Universally Evading Sysmon and ETW
https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/
https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/
Sandboxie Open Source Code is available for download
https://community.sophos.com/products/sandboxie/f/forum/119641/important-sandboxie-open-source-code-is-available-for-download
https://community.sophos.com/products/sandboxie/f/forum/119641/important-sandboxie-open-source-code-is-available-for-download
Windows Server 2008R2-2019 NetMan DLL Hijacking
https://itm4n.github.io/windows-server-netman-dll-hijacking/
https://itm4n.github.io/windows-server-netman-dll-hijacking/
itm4n’s blog
Windows Server 2008R2-2019 NetMan DLL Hijacking
What if I told you that all editions of Windows Server, from 2008R2 to 2019, are prone to a DLL Hijacking in the %PATH% directories? What if I also told you that the impacted service runs as NT AUTHORITY\SYSTEM and that the DLL loading can be triggered by…
Red Team Tactics: Utilizing Syscalls in C# - Prerequisite Knowledge
https://jhalon.github.io/utilizing-syscalls-in-csharp-1/
https://jhalon.github.io/utilizing-syscalls-in-csharp-1/
Jack Hacks
Red Team Tactics: Utilizing Syscalls in C# - Prerequisite Knowledge
Over the past year, the security community - specifically Red Team Operators and Blue Team Defenders - have seen a massive rise in both public and private utilization of System Calls in windows malware for post-exploitation activities, as well as for the…
Ordinal Numbers and VBA can be fun – who knew!
quick and easy AMSI bypass evades Defender
https://secureyourit.co.uk/wp/2020/04/15/ordinal-numbers-and-vba-can-be-fun-who-knew/
PoC: https://t.co/qerER0TSJ8?amp=1
quick and easy AMSI bypass evades Defender
https://secureyourit.co.uk/wp/2020/04/15/ordinal-numbers-and-vba-can-be-fun-who-knew/
PoC: https://t.co/qerER0TSJ8?amp=1
GitHub
rmdavy/AMSI_Ordinal_Bypass
Bypass AMSI and Defender using Ordinal Values. Contribute to rmdavy/AMSI_Ordinal_Bypass development by creating an account on GitHub.
Methodology for Static Reverse Engineering of Windows Kernel Drivers
https://posts.specterops.io/methodology-for-static-reverse-engineering-of-windows-kernel-drivers-3115b2efed83
https://posts.specterops.io/methodology-for-static-reverse-engineering-of-windows-kernel-drivers-3115b2efed83
Medium
Methodology for Static Reverse Engineering of Windows Kernel Drivers
Introduction
Introducing ROADtools - The Azure AD exploration framework
https://dirkjanm.io/introducing-roadtools-and-roadrecon-azure-ad-exploration-framework/
https://dirkjanm.io/introducing-roadtools-and-roadrecon-azure-ad-exploration-framework/
dirkjanm.io
Introducing ROADtools - The Azure AD exploration framework
Over the past 1.5 years I’ve been doing quite a lot of exploration into Azure AD and how it works under the hood. Azure AD is getting more and more common in enterprises, and thus securing it is becoming a bigger topic. Whereas the traditional Windows Server…
Deploying of infrastructure and technologies for a SOC as a Service ( SOCasS)
https://medium.com/@ibrahim.ayadhi97/deploying-of-infrastructure-and-technologies-for-a-soc-as-a-service-socass-8e1bbb885149
https://medium.com/@ibrahim.ayadhi97/deploying-of-infrastructure-and-technologies-for-a-soc-as-a-service-socass-8e1bbb885149
Medium
Deploying of infrastructure and technologies for a SOC as a Service ( SOCasS)
In the last couple of years, the number of cyberattacks have gone throw the roof. These attacks not only target single individuals but…
fuxploider
File upload vulnerability scanner and exploitation tool
https://github.com/almandin/fuxploider
File upload vulnerability scanner and exploitation tool
https://github.com/almandin/fuxploider
GitHub
GitHub - almandin/fuxploider: File upload vulnerability scanner and exploitation tool.
