#Offensive_security
"Virtual Machine Detection In The Browser"
]-> https://bannedit.github.io/Virtual-Machine-Detection-In-The-Browser.html

Virtual Machine (VM) detection is nothing new. Malware has been doing it for over a decade now. Over time the techniques have advanced as defenders learned new ways of avoiding VM detection.

📚 t.iss.one/Library_Sec

📚 t.iss.one/Library_Sec

#Whitepaper
"Modern obfuscation techniques", 2021.

When distributing proprietary software, the authors usually face the
challenge of providing its functionality to the users without disclosing
too many details about the implementation, while they also want to prevent any unauthorized attempts to modify their product. They want
to protect their intellectual property, forbid the users from illegally
distributing their products, and prevent the competition from stealing
their ideas, namely the algorithms.

#obfuscation #techniques
📚 t.iss.one/Library_Sec

#Whitepaper
"Security-Hardening Software Libraries with Ada and SPARK: A TCP Stack Use Case", 2021.

TCP is the most widely used network protocol to communicate on the Inter￾net. Thus, ensuring the TCP/IP stack’s safety is an essential step towards safer cyber-physical systems. Existing research deals with formally verify￾ing protocols of other TCP/IP stack levels. For example, the work in miTLS [3] formally verifies an SSL/TLS protocol implementation, and the work in [7] uses a technology called RecordFlux to safely parse data segments.

📚 t.iss.one/Library_Sec

#Research
#hardening
"SCFI: State Machine Control-Flow Hardening Against Fault Attacks", 2022.

Fault injection (FI) is a powerful attack methodology allowing an adversary to entirely break the security of a target device. As finite state machines (FSMs) are fundamental hardware building blocks responsible for controlling systems, inducing faults into these con trollers enables an adversary to hijack the execution of the inte grated circuit. A common defense strategy mitigating these attacks is to manually instantiate FSMs multiple times and detect faults using a majority voting logic.

📚

#Offensive_security
"Weaponizing Mapping Injection with Instrumentation Callback for stealthier process injection"


Process Injection is a technique to hide code behind benign and/or system processes. This technique is usually used by malwares to gain stealthiness while performing malicious operations on the system. AVs/EDR solutions are aware of this technique and create detection patterns to identify and kill this "class" of attacks.

📚

📚 t.iss.one/Library_Sec

Offensive Security Defense Analyst (OSDA) Notes Part1
#Blueteam #SOC #Purpleteam #OSDA

Mastering Malware Analysis.
Second Edition.

A malware analyst's practical guide to combating malicious software, APT, cybercrime, and IoT attacks.
Alexey Kleymenov, Amr Thabet

#Malware_Analysis
📚

🤖 ChatGPT for Cybersecurity

#AIOPS #DarkGPT

SANS SEC595: Applied Data Science and Machine Learning for Cybersecurity Professionals
VM + Exercises
⚙

SANS SEC595: Applied Data Science and Machine Learning for Cybersecurity Professionals
( PDF )
#Sans
Share & Support Us
📚

#Hardware_Security
"JunosOS Attack Detection and Prevention User Guide for Security Devices", 2022.

#Threat_Research
"Investigating Web Shells", 2022.
]-> https://blog.gigamon.com/2022/09/28/investigating-web-shells

A web shell is an internet-accessible malicious file implanted in a victim web server’s file
system that enables an attacker to execute commands by visiting a web page. Once placed
on a compromised web server, it allows an attacker to perform remote command execution
to the operating system running on the host machine. The web shell provides the attacker
with a form of persistence in the compromised system and the potential to further pivot
through the network to compromise hosts and data that may not otherwise be externally
accessible.

#Whitepaper
"Lazarus & Byovd: Evil to the Windows Core", 2022.

In October 2021, we recorded an attack on an endpoint of a corporate network in the Netherlands [1]. Various types of
malicious tools were deployed onto the victim’s computer, many of which can confidently be attributed to the infamous
Lazarus threat actor [2]. Besides usual malware like HTTP(S) backdoors, downloaders and uploaders, one sample attracted
our curiosity – an 88,064-byte user-mode dynamically linked library with internal name FudModule. Its functionality is the
main subject of this paper.

📚 t.iss.one/Library_Sec