Source Byte

Proof of concept code for thread pool based process injection in Windows. Link #malware_dev ——— @islemolecule_source

Improving the Landscape and Messaging of Offensive Tooling and Techniques Part 1 Improving our social media conduct Part 2 Offensive Tool and Technique Releases credit : @mattifestation video : https://www.youtube.com/watch?v=u00JCQxUAY0 slides : next post 👇🏻 #job_offers ——— @islemolecule_source

chrome-browser-exploitation Link #browser #pwn ——— @islemolecule_source

browser-exploition resources Link_1 Link_2 Link_3 #browser #pwn ——— @islemolecule_source

HyperDbg v0.8 is released! # [0.8.0.0] - 2024-01-28 New release of the HyperDbg Debugger thanks to @Mattiwatti. # Changed - Fix miscalculating MTRRs in 13th gen processors # Added - The !mode event command is added to detect kernel-to-user and user-to-kernel transitions https://docs.hyperdbg.org/commands/extension-commands/mode - The 'preactivate' command is added to support initializing special functionalities in the Debugger Mode https://docs.hyperdbg.org/commands/debugging-commands/preactivate ——— @islemolecule_source

HyperDbg v0.8 is released! # [0.8.0.0] - 2024-01-28 New release of the HyperDbg Debugger thanks to @Mattiwatti. # Changed - Fix miscalculating MTRRs in 13th gen processors # Added - The !mode event command is added to detect kernel-to-user and user-to-kernel transitions https://docs.hyperdbg.org/commands/extension-commands/mode - The 'preactivate' command is added to support initializing special functionalities in the Debugger Mode https://docs.hyperdbg.org/commands/debugging-commands/preactivate ——— @islemolecule_source

HyperDbg v0.8 is released! # [0.8.0.0] - 2024-01-28 New release of the HyperDbg Debugger thanks to @Mattiwatti. # Changed - Fix miscalculating MTRRs in 13th gen processors # Added - The !mode event command is added to detect kernel-to-user and user-to-kernel transitions https://docs.hyperdbg.org/commands/extension-commands/mode - The 'preactivate' command is added to support initializing special functionalities in the Debugger Mode https://docs.hyperdbg.org/commands/debugging-commands/preactivate ——— @islemolecule_source

Recreate undocumented structure using local types in ida pro Link #reverse #malware_analysis ——— @islemolecule_source

WMI Internals series : [ 1 ] Understanding the Basics [ 2 ] Reversing a WMI Provider [ 3 ] Beyond COM

Understanding Windows x64 Assembly https://sonictk.github.io/asm_tutorial/

Microsoft has announced their plan to retire WMIC. It will be replaced with an alternative in Powershell. WMI will still be accessible with COM API https://techcommunity.microsoft.com/t5/windows-it-pro-blog/wmi-command-line-wmic-utility-deprecation-next-steps/ba-p/4039242

Leaks and Revelations: A Web of IRGC Networks and Cyber Companies https://www.recordedfuture.com/leaks-and-revelations-irgc-networks-cyber-companies

KOVTER: An Evolving Malware Gone Fileless https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/kovter-an-evolving-malware-gone-fileless

What are LOLBins and How Can They be Used Maliciously? https://www.securityhq.com/blog/security-101-lolbins-malware-exploitation/ #malware_dev , #LoLBins , #CA ——— @islemolecule_source

Living Off The Land Binaries, Scripts and Libraries Windows binary used for handling certificates 🔗 https://lolbas-project.github.io/lolbas/Binaries/Certutil/ #malware_dev , #LoLBins ——— @islemolecule_source

Analyzing Modern Malware Techniques series [ 1 ] Fileless Malware - A self loading technique [ 2 ] A case of Powershell, Excel 4 Macros and VB6 (part 1 of 2) [ 3 ] A case of Powershell, Excel 4 Macros and VB6 (part 2 of 2) [ 4 ] I’m afraid of no packer #old_but_gold ——— @islemolecule_source