts.

https://decoder.cloud/2024/05/30/abusing-the-serelabelprivilege #malware_dev

Google Chrome Use After Free vulnerability reported by S4E Team https://github.com/s4e-lab/CVE-2021-30573-PoC-Google-Chrome #cve #Exp #browser

Getting RCE in Chrome with incomplete object initialization in the Maglev compiler

In this post, I'll exploit CVE-2023-4069, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

https://github.blog/2023-10-17-getting-rce-in-chrome-with-incomplete-object-initialization-in-the-maglev-compiler/ #cve #Exp #browser

Getting RCE in Chrome with incorrect side effect in the JIT compiler

In this post, I'll exploit CVE-2023-3420, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

https://github.blog/2023-09-26-getting-rce-in-chrome-with-incorrect-side-effect-in-the-jit-compiler/ #cve #Exp #browser

Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals Chrome Browser Exploitation, Part 2: Introduction to Ignition, Sparkplug and JIT Compilation via TurboFan Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463 #cve #Exp

https://blog.0daylabs.com/2024/05/27/jetbrains-teamcity-auth-bypass/ Diving deep into Jetbrains TeamCity Part 1 - Analysing CVE-2024-23917 leading to Authentication Bypass