Сокрытие пейлода в памяти gpu, для антиав
https://raw.githubusercontent.com/vxunderground/VXUG-Papers/main/GpuMemoryAbuse.cpp
https://raw.githubusercontent.com/vxunderground/VXUG-Papers/main/GpuMemoryAbuse.cpp
Exploiting Steam
https://www.darknavy.org/blog/exploiting_steam_usual_and_unusual_ways_in_the_cef_framework/
https://www.darknavy.org/blog/exploiting_steam_usual_and_unusual_ways_in_the_cef_framework/
DARKNAVY
Exploiting Steam: Usual and Unusual Ways in the CEF Framework
Introduction
The Chromium Embedded Framework (CEF) is an open-source framework that allows developers to embed the Chromium engine in their applications. Although CEF is widely employed in a range of popular software, including WeChat and the Epic Games Launcher…
The Chromium Embedded Framework (CEF) is an open-source framework that allows developers to embed the Chromium engine in their applications. Although CEF is widely employed in a range of popular software, including WeChat and the Epic Games Launcher…
(dis)assembly framework. It supports all LLVM 15 architectures, with C++, Rust, and Python bindings.
блог
гитхаб
блог
гитхаб
Emproof
Introducing Nyxstone: An LLVM-based (Dis)assembly Framework - Emproof
At Emproof, our mission is to enhance the security and integrity of embedded systems through innovative binary rewriting techniques. We are committed to providing advanced […]
Order of Six Angles
By combining Frida with an enhanced version of Tenet, Frinet facilitates the study of large programs, vulnerability research and root-cause analysis on iOS, Android, Windows and most architectures. https://www.synacktiv.com/publications/frinet-reverse-engineering…
Интересный плагин, но пока чето не могу подобрать под него кейс 😐
Forwarded from RME-DisCo @ UNIZAR [www.reversea.me]
Breaking Custom Encryption Using Frida (Mobile Application Pentesting) #CustomEncryption #Frida #MobileApp #PenTesting #ApplicationSecurity https://labs.cognisys.group/posts/Breaking-Custom-Ecryption-Using-Frida-Mobile-Application-pentesting/
Cognisys Group Labs
Breaking Custom Encryption Using Frida (Mobile Application Pentesting)
Overview
Когда-то давно составлял для себя заметку по лайфхакам анализа .NET малвари, делюсь ей с вами.
Советы для исследования .NET малвари
Советы для исследования .NET малвари
Order Of Six Angles
Советы для исследования .NET малвари
У нас есть малварь, которая декодирует ресурс DE. С помощью скрипта stego можно расшифровать картинку. Результат декодирования: Также этот скрипт способен производить обратную операцию - превращать файл в стеганографическое изображение. Может использоваться…
💋
pwn.college - ctf задания для начинающих
Commonly Abused Linux Initial Access Techniques and Detection Strategies
GoogleCTF 2024 Writeups
An unexpected journey into Microsoft Defender's signature World.
Static deobfuscator for Themida/WinLicense/Code Virtualizer's mutation-based obfuscation.
Persistence with GPO Item Level Targeting
Эксплуатация CVE-2024-29943 (слайды)
The Ultimate Aim of Kernel Exploitation - Process Credentials
Learning LLVM (Part-1) - Writing a simple LLVM pass
Exploiting V8 at openECSC
Hypervisor-enforced Paging Translation - The end of non data-driven Kernel Exploits (Recon2024) слайды pptx
Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust
A Tale of Reverse Engineering 1001 GPTs: The good, the bad And the ugly
OSED materials (twit)
PgC: Garbage collecting Patchguard away
pwn.college - ctf задания для начинающих
Commonly Abused Linux Initial Access Techniques and Detection Strategies
GoogleCTF 2024 Writeups
An unexpected journey into Microsoft Defender's signature World.
Static deobfuscator for Themida/WinLicense/Code Virtualizer's mutation-based obfuscation.
