Source Byte

🔴 مهمان اخیر پادکست David Bombal ، آقای Stephen Sims بودن و یه گفتگوی خوبی در خصوص نحوه ی درآمدزایی و رشد در مسیر امنیت سایبری داشتن. با توجه به اینکه، ایشون هم نویسنده هستن، هم در کنفرانس ها ارائه داشتن، هم مدرس هستن و هم در زمینه ی توسعه اکسپلویت بصورت عملی فعالیت داشتن، نکات خوبی رو میشه از حرفاشون گرفت. برای درآمدزایی به این سه نکته اشاره کردن : - خلاف - باگ بانتی ( وب ، ولی عمدتا روی اکسپلویت باینری صحبت کردن) - ارائه سرویس های حرفه ای مثله مشاوره و تست نفوذ همچنین یسری نکات برای اینکه از نقطه 0 به یک جای خوبی برسید هم گفتن. 🆔 @onhex_ir ➡️ ALL Link

a repo to help researchers track Telegram-based C2 comms used by malware authors credit : @Kostastsale Check it out: https://github.com/tsale/TeleTracker Features: - Send messages to the channel - Delete all messages from the channel - Collect info from bot channels and the usernames behind them - Monitor for new messages to the channel by other bots or users - Spam the channel with a specific message #c2 ——— @islemolecule_source

Windows security operation bypass (AMSI Bypass and Testing Credential Guard) Link #windows #internals @islemolecule_source

Here you will find various Documents on many different aspects of Windows Internals, Source Level Documentation and General References Link #windows #internals @islemolecule_source

https://github.com/cxiao/rust-malware-gallery Rust Malware Sample Gallery #github

Medusa Ransomware https://unit42.paloaltonetworks.com/medusa-ransomware-escalation-new-leak-site #malware_dev #malware_analysis --------- @islemolecule_source

https://github.com/yutianqaq/CSx3Ldr #bypass

OSINTBuddy - The Open-Source Alternative to Maltego! Node graphs, OSINT data mining, and plugins. Connect unstructured and public data for transformative insights. https://github.com/jerlendds/osintbuddy

[Infographic] High-level diagram showcasing Microsoft Defender for Cloud’s https://raw.githubusercontent.com/JadKaraki/M365ZeroTrust/main/Defender%20for%20Cloud%20Diagram.jpg Credit: Jad Karaki #windows_defender ——— @islemolecule_source

Potential Sliver C2's (239 C2's) credit : @embee_research Simple query - based on "operators" and "multiplayer" certificate values related to Sliver Team Servers. https://search.censys.io/search? Gist - 43 IP's with 0 VT LINK Gist - All 239 IP's LINK

VT Intelligence Cheat Sheet https://blog.virustotal.com/2022/12/vt-intelligence-cheat-sheet.html #VT

When helping with mquery development I wrote a small converter that takes in a Yara rule and produces a simple byte-based query as output: https://github.com/CERT-Polska/mquery/blob/master/src/lib/yaraparse.py You could probably modify it a bit to create queries compatible with VT content search #tweet

Oh, cool! Looks like VT supports logical operators with VTGrep, so you can almost do yara searches in an indexed (read: fast) way. e.g. #tweet

VBA: having fun with macros, overwritten pointers & R/W/X memory credit : @AdeptsOf0xCC https://adepts.of0x.cc/vba-hijack-pointers-rwa/ #macro , #VBA , #shellcode ——— @islemolecule_source

Linux process injection: sshd injection for credential harvesting credits : @_xpn_ , @jm33_m0 blog.xpnsec.com/linux-proces… jm33.me/sshd-injection-and-p… #process_injection , ——— @islemolecule_source

Where to find C malware source code Reddit -------- #malware_analysis #malware_dev -------- @islemolecule_source