Source Byte

Open in Telegram

هشیار کسی باید کز عشق بپرهیزد وین طبع که من دارم با عقل نیامیزد Saadi Shirazi 187

Iran36 416 Technologies & Applications14 545

7 853

Subscribers

-324 hours

+567 days

+17830 days

1 866

Post views

~ 46324 hours

~ 60648 hours

23.76%

Engagement rate

No data

Posts per day

Ads index

beta

Posts Archive

7 853

Repost from Infosec Fortress

#binary #reverse #slides ——— 🆔 @Infosec_Fortress

7 853

Repost from Infosec Fortress

Cindy Xiao - Reversing Rust Binaries #binary #reverse #slides ——— 🆔 @Infosec_Fortress

7 853

Repost from Infosec Fortress

#reverse #binary #slides ——— 🆔 @Infosec_Fortress

7 853

Repost from Infosec Fortress

Skochinsky - Recon (2011) - Practical C++ Decompilation #reverse #binary #slides ——— 🆔 @Infosec_Fortress

7 853

Updated

7 853

new process injection technique called Mockingjay allows attackers to stealthily execute malicious code https://wins21.co.kr/kor/promotion/information.html?bmain=view&language=KOR&uid=4037 #injection

7 853

Repost from S.E.Book

👾 Malware Development - Evading Diaries. • NTFS Files Attributes; • FuncIn; • Code Cave; • Stolen Certificate; • Redirect Antivirus Website Evading Techniques; • Shortcut Hiding; • Disabling Antivirus; • Adding Antivirus Exception; • Fake Signature; • Mark-Of-The-Web (MOTW) Bypass; • Return Address Spoofing; • Runtime Function Decryption; • DLL Unhooking; - How DLL Unhooking Works; - Unhooking Strategies; • Evasion Using Direct Syscalls; - Key Aspects of This Technique; - Operational Mechanism; - Featured Windows APIs; • Unloading Module With FreeLibrary; - Operational Overview; - Key Aspects of This Technique; - Featured Windows APIs; • References. #Malware

7 853

Repost from Cafe Security

Fuzzer Internals https://blog.reodus.com/posts/fuzzer-internals-part1/ https://blog.reodus.com/posts/fuzzer-internals-part2/ https://blog.reodus.com/posts/fuzzer-internals-part3/ #fuzzing

7 853

Windows-PE-Definitive-Guide-Chapter-01.pdf

7 853

Repost from کانال بایت امن

#eBook #WindowsPE #DWORD 🏳️باز نویسی و ترجمه کتاب Windows PE权威指南 🔥 این کتاب به‌طور جامع و مفصل به تحلیل فرمت فایل PE و تکنیک‌های برنامه‌نویسی مرتبط با آن می‌پردازد و جنبه‌های مختلف امنیتی و مدیریت پروسس های سیستمی و مکانیسم‌های سطح پایین آن را مورد بررسی قرار می‌دهد.

با توجه به تاریخ انتشار کتاب Windows PE权威指南 که به زبان چینی و در سال 2011 به چاپ رسیده است، در بازنویسی این کتاب سعی کرده‌ام مطالب و ابزارهای قدیمی را حذف کنم و از نرم‌افزارهای به‌ روز و مطالب جدید استفاده کنم. به همین دلیل ممکن است بعضی از موضوعات به‌طور کامل تغییر یا جایگزین شوند و یا حتی بر حسب نیاز مطالب جدیدی اضافه گردند.

سطح مطالب این کتاب پیشرفته است و موضوعاتی که مطرح می‌شوند ممکن است نیاز به داشتن پیش‌نیاز باشند. به طور مثال، کدنویسی پروژه‌ها به زبان اسمبلی و در محیط برنامه‌نویسی انجام می‌شود، بنابراین شما باید زبان اسمبلی را بدانید و با محیط برنامه‌نویسی به زبان اسمبلی آشنایی داشته باشید. تمرکز این کتاب بر تشریح ساختار فایل‌های PE خواهد بود و به آموزش پیش‌نیازها یا سایر موارد اشاره نخواهیم کرد. با این حال، در هر فصل بخشی تحت عنوان منابع وجود دارد که برای درک و آشنایی بیشتر شما با بعضی مطالب، منابع مناسبی معرفی خواهند شد.

