PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack.
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
Quarkslab
PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack. - Quarkslab's blog
This blog post provides details about nine vulnerabilities affecting the IPv6 network protocol stack of EDK II, TianoCore's open source reference implementation of UEFI.
Debug Case Study: Analyzing AppCrash of Cobalt Strike Beacon
https://github.com/DebugPrivilege/InsightEngineering/tree/main/Debugging%20Case%20Studies/Debug%20Case%20Study%3A%20Analyzing%20AppCrash%20of%20Cobalt%20Strike%20Beacon
https://github.com/DebugPrivilege/InsightEngineering/tree/main/Debugging%20Case%20Studies/Debug%20Case%20Study%3A%20Analyzing%20AppCrash%20of%20Cobalt%20Strike%20Beacon
GitHub
InsightEngineering/Debugging Case Studies/Debug Case Study: Analyzing AppCrash of Cobalt Strike Beacon at main · DebugPrivileg…
Hardcore Debugging. Contribute to DebugPrivilege/InsightEngineering development by creating an account on GitHub.
Использование dotnetfile для расшифровки строк C# малвари
https://medium.com/@crovax/ducktail-multi-stage-analysis-39c2a7d9675d
https://medium.com/@crovax/ducktail-multi-stage-analysis-39c2a7d9675d
plugin for Ida Pro to perform the parsing of the MAP file (generated by the IDR) and in this way rescue all the Delphi symbols
https://github.com/Xienim/Delphi-Kawaii
https://github.com/Xienim/Delphi-Kawaii
GitHub
GitHub - Xienim/Delphi-Kawaii: Delphi-Kawaii is a plugin for Ida Pro.
Delphi-Kawaii is a plugin for Ida Pro. Contribute to Xienim/Delphi-Kawaii development by creating an account on GitHub.
Reverse Engineering Terminator aka Zemana AntiMalware/AntiLogger Driver
https://voidsec.com/reverse-engineering-terminator-aka-zemana-antimalware-antilogger-driver/
https://voidsec.com/reverse-engineering-terminator-aka-zemana-antimalware-antilogger-driver/
VoidSec
Reverse Engineering Terminator aka Zemana AntiMalware/AntiLogger Driver - VoidSec
Reverse engineering Spybot's Terminator tool (Zemana Antimalware driver) to achieve LPE as SYSTEM and unrestricted raw SCSI disk read/write.
Malware Analysis and Deobfuscation With Procmon - Smokeloader Example
https://embee-research.ghost.io/smokeloader-analysis-with-procmon/
https://embee-research.ghost.io/smokeloader-analysis-with-procmon/
Embee Research
Malware Analysis and Deobfuscation With Procmon - Smokeloader Example
Decoding malware loaders using Procmon and Cyberchef. Utilising Powershell to retrieve additional payloads and free online tooling to identify the malware family.
how to brute-force almost any fingerprint-protected Android smartphone
https://arxiv.org/pdf/2305.10791.pdf
https://arxiv.org/pdf/2305.10791.pdf
novel attack on PyPI using compiled Python code to evade detection
https://www.reversinglabs.com/blog/when-python-bytecode-bites-back-who-checks-the-contents-of-compiled-python-files
https://www.reversinglabs.com/blog/when-python-bytecode-bites-back-who-checks-the-contents-of-compiled-python-files
ReversingLabs
When byte code bites: Who checks the contents of compiled Python files? | ReversingLabs
ReversingLabs researchers identified a PyPI attack using compiled Python code to evade detection — possibly the first PYC file direct-execution attack.
Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation
https://github.com/can1357/NtRays
https://github.com/can1357/NtRays
GitHub
GitHub - can1357/NtRays: Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.
Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation. - can1357/NtRays
Unpacking VIDAR using Time-Travel Debugging (TTD) in WinDbg Preview
https://www.youtube.com/watch?v=HcyCZPNO3qI
https://www.youtube.com/watch?v=HcyCZPNO3qI
YouTube
Unpacking VIDAR using Time-Travel Debugging (TTD) in WinDbg Preview
In the last video, we looked for signs of packing in our malicious sample using IDA Pro. What we found was fairly clear evidence of the use of process hollowing, a common technique of code injection used by malware authors. In this video, I'll introduce Time…
How to Setup CAPEV2 Sandbox - Malware Config & Payload Extractor
https://www.youtube.com/watch?v=ZRrk2QRN7Lc
https://www.youtube.com/watch?v=ZRrk2QRN7Lc
YouTube
How to Setup CAPEV2 Sandbox - Malware Config & Payload Extractor
Learn how to install and setup CapeV2 Sandbox
Support us on GH: https://guidedhacking.com/register/
Support us on Patreon: https://patreon.com/guidedhacking
Support us on YT: https://www.youtube.com/channel/UCCMi6F5Ac3kQDfffWXQGZDw/join
CAPE is a malware…
Support us on GH: https://guidedhacking.com/register/
Support us on Patreon: https://patreon.com/guidedhacking
Support us on YT: https://www.youtube.com/channel/UCCMi6F5Ac3kQDfffWXQGZDw/join
CAPE is a malware…
triage-collector is a triage collection tool for fast forensic.
https://github.com/herosi/triage-collector
https://github.com/herosi/triage-collector
GitHub
GitHub - herosi/triage-collector
Contribute to herosi/triage-collector development by creating an account on GitHub.
VMUnprotect.Dumper can dynamically untamper VMProtected Assembly
https://github.com/void-stack/VMUnprotect.Dumper
https://github.com/void-stack/VMUnprotect.Dumper
GitHub
GitHub - void-stack/VMUnprotect.Dumper: VMUnprotect.Dumper can dynamically untamper VMProtected Assembly.
VMUnprotect.Dumper can dynamically untamper VMProtected Assembly. - void-stack/VMUnprotect.Dumper
a suite of utilities and libraries that enables analysis of binary programs. BAP supports x86, x86-64, ARM, MIPS, PowerPC and new architectures can be added using plugins. BAP includes various analyses, standard interpreter, microexecution interpreter, and a symbolic executor.
https://github.com/BinaryAnalysisPlatform/bap?s=09
https://github.com/BinaryAnalysisPlatform/bap?s=09
GitHub
GitHub - BinaryAnalysisPlatform/bap: Binary Analysis Platform
Binary Analysis Platform. Contribute to BinaryAnalysisPlatform/bap development by creating an account on GitHub.
Unofficial YARA IDA Pro plugin, along with an unparalleled crypto/hash/compression rule set based on Luigi Auriemma's signsrch signatures.
https://github.com/kweatherman/yara4ida
Взамен устаревшего Signsearch плагина
https://github.com/kweatherman/yara4ida
Взамен устаревшего Signsearch плагина
GitHub
GitHub - kweatherman/yara4ida: Unofficial YARA IDA Pro plugin, along with an unparalleled crypto/hash/compression rule set based…
Unofficial YARA IDA Pro plugin, along with an unparalleled crypto/hash/compression rule set based on Luigi Auriemma's signsrch signatures. - kweatherman/yara4ida