The proof-of-concept smbdoor.sys driver is a silent remote backdoor that does not bind new sockets or perform function modification hooking. Instead it abuses undocumented APIs in srvnet.sys to register itself as a valid SMB handler. It then listens on the already-bound ports 139/445 for special packets in which to execute secondary shellcode. In several ways, it has similarities with DoublePulsar and DarkPulsar, as well as ToxicSerpent.
https://github.com/zerosum0x0/smbdoor
#re #malware #backdoor #darw1n
https://github.com/zerosum0x0/smbdoor
#re #malware #backdoor #darw1n
Intermediate Representation for Binary analysis and transformation Github: https://github.com/GrammaTech/GTIRB Article: https://blogs.grammatech.com/open-source-tools-for-binary-analysis-and-rewriting #reverse #dukeBarman
GitHub
GitHub - GrammaTech/gtirb: Intermediate Representation for Binary analysis and transformation
Intermediate Representation for Binary analysis and transformation - GitHub - GrammaTech/gtirb: Intermediate Representation for Binary analysis and transformation
23 марта на встрече Зеленоградского DC (@DEFCON7495), Дарвин, рассказал об истории появления R0 CREW.
https://www.youtube.com/watch?v=J8QA6iSYw20
https://www.youtube.com/watch?v=J8QA6iSYw20
YouTube
R0 CREW. [Meetup 6]
Наиболее полная история основания сообщества R0 CREW
Reverse-engineering Broadcom wireless chipsets https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html #hardware #reverse #dukeBarman
Quarkslab
Reverse-engineering Broadcom wireless chipsets - Quarkslab's blog
Broadcom is one of the major vendors of wireless devices worldwide. Since these chips are so widespread they constitute a high value target to attackers and any vulnerability found in them should be considered to pose high risk. In this blog post I provide…
❤1
Scripts for the Ghidra software reverse engineering suite. https://github.com/ghidraninja/ghidra_scripts #ghidra #reverse #dukeBarman
GitHub
GitHub - ghidraninja/ghidra_scripts: Scripts for the Ghidra software reverse engineering suite.
Scripts for the Ghidra software reverse engineering suite. - ghidraninja/ghidra_scripts
Решаем простой Crackme для Sega Mega Drive https://habr.com/ru/post/448500/ #reverse #ctf #dukeBarman
Хабр
Решаем простой Crackme для Sega Mega Drive
Привет всем, Несмотря на мой большой опыт в реверсе игр под Sega Mega Drive, крякмисов под неё я никогда не решал, да и не попадались они мне на просторах интернета. Но, на днях появился забавный...
The Story of Two Winning Pwn2Own JIT Vulnerabilities in Mozilla Firefox (CVE-2019-9810/CVE-2019-9813 )
https://www.thezdi.com/blog/2019/4/18/the-story-of-two-winning-pwn2own-jit-vulnerabilities-in-mozilla-firefox
#re #expdev #poc #jit #darw1n
https://www.thezdi.com/blog/2019/4/18/the-story-of-two-winning-pwn2own-jit-vulnerabilities-in-mozilla-firefox
#re #expdev #poc #jit #darw1n
Zero Day Initiative
Zero Day Initiative — The Story of Two Winning Pwn2Own JIT Vulnerabilities in Mozilla Firefox
Every year some of the greatest security researchers around the globe gather together for the Pwn2Own event to demonstrate their skills by compromising widely used applications. This year’s event recently completed and did not disappoint. On the second…
17-18 июня в Москве на площадке ЦДП пройдет вторая международная конференция по практической кибербезопасности OFFZONE 2019.
На CFP приглашаются спикеры, готовые представить свои доклады, как offensive, так и defensive. Подать заявку можно на сайте конференции до 29 апреля.
Выступления могут быть формата Talk (45 минут + QA) или Fastrack (20 минут + QA). В этом году на OFFZONE будет новая тематическая зона – TOOL.ZОNЕ, где можно рассказать про собственные тулзы для арсенала безопасников.
Больше информации и свежие новости о процессе подготовки можно найти на официальном ТГ канале конференции:
https://xn--r1a.website/offzone_moscow
На CFP приглашаются спикеры, готовые представить свои доклады, как offensive, так и defensive. Подать заявку можно на сайте конференции до 29 апреля.
Выступления могут быть формата Talk (45 минут + QA) или Fastrack (20 минут + QA). В этом году на OFFZONE будет новая тематическая зона – TOOL.ZОNЕ, где можно рассказать про собственные тулзы для арсенала безопасников.
