Centralized resource for listing and organizing known injection techniques and POCs
https://github.com/itaymigdal/awesome-injection
#redteam #malware #process #inject
https://github.com/itaymigdal/awesome-injection
#redteam #malware #process #inject
GitHub
GitHub - itaymigdal/awesome-injection: Centralized resource for listing and organizing known injection techniques and POCs
Centralized resource for listing and organizing known injection techniques and POCs - itaymigdal/awesome-injection
π₯8π5
Analyzing a Modern In-the-wild Android Exploit
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
#expdev #android #linux
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
#expdev #android #linux
projectzero.google
Analyzing a Modern In-the-wild Android Exploit - Project Zero
By Seth Jenkins, Project ZeroIntroductionIn December 2022, Googleβs Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsu...
π₯5
CVE-2023-4047 Root Cause Analysis
https://www.richardosgood.com/posts/cve---2023---4047-root-cause-analysis/
#expdev #windows #1day #winrar
https://www.richardosgood.com/posts/cve---2023---4047-root-cause-analysis/
#expdev #windows #1day #winrar
Richardosgood
CVE-2023-40477 Root Cause Analysis
Root cause analysis for CVE-2023-40477 with PoC
π₯3β€1π1
Advanced Root Detection & Bypass Techniques
In this blog, we will explore techniques related to root detection on Android devices and methods to bypass it. Our main focus will be on the strategies employed by app developers to protect their applications and prevent them from running on compromised devices.
https://8ksec.io/advanced-root-detection-bypass-techniques/
#mobile #android #reverse #frida #root #detection #bypass
In this blog, we will explore techniques related to root detection on Android devices and methods to bypass it. Our main focus will be on the strategies employed by app developers to protect their applications and prevent them from running on compromised devices.
https://8ksec.io/advanced-root-detection-bypass-techniques/
#mobile #android #reverse #frida #root #detection #bypass
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Advanced Frida Usage Part 5 β Advanced Root Detection & Bypass Techniques
Explore techniques related to root detection on Android devices and methods to bypass it.
π5β€4π1
Emulating IoT Firmware Made Easy: Start Hacking Without the Physical Device
https://boschko.ca/qemu-emulating-firmware/
#qemu #firmware
https://boschko.ca/qemu-emulating-firmware/
#qemu #firmware
Boschko Security Blog
Emulating IoT Firmware Made Easy: Start Hacking Without the Physical Device
A step-by-step how-to guide to using QEMU in Ubuntu 18.04 to emulate embedded devices.
π16π2β€1
HEVD: How a simple K-TypeConfusion took me 3 months long to create a exploit? β Windows 11 (build 22621)
https://wafzsucks.medium.com/how-a-simple-k-typeconfusion-took-me-3-months-long-to-create-a-exploit-f643c94d445f
#expdev #windows #hevd #kaslr #smep
https://wafzsucks.medium.com/how-a-simple-k-typeconfusion-took-me-3-months-long-to-create-a-exploit-f643c94d445f
#expdev #windows #hevd #kaslr #smep
Medium
How a simple K-TypeConfusion took me 3 months long to create a exploit?
Have you ever tested something for a really long time, that it made part of your life? thatβs what happen to me for the last months when aβ¦
π11β€1
Local Privilege Escalation in the glibc's ld.so (CVE-2023-4911)
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
POC: https://github.com/leesh3288/CVE-2023-4911
#expdev #linux #lpe #Alexs3y
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
POC: https://github.com/leesh3288/CVE-2023-4911
#expdev #linux #lpe #Alexs3y
GitHub
GitHub - leesh3288/CVE-2023-4911: PoC for CVE-2023-4911
PoC for CVE-2023-4911. Contribute to leesh3288/CVE-2023-4911 development by creating an account on GitHub.
π₯8π4β€1
msdocviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.
https://github.com/alexander-hanel/msdocsviewer
#tools #idapro #windows #api
https://github.com/alexander-hanel/msdocsviewer
#tools #idapro #windows #api
π₯31β€2
PatchaPalooza uses the power of Microsoft's MSRC CVRF API to fetch, store, and analyze security update data. Designed for cybersecurity professionals, it offers a streamlined experience for those who require a quick yet detailed overview of vulnerabilities, their exploitation status, and more. This tool operates entirely offline once the data has been fetched, ensuring that your analyses can continue even without an internet connection.
https://github.com/xaitax/PatchaPalooza
https://patchapalooza.com
#expdev #helpers #tools
https://github.com/xaitax/PatchaPalooza
https://patchapalooza.com
#expdev #helpers #tools
GitHub
GitHub - xaitax/PatchaPalooza: A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates.
