Source Byte

A set of programs for analyzing common vulnerabilities in COM

PS A:\mzhmo> .\PermissionHunter.exe -h ,

-. \ .-' ,-"````""-\__ | / '-.._ _.-' '-o, _>--:{{< ) |) .-'' '-.__.-o '-._..-/ | \ ,-' / -. ` PermissionHunter - hunt for incorrect LaunchPermission and ActivatePermission CICADA8 Research Team From Michael Zhmaylo (MzHmO) PermissionHunter.exe Small tool that allows you to find vulnerable COM objects with incorrect LaunchPermission and ActivatePermission [OPTIONS] -outfile : output filename -outformat : output format. Accepted 'csv' and 'xlsx' -h/--help : shows this windows CICADA8-Research #windows #com

Windows 10 Segment Heap Internals #binary #windows #internals ——— 🆔 @Infosec_Fortress

RedTeam Workshop - Part 2

+ Description of the simulation scenario + Overview on TTP Explanation + why we chose Cobalt Strike CS + Simulation of IA Tactics Initial Access + T1189 | Drive by compromise + T1566.001 | Spear-Phishing Attachment Defense Evasion + T1027.006 | HTML smuggling

https://www.youtube.com/watch?v=mRl7o7Uq-IE slides / notes : https://github.com/soheilsec/RT-workshop-2024 credit : @soheilsec language : persian

The (Anti-)EDR Compendium EDR functionality and bypasses in 2024, with focus on undetected shellcode loader. https://blog.deeb.ch/posts/how-edr-works/

Analysis of a Caddy Wiper Sample Targeting Ukraine Credit: Ali Mosajjal

FindFirstFileA FindNextFileA CreateFileA GetFileSize LocalAlloc SetFilePointer WriteFile LocalFree CloseHandle FindClose

https://blog.n0p.me/2022/03/2022-03-26-caddywiper/

RedTeam Workshop - Part 1

+ What is RedTeam + What is APT Group + Types of Hackers + Why RedTeam Matters + The Cost of Data Leakage and Data Breach + What is MitreAttack

https://www.youtube.com/watch?v=8drwwezrrYU slides / notes : https://github.com/soheilsec/RT-workshop-2024 credit : @soheilsec language : persian

Cobalt Strike 4.9 Download: https://ponies.cloud/c2/CobaltStrike%204.9%20Cracked%20uCare@Pwn3rzs.7z Password: 20231004_2218 Full Black client: https://ponies.cloud/c2/CobaltStrike%204.9%20Client%20Only%20Full%20Theme%20uCare@Pwn3rzs.7z Password: 20231005_2033 Enjoy! NOTE: Our releases of Cobalt Strike will always be packed and obfuscated. Unlike the crack previously shared by the Chinese website, to which we are not linked.

Rust for Malware Development

This repository contains source codes of various techniques used by real-world malware authors, red teamers, threat actors, state-sponsored hacking groups etc. These techniques are well-researched and implemented in Rust.

Repository managed by @5mukx

Windows-internals Live Training credit : Pavel Yosifovich [ + ] videos [ + ] slides [ + ] Labs

Win32 Reverse TCP Shellcode

Wanna learn how to write shellcode for your specific purpose in windows? This is what you need !

Credit: Xenofon Vassilakopoulos Pt1: https://xen0vas.github.io/Win32-Reverse-Shell-Shellcode-part-1-Locating-the-kernelbase-address/ Pt2: https://xen0vas.github.io/Win32-Reverse-Shell-Shellcode-part-2-Locate-the-Export-Directory-Table/ Pt3: https://xen0vas.github.io/Win32-Reverse-Shell-Shellcode-part-3-Constructing-the-reverse-shell-connection/ Code: https://github.com/xen0vas/Win32-Reverse-TCP-Shellcode.git #shellcode #asm #winasm

Native function and Assembly Code Invocation https://research.checkpoint.com/2022/native-function-and-assembly-code-invocation/ #reverse #idapro

قسمت اول دوره چیتینگ

How detect data exfiltration: https://blog.apnic.net/2022/03/31/how-to-detect-and-prevent-common-data-exfiltration-attacks/