Persistence with GPO Item Level Targeting
Эксплуатация CVE-2024-29943 (слайды)
The Ultimate Aim of Kernel Exploitation - Process Credentials
Learning LLVM (Part-1) - Writing a simple LLVM pass
Exploiting V8 at openECSC
Hypervisor-enforced Paging Translation - The end of non data-driven Kernel Exploits (Recon2024) слайды pptx
Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust
A Tale of Reverse Engineering 1001 GPTs: The good, the bad And the ugly
OSED materials (twit)
PgC: Garbage collecting Patchguard away
Learning LLVM (Part-2) (сурсы)
ZDI-24-821: A Remote UAF in The Kernel's net/tipc
A Short Tale of Sysctl
The Art of Malware C2 Scanning - How to Reverse and Emulate Protocol Obfuscated by Compiler
Chrome exploitation
Evading Event Tracing for Windows (ETW)-Based Detections
JTAG debug of windows Hyper V
ZDI-24-821: A Remote UAF in The Kernel's net/tipc
A Short Tale of Sysctl
The Art of Malware C2 Scanning - How to Reverse and Emulate Protocol Obfuscated by Compiler
Chrome exploitation
Evading Event Tracing for Windows (ETW)-Based Detections
JTAG debug of windows Hyper V
sh4dy's blog
Learning LLVM (Part-2)
IntroductionIn the first part of my blog series on compilers and LLVM, I provided a brief introduction to compiler fundamentals and LLVM. We also wrote a simple LLVM analysis pass to print function na
A bare minimum hypervisor on AMD and Intel processors for learners
Introduction to Intel VT-x
Recovering Rust stripped symbols on MinGW targets
Advanced CyberChef Techniques For Malware Analysis - Detailed Walkthrough and Examples
Hardware Hacking with a Raspberry Pi - Configuring the PiFex
Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge Remote-Code Execution
A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.
Writing a Frida-based VBS API monitor
c# obfuscation: making your code undetectable
Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws
A decompiler-agnostic plugin for interacting with AI in your decompiler. GPT-4, Claude, and local models supported!
Bootkits and kernel patching
Emulating Obfuscated Code
Слайды по различной эксплуатации
Introduction to Intel VT-x
Recovering Rust stripped symbols on MinGW targets
Advanced CyberChef Techniques For Malware Analysis - Detailed Walkthrough and Examples
Hardware Hacking with a Raspberry Pi - Configuring the PiFex
Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge Remote-Code Execution
A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.
Writing a Frida-based VBS API monitor
c# obfuscation: making your code undetectable
Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws
A decompiler-agnostic plugin for interacting with AI in your decompiler. GPT-4, Claude, and local models supported!
Bootkits and kernel patching
Emulating Obfuscated Code
Слайды по различной эксплуатации
а вот это интересно! доводилось реверсить cpython и я его не познал
10 часовой разбор cpython
https://youtube.com/playlist?list=PLWkTsO24LpD-k7AgYKEpb2M2SZn-NlKTo&si=F2eOcU1l-yVYdySJ
10 часовой разбор cpython
https://youtube.com/playlist?list=PLWkTsO24LpD-k7AgYKEpb2M2SZn-NlKTo&si=F2eOcU1l-yVYdySJ
This media is not supported in your browser
VIEW IN TELEGRAM
взял кота из приюта. Назвал Шелл
Order of Six Angles
Infecting android applications - The new way (English version) https://orderofsixangles.com/en/2020/04/07/android-infection-the-new-way.html Новый способ внедрения вредоносного кода в андроид приложения (Русская версия) https://orderofsixangles.com/ru/…
вернулся к своему старому проекту, допилил его двумя фичами, написал почти статью об этом, скоро скину либо возможно ее опубликуют в vxunderground blackmass 3
Вышла статья Injecting Java in-memory payloads for post-exploitation. Я спросил мнение о ней у одного знающего чувака, он сказал "использование remote agents - это старая тема, еще 4 года назад я делал подобное". В любом случае очень интересно
Synacktiv
Injecting Java in-memory payloads for post-exploitation