Red Team Tactics: Utilizing Syscalls in C# - Prerequisite Knowledge
https://jhalon.github.io/utilizing-syscalls-in-csharp-1/
https://jhalon.github.io/utilizing-syscalls-in-csharp-1/
Jack Hacks
Red Team Tactics: Utilizing Syscalls in C# - Prerequisite Knowledge
Over the past year, the security community - specifically Red Team Operators and Blue Team Defenders - have seen a massive rise in both public and private utilization of System Calls in windows malware for post-exploitation activities, as well as for the…
Ordinal Numbers and VBA can be fun – who knew!
quick and easy AMSI bypass evades Defender
https://secureyourit.co.uk/wp/2020/04/15/ordinal-numbers-and-vba-can-be-fun-who-knew/
PoC: https://t.co/qerER0TSJ8?amp=1
quick and easy AMSI bypass evades Defender
https://secureyourit.co.uk/wp/2020/04/15/ordinal-numbers-and-vba-can-be-fun-who-knew/
PoC: https://t.co/qerER0TSJ8?amp=1
GitHub
rmdavy/AMSI_Ordinal_Bypass
Bypass AMSI and Defender using Ordinal Values. Contribute to rmdavy/AMSI_Ordinal_Bypass development by creating an account on GitHub.
Methodology for Static Reverse Engineering of Windows Kernel Drivers
https://posts.specterops.io/methodology-for-static-reverse-engineering-of-windows-kernel-drivers-3115b2efed83
https://posts.specterops.io/methodology-for-static-reverse-engineering-of-windows-kernel-drivers-3115b2efed83
Medium
Methodology for Static Reverse Engineering of Windows Kernel Drivers
Introduction
Introducing ROADtools - The Azure AD exploration framework
https://dirkjanm.io/introducing-roadtools-and-roadrecon-azure-ad-exploration-framework/
https://dirkjanm.io/introducing-roadtools-and-roadrecon-azure-ad-exploration-framework/
dirkjanm.io
Introducing ROADtools - The Azure AD exploration framework
Over the past 1.5 years I’ve been doing quite a lot of exploration into Azure AD and how it works under the hood. Azure AD is getting more and more common in enterprises, and thus securing it is becoming a bigger topic. Whereas the traditional Windows Server…
Deploying of infrastructure and technologies for a SOC as a Service ( SOCasS)
https://medium.com/@ibrahim.ayadhi97/deploying-of-infrastructure-and-technologies-for-a-soc-as-a-service-socass-8e1bbb885149
https://medium.com/@ibrahim.ayadhi97/deploying-of-infrastructure-and-technologies-for-a-soc-as-a-service-socass-8e1bbb885149
Medium
Deploying of infrastructure and technologies for a SOC as a Service ( SOCasS)
In the last couple of years, the number of cyberattacks have gone throw the roof. These attacks not only target single individuals but…
fuxploider
File upload vulnerability scanner and exploitation tool
https://github.com/almandin/fuxploider
File upload vulnerability scanner and exploitation tool
https://github.com/almandin/fuxploider
GitHub
GitHub - almandin/fuxploider: File upload vulnerability scanner and exploitation tool.
File upload vulnerability scanner and exploitation tool. - almandin/fuxploider
Designing The Adversary Simulation Lab
https://www.mdsec.co.uk/2020/04/designing-the-adversary-simulation-lab/
https://www.mdsec.co.uk/2020/04/designing-the-adversary-simulation-lab/
MDSec
Designing The Adversary Simulation Lab - MDSec
As some of you will know, we have recently entered into the Red Team training space. Before deciding to create our course now known as “Adversary Simulation and Red Team...
Forwarded from Neuron Hackspace
[Мастер-класс] Практические атаки на интерфейс USB
Сегодня 19 апреля в 19:00 по мск на Youtube пройдет онлайн трансляция мастер-класса по практическими атаками на стек USB. Все атаки будут показаны на реальном оборудовании в прямом эфире, во время трансляции можно будет задавать вопросы докладчику.
