Source Byte

🤔 Permanent solution

🖥 Introduction for to Windows kernel exploitation Explore the Windows Kernel with HEVD, a vulnerable driver. Dive into stack overflow exploits and bypass SMEP/KPTI protections using the sysret approach. A detailed guide for Windows kernel explotation: — Part 0: Where do I start? — Part 1: Will this driver ever crash? — Part 2: Is there a way to bypass kASLR, SMEP and KVA Shadow? — Part 3: Can we rop our way into triggering our shellcode? — Part 4: How do we write a shellcode to elevate privileges and gracefully return to userland? #windows #kernel #driver #hevd #hacksys

https://engineers.inpyjama.com/learn/ldd-101 Linux device driver development free course #Linux #Course #English

11 Strategies of a World-Class Cybersecurity Operations Center by mitre

Strategy 1: Know What You Are Protecting and Why Strategy 2: Give the SOC the Authority to Do Its Job Strategy 3: Build a SOC Structure to Match Your Organizational Needs Strategy 4: Hire AND Grow Quality Staff Strategy 5: Prioritize Incident Response Strategy 6: Illuminate Adversaries with Cyber Threat Intelligence Strategy 7: Select and Collect the Right Data Strategy 8: Leverage Tools to Support Analyst Workflow Strategy 9: Communicate Clearly, Collaborate Often, Share Generously Strategy 10: Measure Performance to Improve Performance Strategy 11: Turn up the Volume by Expanding SOC Functionality

درود. من یک مطلب کوتاهی نوشتم برای درک پروسه‌ای که توی کرنل رخ می‌ده موقع Null-dereference (معماری x86) و مقداری در مورد Virtual Memory Management کرنل صحبت کردم. شاید برای بچه‌هایی که روی آسیب‌پذیری‌های سمت کرنل کار می‌کنن هم جالب باشه: https://imanseyed.github.io/posts/the-flow-of-the-kernel-upon-receiving-a-sigsegv-for-null-dereferene/

Unauthenticated SSRF on Havoc C2 teamserver via spoofed demon agent Credit : Evan Ikeda https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/

Emulating inline decryption for triaging C++ malware Blog

References Glory Sprout string decryptor: gsprout_string_decryption.py Glory Sprout Hash resolver: gsprout_api_resolver.py GlorySprout sample: Malwarebazaar Insight from GlorySprout and Taurus Stelaer: RussianPanda Research Blog Let’s play (again) with Predator the thief An In-Depth analysis of the new Taurus Stealer

#malware_analysis

https://github.com/mgeeky/ProtectMyTooling Holy tool for red teamers

Windows Internals Learning Resources credit : Patrick Matula A summary of learning resources in the categories:

+ Windows Internals + Windows Debugging and Troubleshooting + Windows Performance + Windows Programming

https://github.com/pmatula/Windows-Internals-Learning-Resources

IAT-Tracer V2 IAT-Tracer V2 is a plugin for Tiny-Tracer framework Now, you can automatically trace and watch any Windows API function a binary uses, whether imported or *dynamically resolved*. credit : Yoav Levi https://github.com/YoavLevi/IAT-Tracer

Thanks for 4k

Ghostly Hollowing Via Tampered Syscalls Implementing the ghostly hollowing (a hybrid technique between Process Hollowing and Process Ghosting) PE injection technique using tampered syscalls (to bypass userland hooks while simultaneously spoofing the invoked syscall's arguments).