فصل اول : محیط توسعه Windows PE تعداد صفحات : 29 صفحه 💎دریافت فصل اول | گیتهاب کتاب 🦅 کانال بایت امن | گروه بایت امن _

7 853

Repost from zerodaytraining

Patch candidate for Oracle VirtualBox VirtIOCore Buffer Overflow Local Privilege Escalation Vulnerability (Pwn2Own Vancouver 2024 VM Escape exploit) There was an insufficient check for numbers of in/out data segment descriptors supplied by Guest OS into Virtio devices. Check added in virtioCoreR3VirtqAvailBufGet IO processing loop ensures that data sent in by the guest through virtio kernel device modules cannot exceed storage availability in hypervisor memory. Exploit by overflowing buffers in pVirtqBuf-aSegsIn/aSegsOut @thezdi @OnlyTheDuck @alisaesage

7 853

Introduction global hook and its cases https://www.programmerall.com/article/21622234988/

hook, refers to a technique used to advance the use of api intercept and process windows messages. Such as a keyboard hook, the Trojans have a lot of this stuff, monitor your keyboard.

Related: [+] GoHook, Go global keyboard and mouse listener hook [+] Implementing Global Injection and Hooking in Windows #Hooking #malware_dev

7 853

An Introduction to Bypassing User Mode EDR Hooks Credit: Marcus Hutchins

Whilst this article is designed to stand on its own, if you’re interested, you can find my previous articles on these topics here, here, here and here. Surprisingly, despite all this research being over a decade old, it’s still completely relevant today. The more things change, the more they stay the same, I guess?

https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html #Hooking #edr #malware_dev

7 853

OffensiveNotion C2

OffensiveNotion combines the capabilities of a post-exploitation agent with the power and comfort of the Notion notetaking application. The agent sends data to and receives commands from your Notion page. Your C2 traffic blends right in as the agent receives instructions and posts results via the Notion developer API. And when your blue team looks for evidence of shenanigans, none will be the wiser.

Blog How write? YouTube --------------------------------------------------------- Related: Ox-c2 Implementing C2 and it's agent in rust Helfrix_C2 Basic C2 Server and Agent, Rust Programming Visit blog! --------------------------------------------------------- LiNk From and for our Chinese friends Rust C2框架LINK分析 link is a command and control framework written in rust https://github.com/postrequest/link

learn rust?

Enjoy! #Rust #C2 #maldev

7 853

Introduction global hook and its cases https://www.programmerall.com/article/21622234988/ Related: GoHook, Go global keyboard and mouse listener hook GitHub #Hooking #malware_dev

7 853

An Introduction to Bypassing User Mode EDR Hooks Credit: Marcus Hutchins Whilst this article is designed to stand on its own, if you’re interested, you can find my previous articles on these topics here, here, here and here. Surprisingly, despite all this research being over a decade old, it’s still completely relevant today. The more things change, the more they stay the same, I guess? https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html

7 853

Repost from Source Byte

Explain pe file format from ARteam #pe

7 853

Repost from Order of Six Angles

Техника process Injection на винде, без использования опасных функций (WriteProcessMemory, VirtualAllocEx, ...) https://undev.ninja/nina-x64-process-injection/ POC https://github.com/NtRaiseHardError/NINA

7 853

Exploit Development:

Playing ROP’em COP’em Robots with WriteProcessMemory() 77 minute read

https://connormcgarr.github.io/ROP2/ #exp

7 853

Exploit Development: Playing ROP’em COP’em Robots with WriteProcessMemory() 77 minute read #exp