Source Byte

Abusing the SeRelabelPrivilege

that a specific Group Poilcy granted via “User Right Assignments” the SeRelabelPrivilege to the built-in Users group and was applied on several computer accounts.

https://decoder.cloud/2024/05/30/abusing-the-serelabelprivilege

#malware_dev

1.09K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌$ᴘ3ᴅʏʟ1👾, 15:24

Source Byte

🦀 | RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Rust programming language. https://github.com/joaoviictorti/RustRedOps.git @source_byte #malware_dev #rust

OffensiveGolang is a collection of offensive Go packs inspired by different repositories. Ideas have been taken from OffensiveGoLang and Ben Kurtz's DEFCON 29 talk.

https://github.com/MrTuxx/OffensiveGolang.git

#malware_dev #go

6🔥1

1.55K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌$ᴘ3ᴅʏʟ1👾, edited 10:25

Source Byte

weaponizing Nim for implant development and general offensive operations
https://github.com/byt3bl33d3r/OffensiveNim.git

Interesting Nim libraries

https://github.com/dom96/jester
https://github.com/pragmagic/karax
https://github.com/Niminem/Neel
https://github.com/status-im/nim-libp2p
https://github.com/PMunch/libkeepass
https://github.com/def-/nim-syscall
https://github.com/tulayang/asyncdocker
https://github.com/treeform/ws
https://github.com/guzba/zippy
https://github.com/rockcavera/nim-iputils
https://github.com/FedericoCeratto/nim-socks5
https://github.com/CORDEA/backoff
https://github.com/treeform/steganography
https://github.com/miere43/nim-registry
https://github.com/status-im/nim-daemon

#malware_dev #nim

1.71K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌$ᴘ3ᴅʏʟ1👾, edited 10:40

Source Byte

gargoyle is a technique for hiding all of a program’s executable code in non-executable memory
GitHub
Link
Blog

#malware_dev

❤54🥱2👍1

1.13K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌$ᴘ3ᴅʏʟ1👾, 05:53

Source Byte

DarkPulse is a shellcode packer written in Go. It is used to generate various shellcode loaders.

https://github.com/fdx-xdf/darkPulse

#malware_dev

3❤2

1.35K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌$ᴘ3ᴅʏʟ1👾, edited 00:15

Source Byte

GoThief

Recently, I encountered such a scenario in an attack and defense game. The target machine accessed the internal application system and was uniformly controlled by VPN. After connecting to VPN, the connection with the external network would be disconnected, resulting in the inability to issue commands in real time. Therefore, I had the idea of developing this small tool. By taking screenshots of the keyboard and recording the clipboard, I could obtain the target's operations after connecting to VPN, and collect sensitive information for the next step of lateral movement.

GitHub

#stealer #malware_dev

4🔥2👍1

1.44K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌$ᴘ3ᴅʏʟ1👾, 00:50

Source Byte

Check out the full source code of EagleSpy and tailor it to your preferences.

#source
#malware_analysis
#malware_dev #malware

👍22🔥1

1.58K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌$ᴘ3ᴅʏʟ1👾, edited 05:51

Source Byte

An Introduction to Bypassing User Mode EDR Hooks
Credit: Marcus Hutchins

Whilst this article is designed to stand on its own, if you’re interested, you can find my previous articles on these topics here, here, here and here. Surprisingly, despite all this research being over a decade old, it’s still completely relevant today. The more things change, the more they stay the same, I guess?

https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html

#Hooking #edr
#malware_dev

🔥2👾2

1.33K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌$ᴘ3ᴅʏʟ1👾, 06:03

Source Byte

Introduction global hook and its cases
https://www.programmerall.com/article/21622234988/

hook, refers to a technique used to advance the use of api intercept and process windows messages. Such as a keyboard hook, the Trojans have a lot of this stuff, monitor your keyboard.

👾3🗿1

1.32K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌$ᴘ3ᴅʏʟ1👾, 06:03

Source Byte

gargoyle is a technique for hiding all of a program’s executable code in non-executable memory GitHub Link Blog #malware_dev

This media is not supported in your browser

VIEW IN TELEGRAM

Bypassing PESieve and Moneta (The "easy" way....?)
It contains several parts.

Implementation of gargoyle

Lockd: This is the main Gargoyle component
sRDI-Master: This has been slightly re worked to provide a free mechanism.
test.profile: This sample profile shows required options to work
ShellcodeRDI.py: This is the altered python generator with the new sRDI assembly

+ Blog
+ GitHub

#malware_dev

👾5👍2

1.58K views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌$ᴘ3ᴅʏʟ1👾, edited 20:19

About

Blog

Apps

Platform