Source Byte

Course materials for Malware Analysis by RPISEC https://github.com/RPISEC/Malware/tree/master/Lectures

Study materials for the Certified Red Team Expert (CRTE) exam, covering essential concepts in red teaming and penetration testing. 🔎GitHub ——— @islemolecule_source

Study materials for the Certified Red Team Expert (CRTE) exam, covering essential concepts in red teaming and penetration testing. 🚪GITHUB ——— @islemolecule_source

Part 16 added

ETW series [ 1 ] ETW visualization [ 2 ] Uncovering Windows Events [ 3 ] ETW internals for security research and forensics [ 4 ] Exploiting a “CVE-2020-1034” Vulnerability – In 35 Easy Steps or Less! [ 5 ] Design issues of modern EDRs: bypassing ETW-based solutions [ 6 ] A Primer On Event Tracing For Windows (ETW) [ 7 ] Windows 10 ETW Events references collection [ 8 ] evading EDR book [ 1 ] , [ 2 ] [ 9 ] Detecting In-Memory Threats with Kernel ETW Call Stacks [ 10 ] Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers [ 11 ] A Begginers All Inclusive Guide to ETW [ 12 ] ETW References [ 13 ] Give Me an E, Give Me a T, Give Me a W. What Do You Get? RPC! (pars events from the RPC ETW) [ 14 ] Attacks on ETW Blind EDR Sensors ( black hat con ) [ 15 ] This write-up will present a case study of using ETW (Event Tracing for Windows) to analyze an active Cobalt Strike Beacon that was still active and communicating to it's C2 Server. [ 16 ] Event Tracing for Windows (ETW): Your Friendly Neighborhood IPC Mechanism [ 17 ] coming soon... ——— @islemolecule_source

God Penetration Testing Reference Bank Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet. This is a collection of resources, scripts and easy to follow how-to's. I have been gathering (and continuing to gather) in preparation for the OSCP as well as for general pentesting. Feel free to use however you want! GitHub #pentest

📹 Manually parsing PE files with PE-bear 👤 MeetSEKTOR7 YouTube

A

Automated Multi UAC BYPASS for win10|win11|win12-pre-release|ws2019|ws2022 (PS1) https://github.com/x0xr00t/Automated-MUlti-UAC-Bypass

Bypassing Defender on modern Windows 10 systems https://www.purpl3f0xsecur1ty.tech/2021/03/30/av_evasion.html

New open source RAT on the scene Xeno Rat 🐭 GitHub https://www.cyfirma.com/outofband/xeno-rat-a-new-remote-access-trojan-with-advance-capabilities/

Reverse Engineering Dark Souls 3 Networking: A DarkSouls fan wrote his own DS3OS server for the second and third parts. A series of articles about how he managed to reverse engineer the game’s network stack. Link

C2 Development Series 4/4 credit : @preemptdev [ 01 ] Introduction [ 02 ] The C2 Architecture [ 03 ] Building the Team Server [ 04 ] Writing a C2 Implant #C2 , #red_team , ——— @islemolecule_source

Happy Nowruz everyone 🫰🏻 This year was a great year for me , I find valuable friends, and develop my personality a lot . I wish for all of you great year and reaching your goals. Best regards ana🤍 What is Nowruz? TLDR: Nowruz means “new day” in Persian, also known as Persian New Year. More than 300 million people worldwide celebrate Nowruz including Afghanistan, India, Iran, Iraq, Kazakhstan, Pakistan, Tajikistan, and Turkey...

Command Line Argument Spoofing

The PEB of a process holds the command line arguments of a process. This PEB resides in usermode which means that we can spoof our command line arguments as an unprivileged user.

https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/misdirection/command-line-argument-spoofing

سلام و درود فرا رسیدن عید نوروز رو از صمیم قلب به شما همراهان گرامی تبریک می‌گوییم، با آرزوی بهترین‌ها برای شما در این سال نو 💥✨ 📌 پاسخ دهی به تیکت ها در ایام عید بدون تغییر روال کاری همه روزه انجام می‌شود. Hello and greetings We sincerely congratulate you dear companions on the arrival of Nowruz, wishing you the best in this new year 💥✨ 📌 Answering tickets during Eid is done every day without changing the work routine. Best Regards, Hide01

HyperDbg v0.8.2 is now released! 🔥 This update brings support for functions in the script engine. Read more: https://docs.hyperdbg.org/commands/scripting-language/constants-and-functions ## [0.8.2.0] - 2024-03-19 New release of the HyperDbg Debugger. ### Added - Add user-defined functions and variable types in script engine ### Changed - Fix debuggee crash after running the '.debug close' command on the debugger - The problem with adding edge MTRR pages is fixed - All compiler/linker warnings of kernel-mode modules are fixed - User/Kernel modules of HyperDbg now compiled with "treat warning as error" - After downloading new symbols it is automatically loaded - Fix error messages/comments spelling typos

if you want to using Function stomping technique you have to know this about windows:

Kernel32.dll, a common DLL, might have different addresses in two processes(ASLR), but functions like VirtualAlloc, exported from Kernel32.dll, will have the same address in both processes.

example: Link

[ Testing LFI in Windows: How I (never) got a $30000 bounty ] Another great post by adeadfed! https://adeadfed.com/posts/testing-lfi-in-windows-how-i-never-got-a-30000-bounty/