A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates. - xaitax/PatchaPalooza
π2β€1
LdrLibraryEx a small x64 library to load dll's into memory.
https://github.com/Cracked5pider/LdrLibraryEx
#tools #redteam #dev
https://github.com/Cracked5pider/LdrLibraryEx
#tools #redteam #dev
GitHub
GitHub - Cracked5pider/LdrLibraryEx: A small x64 library to load dll's into memory.
A small x64 library to load dll's into memory. Contribute to Cracked5pider/LdrLibraryEx development by creating an account on GitHub.
π4π3β€1π₯1
Use the free Microsoft bing's gpt with ida pro, to perform free analyzes!
https://github.com/p1ay8y3ar/idaBingGPTPlugin
#tools #reverse #idapro #ai
https://github.com/p1ay8y3ar/idaBingGPTPlugin
#tools #reverse #idapro #ai
π8β€6π₯3π1
Reverse Engineering Go Binaries with Ghidra (Part 1)
https://forum.reverse4you.org/t/reverse-engineering-go-binaries-with-ghidra-part-1/20096/1
Reverse Engineering Go Binaries with Ghidra (Part 2)
https://forum.reverse4you.org/t/reverse-engineering-go-binaries-with-ghidra-part-2/20097
#reverse #ghidra #golang
https://forum.reverse4you.org/t/reverse-engineering-go-binaries-with-ghidra-part-1/20096/1
Reverse Engineering Go Binaries with Ghidra (Part 2)
https://forum.reverse4you.org/t/reverse-engineering-go-binaries-with-ghidra-part-2/20097
#reverse #ghidra #golang
R0 CREW
Reverse Engineering Go Binaries with Ghidra (Part 1)
Source: cujo.com Go (also called Golang) is an open source programming language designed by Google in 2007 and made available to the public in 2012. It gained popularity among developers over the years, but itβs not always used for good purposes. As it oftenβ¦
π₯10π6β€2
vmp-3.5.1.zip
20.2 MB
VMProtect Source Code (Leaked 07.12.2023)
mirror:
https://github.com/jmpoep/vmprotect-3.5.1
#tools #source #leaked #vmp #protector
intel.cc and processors.cc included
mirror:
https://github.com/jmpoep/vmprotect-3.5.1
#tools #source #leaked #vmp #protector
π₯48β€7π3π1
Titan is a VMProtect devirtualizer
https://github.com/archercreat/titan
#tools #reverse #devirt #devirtualizer #vmp #protector
https://github.com/archercreat/titan
#tools #reverse #devirt #devirtualizer #vmp #protector
GitHub
GitHub - archercreat/titan: Titan is a VMProtect devirtualizer
Titan is a VMProtect devirtualizer. Contribute to archercreat/titan development by creating an account on GitHub.
π₯21β€10π4π3
Mergen converts Assembly code into LLVM IR, a process known as lifting. It leverages the LLVM optimization pipeline for code optimization and constructs control flow through pseudo-emulation of instructions. Unlike typical emulation, Mergen can handle unknown values, easing the detection of opaque branches and theoretically enabling exploration of multiple code branches.
These capabilities facilitate the deobfuscation and devirtualization of obfuscated or virtualized functions. Currently in early development, Mergen already shows promise in devirtualizing older versions of VMProtect, with ambitions to support most x86_64 instructions.
https://github.com/NaC-L/Mergen
#llvm #lifting #vmprotect #tnaci
These capabilities facilitate the deobfuscation and devirtualization of obfuscated or virtualized functions. Currently in early development, Mergen already shows promise in devirtualizing older versions of VMProtect, with ambitions to support most x86_64 instructions.
https://github.com/NaC-L/Mergen
#llvm #lifting #vmprotect #tnaci
GitHub
GitHub - NaC-L/Mergen: Deobfuscation via optimization with usage of LLVM IR and parsing assembly.