Докладчик: Андрей xairy Коновалов
Инженер-программист, работает в Google. Разрабатывает инструменты поиска багов в ядре Linux. Обнаружил множество уязвимостей в ядре Linux, в том числе CVE-2017-7308 в сетевом стеке и CVE-2016-2384 драйвере USB-MIDI. Его блог: xairy.github.io
Ссылка на трансляцию:
youtu.be/0bMxAdq1adc
Сервер Discord:
neuronspace.ru/discord
Donate:
neuronspace.ru/donate
Задавать вопросы можно в чате на Youtube или голосом через Discord.
Сегодня 19 апреля в 19:00 по мск на Youtube пройдет онлайн трансляция мастер-класса по практическими атаками на стек USB. Все атаки будут показаны на реальном оборудовании в прямом эфире, во время трансляции можно будет задавать вопросы докладчику.
Докладчик: Андрей xairy Коновалов
Инженер-программист, работает в Google. Разрабатывает инструменты поиска багов в ядре Linux. Обнаружил множество уязвимостей в ядре Linux, в том числе CVE-2017-7308 в сетевом стеке и CVE-2016-2384 драйвере USB-MIDI. Его блог: xairy.github.io
Ссылка на трансляцию:
youtu.be/0bMxAdq1adc
Сервер Discord:
neuronspace.ru/discord
Donate:
neuronspace.ru/donate
Задавать вопросы можно в чате на Youtube или голосом через Discord.
Dissecting the Windows Defender Driver - WdFilter
https://www.n4r1b.com/posts/2020/04/dissecting-the-windows-defender-driver-wdfilter-part-4/
https://www.n4r1b.com/posts/2020/04/dissecting-the-windows-defender-driver-wdfilter-part-4/
N4R1B
Dissecting the Windows Defender Driver - WdFilter (Part 4)
In this series of posts I'll be explaining how the Windows Defender main Driver works, in this fourth post we will be focusing on how WdFilter handles different registry operations
Forwarded from Noise Security Bit (AM)
Hardwear.io Virtual Con на удивление может затмить многие офлайн эвенты!
Посмотрите сами на доклады 👁:
🧨 LVI: Hijacking Transient Execution with Load Value Injection
🧨 Firmly Rooted in Hardware: Practical protection from firmware attacks in hardware supply chain
🧨 Capturing Mask ROMs
🧨 Hints from Hardware Security for solving real-world challenges
Мероприятие абсолютно бесплатное🚀
👇👇👇
https://hardwear.io/virtual-con-2020/
Посмотрите сами на доклады 👁:
🧨 LVI: Hijacking Transient Execution with Load Value Injection
🧨 Firmly Rooted in Hardware: Practical protection from firmware attacks in hardware supply chain
🧨 Capturing Mask ROMs
🧨 Hints from Hardware Security for solving real-world challenges
Мероприятие абсолютно бесплатное🚀
👇👇👇
https://hardwear.io/virtual-con-2020/
hardwear.io
Hardwear.io Virtual Conference 2020 | Hacking, Community and Hope
30th April and 1st May 2020 | 10:00 am to 1:00 pm PDT (GMT-7) | Let's talk Hardware Security
Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant
https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/
https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/
Volexity
Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant
In September 2019, Volexity published Digital Crackdown: Large-Scale Surveillance and Exploitation of Uyghurs, which described a series of attacks against Uyghurs from multiple Chinese APT actors. The most notable threat […]
Polypyus learns to locate functions in raw binaries by extracting known functions from similar binaries. Thus, it is a firmware historian. Polypyus works without disassembling these binaries, which is an advantage for binaries that are complex to disassemble and where common tools miss functions. In addition, the binary-only approach makes it very fast and run within a few seconds.
https://github.com/seemoo-lab/polypyus
https://github.com/seemoo-lab/polypyus
GitHub
GitHub - seemoo-lab/polypyus
Contribute to seemoo-lab/polypyus development by creating an account on GitHub.