Source Byte

hell yeah , my teacher MR.Amirheidari achieved rank 72 on microsoft's MSRC leaderboard i think i have more excitement than he has 😂 https://msrc.microsoft.com/leaderboard

APT1

aka: Brown Fox, Byzantine Candor, COMMENT PANDA, Comment Crew, Comment Group, G0006, GIF89a, Group 3, PLA Unit 61398, ShadyRAT, TG-8223

PLA Unit 61398 (Chinese: 61398部队, Pinyin: 61398 bùduì) is the Military Unit Cover Designator (MUCD)[1] of a People's Liberation Army advanced persistent threat unit that has been alleged to be a source of Chinese computer hacking attacks * Download samples * #APT #APT1 #PAPER

series on virtualization technologies and internals of various solutions (QEMU, Xen and VMWare) Credit: @LordNoteworthy [ 0 ] Intro: virtualization internals part 1 intro to virtualization [ 1 ] VMWare: Virtualization Internals Part 2 - VMWare and Full Virtualization using Binary Translation [ 2 ] Xen: Virtualization Internals Part 3 - Xen and Paravirtualization [ 4 ] QEMU: Virtualization Internals Part 4 - QEMU ——- related posts : [ 0 ] Writing a simple 16 bit VM in less than 125 lines of C [ 1 ] Write your Own Virtual Machine [ 2 ] notes on vm and qemu escape exploit [ 3 ] notes on VMware escape exploits by version [ 4 ] Unpack VMProtect #VM , #cve_analysis , #VM_internals —- https://t.me/Source_byte

𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁, 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 𝗮𝗻𝗱 𝗗𝗙𝗜𝗥 𝗦𝗲𝗿𝗶𝗲𝘀 👾 🔗 Part 1 :- https://azr43lkn1ght.github.io/Malware%20Development,%20Analysis%20and%20DFIR%20Series%20-%20Part%20I/ 🔗 Part 2 :- https://azr43lkn1ght.github.io/Malware%20Development,%20Analysis%20and%20DFIR%20Series%20-%20Part%20II/ 🔗 Part 3 :- https://azr43lkn1ght.github.io/Malware%20Development,%20Analysis%20and%20DFIR%20Series%20-%20Part%20III/ 🔗 Part 4 :- https://azr43lkn1ght.github.io/Malware%20Development,%20Analysis%20and%20DFIR%20Series%20-%20Part%20IV/ @source_chat #maldev #malware #development #analysis #dfir #digitalforensic #incidentresponse

ملیکا تو مال منی

[ 1 ] From a Windows driver to a fully functionnal driver. In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR. https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/ [ 2 ] internal mecanisms of EDR's : https://www.youtube.com/watch?v=yacpjV6kWpM&t=387s [ 3 ] MyDumbEDR ( written in C ) https://github.com/sensepost/mydumbedr ——— @islemolecule_source

Callback objects- everything you didn't know

https://codemachine.com/articles/kernel_callback_functions.html https://youtu.be/lnv4GYKS_jI?si=El4rDdW6bpy1puoM

#edr #windows

Callback objects- everything you didn't know

https://codemachine.com/articles/kernel_callback_functions.html https://youtu.be/lnv4GYKS_jI?si=El4rDdW6bpy1puoM

THREAD NAME-CALLING – USING THREAD NAME FOR OFFENSE https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/ [ GitHub ]

The Security Principle Every Attacker Needs to Follow Credit : Elad Shamir

I decided to focus on “Identity-Driven Offensive Tradecraft”, in this post, I will explain what I mean by that and why it is so central to attack paths and red team operations. 

https://posts.specterops.io/the-security-principle-every-attacker-needs-to-follow-905cc94ddfc6

CrowdStrike Thread Actor Database

Windows Kernel Resources: Development, Exploitation, and Analysis credit :Tetsuo A collection of resources for Windows kernel development, exploitation, analysis, and security. Suitable for beginners to experts, this compilation covers a wide range of topics including driver development, reverse engineering, vulnerability research, and Windows internals. https://x.com/7etsuo/status/1816285806547591371 #twitter_article