File upload vulnerability scanner and exploitation tool. - almandin/fuxploider
Designing The Adversary Simulation Lab
https://www.mdsec.co.uk/2020/04/designing-the-adversary-simulation-lab/
https://www.mdsec.co.uk/2020/04/designing-the-adversary-simulation-lab/
MDSec
Designing The Adversary Simulation Lab - MDSec
As some of you will know, we have recently entered into the Red Team training space. Before deciding to create our course now known as “Adversary Simulation and Red Team...
Forwarded from Neuron Hackspace
[Мастер-класс] Практические атаки на интерфейс USB
Сегодня 19 апреля в 19:00 по мск на Youtube пройдет онлайн трансляция мастер-класса по практическими атаками на стек USB. Все атаки будут показаны на реальном оборудовании в прямом эфире, во время трансляции можно будет задавать вопросы докладчику.
Докладчик: Андрей xairy Коновалов
Инженер-программист, работает в Google. Разрабатывает инструменты поиска багов в ядре Linux. Обнаружил множество уязвимостей в ядре Linux, в том числе CVE-2017-7308 в сетевом стеке и CVE-2016-2384 драйвере USB-MIDI. Его блог: xairy.github.io
Ссылка на трансляцию:
youtu.be/0bMxAdq1adc
Сервер Discord:
neuronspace.ru/discord
Donate:
neuronspace.ru/donate
Задавать вопросы можно в чате на Youtube или голосом через Discord.
Сегодня 19 апреля в 19:00 по мск на Youtube пройдет онлайн трансляция мастер-класса по практическими атаками на стек USB. Все атаки будут показаны на реальном оборудовании в прямом эфире, во время трансляции можно будет задавать вопросы докладчику.
Докладчик: Андрей xairy Коновалов
Инженер-программист, работает в Google. Разрабатывает инструменты поиска багов в ядре Linux. Обнаружил множество уязвимостей в ядре Linux, в том числе CVE-2017-7308 в сетевом стеке и CVE-2016-2384 драйвере USB-MIDI. Его блог: xairy.github.io
Ссылка на трансляцию:
youtu.be/0bMxAdq1adc
Сервер Discord:
neuronspace.ru/discord
Donate:
neuronspace.ru/donate
Задавать вопросы можно в чате на Youtube или голосом через Discord.
Dissecting the Windows Defender Driver - WdFilter
https://www.n4r1b.com/posts/2020/04/dissecting-the-windows-defender-driver-wdfilter-part-4/
https://www.n4r1b.com/posts/2020/04/dissecting-the-windows-defender-driver-wdfilter-part-4/
N4R1B
Dissecting the Windows Defender Driver - WdFilter (Part 4)
In this series of posts I'll be explaining how the Windows Defender main Driver works, in this fourth post we will be focusing on how WdFilter handles different registry operations
Forwarded from Noise Security Bit (AM)
Hardwear.io Virtual Con на удивление может затмить многие офлайн эвенты!
Посмотрите сами на доклады 👁:
🧨 LVI: Hijacking Transient Execution with Load Value Injection
🧨 Firmly Rooted in Hardware: Practical protection from firmware attacks in hardware supply chain
🧨 Capturing Mask ROMs
🧨 Hints from Hardware Security for solving real-world challenges
Мероприятие абсолютно бесплатное🚀
👇👇👇
https://hardwear.io/virtual-con-2020/
Посмотрите сами на доклады 👁:
🧨 LVI: Hijacking Transient Execution with Load Value Injection
🧨 Firmly Rooted in Hardware: Practical protection from firmware attacks in hardware supply chain
🧨 Capturing Mask ROMs
🧨 Hints from Hardware Security for solving real-world challenges
Мероприятие абсолютно бесплатное🚀
👇👇👇
https://hardwear.io/virtual-con-2020/
hardwear.io
Hardwear.io Virtual Conference 2020 | Hacking, Community and Hope
30th April and 1st May 2020 | 10:00 am to 1:00 pm PDT (GMT-7) | Let's talk Hardware Security
Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant
https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/
https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/
Volexity
Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant
In September 2019, Volexity published Digital Crackdown: Large-Scale Surveillance and Exploitation of Uyghurs, which described a series of attacks against Uyghurs from multiple Chinese APT actors. The most notable threat […]