Source Byte

Step By Step Process ToMake Trojan Horse

For Your Clear Understanding I Posted This Article Sequence Wise Like What Is The Work Of This Trojan And How This Trojan Work And The Main Thing The Algorithm Of The Source Code Lets We Discuss One By One In Next Lines.

Trojan #trojan

Prometheus

Prometheus software Very powerful stealer + miner + rat + keylogger + clipper

GitHub #stealer #miner #rat #keylogger #clipper

windows-vs-linux-loader-architecture credit : Elliot The intentions of this document are to: - Compare the Windows, Linux, and sometimes MacOS loaders - Provide perspective on architectural and ecosystem differences as well as how they coincide with the loader - Including experiments on how flexible or rigid they are with what can safely be done during module initialization (with the loader's internal locks held) - Formally document how a modern Windows loader supports concurrency - Current open source Windows implementations, including Wine and ReactOS, perform locking similar to the legacy Windows loader (they presently don't support the "parallel loading" ability present in a modern Windows loader) - Educate, satisfy curiosity, and help fellow reverse engineers https://github.com/ElliotKillick/windows-vs-linux-loader-architecture

What is Loader Lock? credit : Elliot

In Windows, every DLL starts by executing its initialization function known as DllMain. This function runs while internal loader synchronization objects, including loader lock, are held. So, you must be especially careful not to violate a lock hierarchy in your DllMain; otherwise, a deadlock may occur.

https://elliotonsecurity.com/what-is-loader-lock/

OffensiveNotion C2

OffensiveNotion combines the capabilities of a post-exploitation agent with the power and comfort of the Notion notetaking application. The agent sends data to and receives commands from your Notion page. Your C2 traffic blends right in as the agent receives instructions and posts results via the Notion developer API. And when your blue team looks for evidence of shenanigans, none will be the wiser.

Blog How write? YouTube --------------------------------------------------------- Related: Ox-c2 Implementing C2 and it's agent in rust Helfrix_C2 Basic C2 Server and Agent, Rust Programming Visit blog! --------------------------------------------------------- LiNk From and for our Chinese friends Rust C2框架LINK分析 link is a command and control framework written in rust https://github.com/postrequest/link

learn rust?

Enjoy! #Rust #C2 #maldev

OffensiveNotion C2

OffensiveNotion combines the capabilities of a post-exploitation agent with the power and comfort of the Notion notetaking application. The agent sends data to and receives commands from your Notion page. Your C2 traffic blends right in as the agent receives instructions and posts results via the Notion developer API. And when your blue team looks for evidence of shenanigans, none will be the wiser.

Blog How write? YouTube --------------------------------------------------------- Related: Ox-c2 Implementing C2 and it's agent in rust Helfrix_C2 Basic C2 Server and Agent, Rust Programming Visit blog! --------------------------------------------------------- LiNk From and for our Chinese friends Rust C2框架LINK分析 link is a command and control framework written in rust https://github.com/postrequest/link #Rust #C2 #maldev

Into the Rabbit Hole – Offensive DNS Tunneling Rootkits Dns Tunneling #Tunneling #exfiltration#DNS

چند تا write-up درباره باگ‌هایی که از کرنل Linux/Windows/macOS گزارش دادم و چگونه فازر کردنشون رو تو وبلاگم 👇 اینجا نوشتم. پست جدیدم رو هم به زودی همینجا مینویسم. R00tkitSMM https://r00tkitsmm.github.io/?s=09

SWAPPALA and Reflective DLL credit : Kyle Avery https://oldboy21.github.io/posts/2024/06/sleaping-issues-swappala-and-reflective-dll-friends-forever/

Malware Development, Analysis and DFIR Series PART III credit : Nithin Chenthur Prabhu Delve into Windows Memory Internals! Explore virtual address spaces, process internals and memory models for a deeper understanding of memory forensics & malware analysis! https://azr43lkn1ght.github.io/Malware Development, Analysis and DFIR Series

fuzzer-internals from One of my lovely friends https://blog.reodus.com/posts/fuzzer-internals-part1/ #fuzzer #internals

Hello everyone, I've made a somehow big update in the HyperDbg. Now, it utilizes a dedicated HOST IDT and HOST GDT, different than the Windows IDT/GDT. This update will address a specific category of bypasses for HyperDbg, although there are still many bypasses to address. This change influences the handling of interrupts, especially NMIs for halting cores in VMX root-mode. lt may introduce instability issues in various systems, potentially leading to crashes. If you're using HyperDbg, please switch to the 'dev' branch and re-build and test it to help us identify any problems. Currently, it works well on my 12th Gen machine, but I'm uncertain if it's universally stable. If you encounter any crashes or BSODs, please notify me before the release of v0.9 (the next version). The best way to test it is using events (EPT hooks) with a high rate of execution (e.g., using !epthook on nt!ExAllocatePoolWithTag and meanwhile pause the debuggee). The 'dev' branch: https://github.com/HyperDbg/HyperDbg/tree/dev GitHub built artifact for those who can't build: https://github.com/HyperDbg/HyperDbg/actions/runs/9384856535

Table of contents Syntax Comments Assembly Language Statements Syntax of Assembly Language Statements Example: Hello World Program in Assembly Compiling and Linking Sections Processor Registers System Calls Strings String Instructions Repetition Prefixes Numbers BCD Representation Instructions: Conditions CMP Instruction Conditional Jump Instructions (Signed Data) Conditional Jump Instructions (Unsigned Data) Special Conditional Jump Instructions Addressing Modes MOV Instruction File Handling Example: Reading from a File Stack and Memory Stack and Memory Tools for Analysis Code Injection Attack DLL Injection APC Injection Valid Accounts System Binary Proxy Execution: Rundll32 Reflective code loading Modify Registry Process Injection Mark-Of-The-Web (MOTW) Bypass Access Token Manipulation Hijack Execution Flow Resources