Больше информации и свежие новости о процессе подготовки можно найти на официальном ТГ канале конференции:
https://xn--r1a.website/offzone_moscow
Telegram
OFFZONE
Конференция по практической кибербезопасности
Объединяем безопасников, разработчиков, инженеров, исследователей, преподавателей и студентов с 2018 года
https://offzone.moscow/ru/
Все согласия получены. Условий субъектами не установлено
Объединяем безопасников, разработчиков, инженеров, исследователей, преподавателей и студентов с 2018 года
https://offzone.moscow/ru/
Все согласия получены. Условий субъектами не установлено
An Abstract Interpretation-Based Deobfuscation Plugin for Ghidra
https://www.msreverseengineering.com/blog/2019/4/17/an-abstract-interpretation-based-deobfuscation-plugin-for-ghidra
#re #ghidra #obfuscation #plugin #darw1n
https://www.msreverseengineering.com/blog/2019/4/17/an-abstract-interpretation-based-deobfuscation-plugin-for-ghidra
#re #ghidra #obfuscation #plugin #darw1n
Möbius Strip Reverse Engineering
An Abstract Interpretation-Based Deobfuscation Plugin for Ghidra — Möbius Strip Reverse Engineering
This blog entry announces the release of an abstract interpretation-based Ghidra plugin for deobfuscation. The code can be found here (see the ‘Releases’ tab for a binary release). In view of the picture below, the static analysis described herein is designed…
PoC for CVE-2018-18500 - Firefox Use-After-Free
https://github.com/sophoslabs/CVE-2018-18500/
#re #expdev #browser #uaf #poc #darw1n
https://github.com/sophoslabs/CVE-2018-18500/
#re #expdev #browser #uaf #poc #darw1n
GitHub
GitHub - sophoslabs/CVE-2018-18500: PoC for CVE-2018-18500 - Firefox Use-After-Free
PoC for CVE-2018-18500 - Firefox Use-After-Free. Contribute to sophoslabs/CVE-2018-18500 development by creating an account on GitHub.
Безопасность DHCP в Windows 10: разбираем критическую уязвимость CVE-2019-0726
https://habr.com/ru/company/pt/blog/448378/
#re #expdev #bof #dhcp #darw1n
https://habr.com/ru/company/pt/blog/448378/
#re #expdev #bof #dhcp #darw1n
Хабр
Безопасность DHCP в Windows 10: разбираем критическую уязвимость CVE-2019-0726
Изображение: Pexels С выходом январских обновлений для Windows новость о критически опасной уязвимости CVE-2019-0547 в DHCP-клиентах всколыхнула общественность. Подогревали интерес высокий рейтинг...
Malware Theory - PE Malformations and Anomalies https://www.youtube.com/watch?v=-0DEEbQq8jU #malware #newbie #dukeBarman
YouTube
Malware Theory - PE Malformations and Anomalies
We explore malformations and anomalies of the Portable Executable format. What kinds of malformations exist, why do they occur and how do they affect PE file parsers?
My malware analysis course for beginners: https://www.udemy.com/course/windows-malware…
My malware analysis course for beginners: https://www.udemy.com/course/windows-malware…
Some part of FIN7 (aka CARBANK) source code has leaked to VirusTotal:
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-a-rare-occurrence.html
#malware #source #leak #fin7 #darw1n
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-a-rare-occurrence.html
#malware #source #leak #fin7 #darw1n
Google Cloud Blog
CARBANAK Week Part One: A Rare Occurrence | Google Cloud Blog
We kick off CARBANAK Week with the first post in our four-part blog series.
Deobfuscating APT32 Flow Graphs with Cutter and Radare2 https://research.checkpoint.com/deobfuscating-apt32-flow-graphs-with-cutter-and-radare2/ #radare2 #malware #dukeBarman
Check Point Research
Deobfuscating APT32 Flow Graphs with Cutter and Radare2 - Check Point Research
Research by: Itay Cohen The Ocean Lotus group, also known as APT32, is a threat actor which has been known to target East Asian countries such as Vietnam, Laos and the Philippines. The group strongly focuses on Vietnam, especially private sector companies…
How to reverse malware on macOS:
Part 1: https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-one/
Part 2: https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-two/
Part 3: https://www.sentinelone.com/blog/how-to-reverse-malware-on-macos-without-getting-infected-part-3/
#malware #macos #newbie #reverse #dukeBarman
Part 1: https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-one/
Part 2: https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-two/
Part 3: https://www.sentinelone.com/blog/how-to-reverse-malware-on-macos-without-getting-infected-part-3/
#malware #macos #newbie #reverse #dukeBarman
SentinelOne
How to Reverse Malware on macOS Without Getting Infected | Part 1
Ever wanted to learn how to reverse malware on Apple macOS? This is the place to start! Join us in this 3-part series on macOS reverse engineering skills.
Android App Reverse Engineering 101 https://maddiestone.github.io/AndroidAppRE/ #android #reverse #newbie #dukeBarman