Source Byte

Keylogging in the Windows kernel with undocumented data structures Link #malware_dev ------ @islemolecule_source

IRC Botnet sinkhole:full reverse process Link #malware_analysis #reverse --------- @islemolecule_source

A Technical Deep Dive: Comparing Anti-Cheat Bypass and EDR Bypass Link #edr #malware_dev ------ @islemolecule_source

Deep Dive into DLL Sideloading and DLL Hijacking Link #malware_dev ------ @islemolecule_source

Unpacking RC4 Encrypted Malware - REvil ransomware Link #malware_analysis #reverse --------- @islemolecule_source

Static Analysis Automation for Hunting Vulnerable Kernel Drivers https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html Slides 👇

A Deep Dive Into Exploiting Windows Thread Pools https://urien.gitbook.io/diago-lima/a-deep-dive-into-exploiting-windows-thread-pools #window_internals , #exploitation

TinyTurla-NG in-depth tooling and command and control analysis https://blog.talosintelligence.com/tinyturla-ng-tooling-and-c2/ #c2

[ 01 ] Reversing Windows Internals [ 02 ] Portable Executable Anatomy [ 03 ] Data Directories of Interest [ 04 ] Import Directory [ 05 ] Import Address Table [ 06 ] Export Directory [ 07 ] Manual Walkthrough of Export Directory [ 08 ] Process Environment Block [ 09 ] Different methods to locate the PEB [ 10 ] Understanding an Example Shellcode [ 11 ] Using _PEB_LDR_DATA [ 12 ] Using _LDR_DATA_TABLE_ENTRY [ 13 ] Practical Example with Rustock.B Rootkit

Exploiting Linux kernel cls_tcindex network traffic classifier (CVE-2023-1829) Excellent writeup by Vu Thi Lan ( @lanleft_ ) https://starlabs.sg/blog/2023/06-breaking-the-code-exploiting-and-examining-cve-2023-1829-in-cls_tcindex-classifier-vulnerability/… #CVE_analysis ,