Simple AV Evasion Symantec and P4wnP1 USB
https://medium.com/@fbotes2/advance-av-evasion-symantec-and-p4wnp1-usb-c7899bcbc6af
https://medium.com/@fbotes2/advance-av-evasion-symantec-and-p4wnp1-usb-c7899bcbc6af
StealJob: New Android Malware Used by Donot APT Group
https://ti.360.net/blog/articles/stealjob-new-android-malware-used-by-donot-apt-group-en/
https://ti.360.net/blog/articles/stealjob-new-android-malware-used-by-donot-apt-group-en/
How does Tor really work?
https://skerritt.blog/how-does-tor-really-work/
https://skerritt.blog/how-does-tor-really-work/
Skerritt.blog
How Does Tor Really Work? The Definitive Visual Guide (2023)
Today, we’re going to do a technical deep-dive into how Tor really works.
No mention of how to access Tor, no mention of what might be on Tor. This is how Tor works.
Without speculation and without exaggeration of what Tor is. Just a deep dive into the…
No mention of how to access Tor, no mention of what might be on Tor. This is how Tor works.
Without speculation and without exaggeration of what Tor is. Just a deep dive into the…
Coerchck - PowerShell Script For Listing Local Admins
https://0x00sec.org/t/coerchck-powershell-script-for-listing-local-admins/12987
https://0x00sec.org/t/coerchck-powershell-script-for-listing-local-admins/12987
Forwarded from Br0wSec (Andrey Kovalev)
Появились слайды с Zer0con про устройство и уязвимости TurboFan - JavaScript компилятора в V8.
https://docs.google.com/presentation/d/1DJcWByz11jLoQyNhmOvkZSrkgcVhllIlCHmal1tGzaw
https://docs.google.com/presentation/d/1DJcWByz11jLoQyNhmOvkZSrkgcVhllIlCHmal1tGzaw
Google Docs
A guided tour through Chrome's javascript compiler
A guided tour through Chrome's javascript compiler [email protected] / @_tsuro
purple-team-attack-automation
Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs
https://github.com/praetorian-inc/purple-team-attack-automation
Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs
https://github.com/praetorian-inc/purple-team-attack-automation
GitHub
GitHub - praetorian-inc/purple-team-attack-automation: Praetorian's public release of our Metasploit automation of MITRE ATT&CK™…
Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs - praetorian-inc/purple-team-attack-automation
Jailbreaking Subaru StarLink
subaru-starlink-research
https://github.com/sgayou/subaru-starlink-research/blob/master/doc/README.md
subaru-starlink-research
https://github.com/sgayou/subaru-starlink-research/blob/master/doc/README.md
GitHub
subaru-starlink-research/doc/README.md at master · sgayou/subaru-starlink-research
Subaru StarLink persistent root code execution. Contribute to sgayou/subaru-starlink-research development by creating an account on GitHub.
Forwarded from Noise Security Bit
Несколько интересных уязвимостей были обнародованы для WiFi чипов компании Broadcom. Чтобы вы понимали это один из самых популярных на рынке производителей в этом сегменте (используется Apple, Microsoft, Dell...). Все уязвимости были найдены в исходном коде драйвера brcmfmac (open sourced). И связаны в основном с неправильной обработкой и парсингом фреймов сетевых пакетов на канальном уровне (не требует аутентификации в сети для реализации атаки). Большинство найденных уязвимостей это переполнение/повреждение памяти в куче (heap buffer overflow) с последующей возможностью, контролируемого атакующим, удаленного выполнения кода. Все четыре уязвимости были найдены исследователями из компании Quarkslab.
Full details: https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
Advisory: https://www.kb.cert.org/vuls/id/166939/
Full details: https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
Advisory: https://www.kb.cert.org/vuls/id/166939/
Quarkslab
Reverse-engineering Broadcom wireless chipsets - Quarkslab's blog
Broadcom is one of the major vendors of wireless devices worldwide. Since these chips are so widespread they constitute a high value target to attackers and any vulnerability found in them should be considered to pose high risk. In this blog post I provide…
RCE in EA's Origin Desktop Client
https://blog.underdogsecurity.com/rce_in_origin_client/
https://blog.underdogsecurity.com/rce_in_origin_client/
Реверс песочницы iOS https://census-labs.com/media/sandbox-argp-csw2019-public.pdf
Forwarded from r0 Crew (Channel)
Some part of FIN7 (aka CARBANK) source code has leaked to VirusTotal:
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-a-rare-occurrence.html
#malware #source #leak #fin7 #darw1n
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-a-rare-occurrence.html
#malware #source #leak #fin7 #darw1n
Google Cloud Blog
CARBANAK Week Part One: A Rare Occurrence | Google Cloud Blog
We kick off CARBANAK Week with the first post in our four-part blog series.
Вводные уроки по анализу и устройству вредоносов на основе PE-файлов
https://twitter.com/binitamshah/status/1120642036997197824?s=21
https://twitter.com/binitamshah/status/1120642036997197824?s=21
Twitter
Binni Shah
Malware Theory - PE Malformations and Anomalies : https://t.co/dvmSQuyoZq Basic Structure of PE Files : https://t.co/fqRWJR6xjZ Memory Mapping of PE Files : https://t.co/6t6Ujh5xzt Oligomorphic, Polymorphic and Metamorphic Viruses : https://t.co/pYlaAQQ78C…
Анализ изменений в Android-приложениях
https://blog.quarkslab.com/android-application-diffing-engine-overview.html
https://blog.quarkslab.com/android-application-diffing-engine-overview.html
Quarkslab
Android Application Diffing: Engine Overview
WDExtract - Extract Windows Defender database from vdm files and unpack it
https://www.kernelmode.info/forum/viewtopic.php?f=11&t=5508
https://www.kernelmode.info/forum/viewtopic.php?f=11&t=5508