Вводные уроки по анализу и устройству вредоносов на основе PE-файлов
https://twitter.com/binitamshah/status/1120642036997197824?s=21
https://twitter.com/binitamshah/status/1120642036997197824?s=21
Twitter
Binni Shah
Malware Theory - PE Malformations and Anomalies : https://t.co/dvmSQuyoZq Basic Structure of PE Files : https://t.co/fqRWJR6xjZ Memory Mapping of PE Files : https://t.co/6t6Ujh5xzt Oligomorphic, Polymorphic and Metamorphic Viruses : https://t.co/pYlaAQQ78C…
Анализ изменений в Android-приложениях
https://blog.quarkslab.com/android-application-diffing-engine-overview.html
https://blog.quarkslab.com/android-application-diffing-engine-overview.html
Quarkslab
Android Application Diffing: Engine Overview
WDExtract - Extract Windows Defender database from vdm files and unpack it
https://www.kernelmode.info/forum/viewtopic.php?f=11&t=5508
https://www.kernelmode.info/forum/viewtopic.php?f=11&t=5508
DNS based threat hunting and DoH (DNS over HTTPS)
https://blog.redteam.pl/2019/04/dns-based-threat-hunting-and-doh.html
https://blog.redteam.pl/2019/04/dns-based-threat-hunting-and-doh.html
blog.redteam.pl
DNS based threat hunting and DoH (DNS over HTTPS)
red team, blue team, penetration testing, red teaming, threat hunting, digital forensics, incident response, cyber security, IT security
Uncovering CVE-2019-0232: A Remote Code Execution Vulnerability in Apache Tomcat
https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/
https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/
Trend Micro
CVE-2019-0232: RCE Vulnerability in Apache Tomcat
CVE-2019-0232 is a vulnerability in Apache Tomcat that could allow attackers to execute arbitrary commands by abusing an operating system command injection brought about by a Tomcat CGI Servlet input validation error.
Forwarded from r0 Crew (Channel)
How to reverse malware on macOS:
Part 1: https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-one/
Part 2: https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-two/
Part 3: https://www.sentinelone.com/blog/how-to-reverse-malware-on-macos-without-getting-infected-part-3/
#malware #macos #newbie #reverse #dukeBarman
Part 1: https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-one/
Part 2: https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-two/
Part 3: https://www.sentinelone.com/blog/how-to-reverse-malware-on-macos-without-getting-infected-part-3/
#malware #macos #newbie #reverse #dukeBarman
SentinelOne
How to Reverse Malware on macOS Without Getting Infected | Part 1
Ever wanted to learn how to reverse malware on Apple macOS? This is the place to start! Join us in this 3-part series on macOS reverse engineering skills.
Facebook Messenger Worm
https://www.kernelmode.info/forum/viewtopic.php?p=32871
https://www.kernelmode.info/forum/viewtopic.php?p=32871
modDetective
modDetective is a small Python tool that chronologizes files based on modification time in order to investigate recent system activity.
https://github.com/itsKindred/modDetective
modDetective is a small Python tool that chronologizes files based on modification time in order to investigate recent system activity.
https://github.com/itsKindred/modDetective
Awesome-Advanced-Windows-Exploitation-References
List of Awesome Advanced Windows Exploitation References
https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References
List of Awesome Advanced Windows Exploitation References
https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References
GitHub
GitHub - yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References: List of Awesome Advanced Windows Exploitation References
List of Awesome Advanced Windows Exploitation References - yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References
Remote Code Execution on most Dell computers
https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/
https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/
Bill Demirkapi's Blog
Remote Code Execution on most Dell computers
What computer do you use? Who made it? Have you ever thought about what came with your computer? When we think of Remote Code Execution (RCE) vulnerabilities in mass, we might think of vulnerabilities in the operating system, but another attack vector to…
The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)
https://github.com/jrentenaar/Office-365-Extractor
https://github.com/jrentenaar/Office-365-Extractor
GitHub
GitHub - JoeyRentenaar/Office-365-Extractor: The Office 365 Extractor is a tool that allows for complete and reliable extraction…
The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL) - JoeyRentenaar/Office-365-Extractor
Обзор инструментов и описание подходов для кластеризации зловредов
https://docs.google.com/presentation/d/1g8_9SKSDYtCaJgRw_cJd8a88KPKShhPZRnBB39ZQEIM/edit#slide=id.g511833902d_0_153
https://docs.google.com/presentation/d/1g8_9SKSDYtCaJgRw_cJd8a88KPKShhPZRnBB39ZQEIM/edit#slide=id.g511833902d_0_153
Google Docs
All malwares are equals, but some malware are more equals than others
All malwares are equals, but some malware are more equals than others Joxean Koret
Forwarded from Noise Security Bit
А вот и полная версия слайдов https://github.com/0xAlexei/INFILTRATE2019/blob/master/INFILTRATE%20Ghidra%20Slides.pdf
GitHub
INFILTRATE2019/INFILTRATE Ghidra Slides.pdf at master · 0xAlexei/INFILTRATE2019
INFILTRATE 2019 Demo Materials. Contribute to 0xAlexei/INFILTRATE2019 development by creating an account on GitHub.
EE | Android App Reverse Engineering 101 | https://maddiestone.github.io/AndroidAppRE/