Source Byte

C developers show-off their skills:

JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and EXDI: Part 1 https://www.asset-intertech.com/resources/blog/2024/01/jtag-debug-of-windows-hyper-v-secure-kernel-with-windbg-and-exdi-part-1/

Comparing Anti-Cheat Bypass and EDR Bypass https://whiteknightlabs.com/2024/02/09/a-technical-deep-dive-comparing-anti-cheat-bypass-and-edr-bypass

tl;dr archived stuff, see link below Earlier today a GitHub titled "I-S00N" leaked supposedly sensitive Chinese government data - specifically related to offensive cyber security. The initial discovery, and documentation of the documents, derive from AzakaSekai_. We have archived his research and notes on the material. It should be noted that they *probably have not covered the material in totality and more information can be expected to be released in the following days from either Azaka, or other Cyber Threat Intelligence experts familiar with Chinese state-sponsored activity. Furthermore, the materials are written in Mandarin. We have made no attempt to translate the material to English and we do not speak Mandarin, hence we cannot provide any opinion or speculation on the material. We will leave that painstaking task to individuals who speak Mandarin, or people who feel like trying to translate the documents accurately. What an exciting start to the week:) You can view the archived materials here: https://vx-underground.org/APTs/2024/2024.02.18%20-%20Summary%20of%20I-S00N%20leaks

The comprehensive HyperDbg training course published on YouTube. It is definitely much better to register on OpenSecurityTrainings website and follow the course there because there are a series of labs and additional instructions on their website: https://ost2.fyi/Dbg3301 Here is the YouTube playlist link: https://www.youtube.com/watch?v=RDlp0PCFgxI&list=PLUFkSN0XLZ-kF1f143wlw8ujlH2A45nZY Slides link: https://gitlab.com/opensecuritytraining/dbg3301_hyperdbg_slides_and_files If you have any feedback, I will be happy to share it with you. 🙏 (sina ✍)

[ 1 ] From a Windows driver to a fully functionnal driver. In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR. https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/ [ 2 ] internal mecanisms of EDR's : https://www.youtube.com/watch?v=yacpjV6kWpM&t=387s [ 3 ] MyDumbEDR ( written in C ) https://github.com/sensepost/mydumbedr ——— @islemolecule_source

Malware research community repo https://github.com/Malware-Research/Resources #malware_analysis ____ @islemolecule_source

#fact

IDA Pro on Linux Link #reverse @islemolecule_source

Take a look into the depths of Windows kernels and reveal more than 60000 undocumented structures https://www.vergiliusproject.com/kernels #windows ——— @islemolecule_source

NullSection - An Anti-Reversing Tool That Applies A Technique That Overwrites The Section Header With Nullbytes Link #reverse ——— @islemolecule_source

DJI - The ART of obfuscation Link ——— @islemolecule_source

cross-platform backdoor/reverse shell written in Python3 Link #malware_dev ——— @islemolecule_source

You may Wana know why we are not active like before, this is my new room and setup I will active soon Rate my setup plz 👁👄👁

HOOKING 101 https://pdfs.semanticscholar.org/cb60/31f2d6eaa50d18a1ce5c648aa6c12e15fb23.pdf #malware_dev ——— @islemolecule_source