Deobfuscation via optimization with usage of LLVM IR and parsing assembly. - NaC-L/Mergen
π24β€8π₯°4π2
xVMP is an LLVM IR-based code virtualization tool, which fulfilled a scalable and virtualized instruction-hardened obfuscation. It supports multiple programming languages, and architectures. It is also compatible with existing LLVM IR-based obfuscation schemes (such as Obfuscator-LLVM).
xVMP is developer friendly. You only need to add annotations to the to-be-protected function in the source code, and xVMP can perform virtualization protection on the function during compilation.
https://github.com/GANGE666/xVMP
#virtualization #obfuscation #alekum
xVMP is developer friendly. You only need to add annotations to the to-be-protected function in the source code, and xVMP can perform virtualization protection on the function during compilation.
https://github.com/GANGE666/xVMP
#virtualization #obfuscation #alekum
GitHub
GitHub - GANGE666/xVMP
Contribute to GANGE666/xVMP development by creating an account on GitHub.
π₯8π4β€1
Keystone / Capstone Replacement
Nyxstone is a powerful assembly and disassembly library based on LLVM. It doesnβt require patches to the LLVM source tree and links against standard LLVM libraries available in most Linux distributions. Implemented as a C++ library, Nyxstone also offers Rust and Python bindings. It supports all official LLVM architectures and allows to configure architecture-specific target settings.
GitHub: https://github.com/emproof-com/nyxstone
Blog: https://www.emproof.com/introducing-nyxstone-an-llvm-based-disassembly-framework/
Nyxstone is a powerful assembly and disassembly library based on LLVM. It doesnβt require patches to the LLVM source tree and links against standard LLVM libraries available in most Linux distributions. Implemented as a C++ library, Nyxstone also offers Rust and Python bindings. It supports all official LLVM architectures and allows to configure architecture-specific target settings.
GitHub: https://github.com/emproof-com/nyxstone
Blog: https://www.emproof.com/introducing-nyxstone-an-llvm-based-disassembly-framework/
GitHub
GitHub - emproof-com/nyxstone: Nyxstone: assembly / disassembly library based on LLVM, implemented in C++ with Rust and Pythonβ¦
Nyxstone: assembly / disassembly library based on LLVM, implemented in C++ with Rust and Python bindings, maintained by emproof.com - emproof-com/nyxstone
π8π6π₯6
Thread-Name Calling - A new process injection technique using Thread Name.
The code to be injected is passed as a thread description to the target.
https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/
#redteam #inject
The code to be injected is passed as a thread description to the target.
https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/
#redteam #inject
Check Point Research
Thread Name-Calling - using Thread Name for offense - Check Point Research
Research by: hasherezade Highlights: Introduction Process injection is one of the important techniques used by attackers. We can find its variants implemented in almost every malware. It serves purposes such as: Due to the fact that interference in the memoryβ¦
π₯10π₯°2
The installation package for IDA Pro 9.0 Beta 2 available without password.
https://out5.hex-rays.com/beta90_6ba923/
Forum for discussion:
https://forum.reverse4you.org/t/ida-pro-9-0-beta/20459
Chat for discussion:
https://xn--r1a.website/r0_chat/1
#tools #reverse #idapro #windows #linux #macos
https://out5.hex-rays.com/beta90_6ba923/
Forum for discussion:
https://forum.reverse4you.org/t/ida-pro-9-0-beta/20459
Chat for discussion:
https://xn--r1a.website/r0_chat/1
#tools #reverse #idapro #windows #linux #macos
π₯24π8
DJI - The ART of obfuscation
https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
#reverse #mobile #android #obfuscation
https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
#reverse #mobile #android #obfuscation
Quarkslab
DJI - The ART of obfuscation - Quarkslab's blog
Study of an Android runtime (ART) hijacking mechanism for bytecode injection through a step-by-step analysis of the packer used to protect the DJI Pilot Android application.
π₯9β€5π2π΄2
LayeredSyscall β Abusing VEH to Bypass EDRs
https://whiteknightlabs.com/2024/07/31/layeredsyscall-abusing-veh-to-bypass-edrs
#redteam #edr #hook #bypass
https://whiteknightlabs.com/2024/07/31/layeredsyscall-abusing-veh-to-bypass-edrs
#redteam #edr #hook #bypass
White Knight Labs
LayeredSyscall - Abusing VEH to Bypass EDRs | White Knight Labs
Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR hooks in Windows.
π₯6π΄3β€2π1