Available now! Telegram Research 2025 — the year's key insights 
Source Byte
Open in Telegram
هشیار کسی باید کز عشق بپرهیزد وین طبع که من دارم با عقل نیامیزد Saadi Shirazi 187
Show more7 849
Subscribers
+1024 hours
+467 days
+18730 days
Posts Archive
7 857
x64 WINAPI Recursive Loader
"Code provided by smelly - vx-underground"https://web.archive.org/web/20240928164510/https://github.com/Evi1Grey5/Recursive-Loader #Loader
7 857
The Anti-EDR Compendium
EDR functionality and bypasses in 2024, with focus on undetected shellcode loader.
https://blog.deeb.ch/posts/how-edr-works/
credit : Dobin Rutishauser
7 857
Repost from Order of Six Angles
Охуенная статья
Red Teaming in the age of EDR: Evasion of Endpoint Detection Through Malware Virtualisation
https://blog.fox-it.com/2024/09/25/red-teaming-in-the-age-of-edr-evasion-of-endpoint-detection-through-malware-virtualisation/
7 857
Injecting Code into Windows Protected Processes using COM, Part 1 and Part 2 by James Forshaw of the Project Zero team prompted an interest in COM internals and, more specifically, the undocumented DoCallback method part of the IRundown interface.
- POC
#COM
7 857
Repost from Offensive Xwitter
😈 [ Check Point Research @_CPResearch_ ]
10 years of DLL hijacking - featuring abused executables that shouldn't have existed, exported and malicious DLLs with discount bin "packing." Includes a PoC for app developers to pre-emptively stop hijacking without dealing with a certificate authority.
🔗 https://research.checkpoint.com/2024/10-years-of-dll-hijacking-and-what-we-can-do-to-prevent-10-more/
🐥 [ tweet ]
7 857
Kimsuky Group's new backdoor appeared (HappyDoor)
https://web.archive.org/web/20240626161026/https://asec.ahnlab.com/ko/67128/
7 857
Repost from CyberSecurityTechnologies
#Red_Team_Tactics
"HookChain: A new perspective for Bypassing EDR Solutions", 2024.
]-> https://github.com/helviojunior/hookchain
7 857
Repost from 1N73LL1G3NC3
🥤 Pivoting using ZeroTier
🥤 Pivoting using Nebula
Demonstration of pivoting with ZeroTier and Nebula during the post-exploitation process. These tools showcase impressive capabilities such as flexible routing, NAT traversal, and the ability to build tunnels between isolated network segments, granting full access to internal infrastructure.
Thx to my bro @casterbyte
7 857
Process Injection via Component Object Model (COM) IRundown::DoCallback()
From MDSechttps://www.mdsec.co.uk/2022/04/process-injection-via-component-object-model-com-irundowndocallback/
7 857
Demystifying Windows Component Object Model (COM)
https://www.221bluestreet.com/offensive-security/windows-components-object-model/demystifying-windows-component-object-model-com
7 857
Lateral Movement using the MMC20.Application COM Object
First parthttps://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/
7 857
Repost from Infosec Fortress
A journey through KiUserExceptionDispatcher
🔗 Link
#windows
#reverse
———
🆔 @Infosec_Fortress
7 857
Repost from T00ls公开频道 | T00ls.com | 低调求发展,潜心习安全!
黑客组织 Twelve 针对俄罗斯实体发动破坏性网络攻击(作者:maojila)
黑客组织 Twelve 针对俄罗斯实体发动破坏性网络攻击
