Richkware a framework for building Windows malware, written in C++
https://forum.reverse4you.org/t/richkware-a-framework-for-building-windows-malware-written-in-c/17103
#tools #redteam #malware #framework #agent #Karina
https://forum.reverse4you.org/t/richkware-a-framework-for-building-windows-malware-written-in-c/17103
#tools #redteam #malware #framework #agent #Karina
R0 CREW
Richkware a framework for building Windows malware, written in C++
Description Richkware is a library of network and OS functions, that you can use to create malware. The composition of these functions permits the application to assume behaviors referable to the following types of malware: Virus Worms Bot Spyware Keyloggerβ¦
IDA Pattern Search is a plugin that adds a capability of finding functions according to bit-patterns into the well-known IDA Pro disassembler based on Ghidraβs function patterns format. Using this plugin, it is possible to define new patterns according to the appropriate CPU architecture and analyze the target binary to find and define new functions in it.
https://forum.reverse4you.org/t/idapatternsearch-adds-a-capability-of-finding-functions-according-to-bit-patterns/17209
#tools #reverse #idapro #plugin #patterns #ghidra
https://forum.reverse4you.org/t/idapatternsearch-adds-a-capability-of-finding-functions-according-to-bit-patterns/17209
#tools #reverse #idapro #plugin #patterns #ghidra
R0 CREW
IDAPatternSearch adds a capability of finding functions according to bit-patterns
IDA Pattern Search is a plugin that adds a capability of finding functions according to bit-patterns into the well-known IDA Pro disassembler based on Ghidraβs function patterns format. Using this plugin, it is possible to define new patterns according toβ¦
$8,000 Bug Bounty Highlight: XSS to RCE in the Opera Browser
https://blogs.opera.com/security/2021/09/8000-bug-bounty-highlight-xss-to-rce-in-the-opera-browser/
#browser #opera #xss #rce #coolstory #darw1n
https://blogs.opera.com/security/2021/09/8000-bug-bounty-highlight-xss-to-rce-in-the-opera-browser/
#browser #opera #xss #rce #coolstory #darw1n
Opera Security
$8,000 Bug Bounty Highlight: XSS to RCE in the Opera Browser
Continuing from his previous post, Bug Bounty Hunter Renwa writes about the second vulnerability he submitted to Opera's Bug Bounty Programme: a Remote Code Execution in Opera's My Flow Feature. What follows is his write-up and experience.
HashDB is a free community-sourced library of hashing algorithms used in malware, with an IDA plugin!
βοΈAPI
https://hashdb.openanalysis.net/
π§©IDA Plugin
https://github.com/OALabs/hashdb-ida
πΎ Add Custom Algorithms
https://github.com/OALabs/hashdb
#malware #idapro #plugin #hashlib #KosBeg
βοΈAPI
https://hashdb.openanalysis.net/
π§©IDA Plugin
https://github.com/OALabs/hashdb-ida
πΎ Add Custom Algorithms
https://github.com/OALabs/hashdb
#malware #idapro #plugin #hashlib #KosBeg
GitHub
GitHub - OALabs/hashdb-ida: HashDB API hash lookup plugin for IDA Pro
HashDB API hash lookup plugin for IDA Pro. Contribute to OALabs/hashdb-ida development by creating an account on GitHub.
CVE-2021-30632 Chrome V8 RCE Exploit for Windows
https://forum.reverse4you.org/t/cve-2021-30632-chrome-v8-rce-exploit-for-windows/17286
#expdev #windows #browser #chrome #v8 #rce #hottabych
https://forum.reverse4you.org/t/cve-2021-30632-chrome-v8-rce-exploit-for-windows/17286
#expdev #windows #browser #chrome #v8 #rce #hottabych
R0 CREW
CVE-2021-30632 Chrome V8 RCE Exploit for Windows
On September 13, 2021, Google released version 93.0.4577.82 of Chrome. The release note specified that two of the security fixed bugs, CVE-2021-30632 and CVE-2021-30633, are being exploited in the wild (both reported by anonymous researchers). CVE-2021-30632β¦
Phrack 2021, Issue 0x46
* Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622
* Cyber Grand Shellphish
* VM escape - QEMU Case Study
* .NET Instrumentation via MSIL bytecode injection
* Twenty years of Escaping the Java Sandbox
* Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability
* Exploiting Logic Bugs in JavaScript JIT Engines
* Hypervisor Necromancy; Reanimating Kernel Protectors
* Tale of two hypervisor bugs - Escaping from FreeBSD
* The Bear in the Arena
* Exploiting a Format String Bug in Solaris CDE
* Segfault[.]net eulogy
http://phrack.org/issues/70/1.html
#magazine #expdev #net #msil #java #vm #javascript #hypervisor #darw1n
* Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622
* Cyber Grand Shellphish
* VM escape - QEMU Case Study
* .NET Instrumentation via MSIL bytecode injection
* Twenty years of Escaping the Java Sandbox
* Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability
* Exploiting Logic Bugs in JavaScript JIT Engines
* Hypervisor Necromancy; Reanimating Kernel Protectors
* Tale of two hypervisor bugs - Escaping from FreeBSD
* The Bear in the Arena
* Exploiting a Format String Bug in Solaris CDE
* Segfault[.]net eulogy
http://phrack.org/issues/70/1.html
#magazine #expdev #net #msil #java #vm #javascript #hypervisor #darw1n
Phrack
Introduction
Click to read the article on phrack
π1
Objective by the Sea v4.0 materials https://www.youtube.com/playlist?list=PLliknDIoYszvjA1Lix-Uce7ZDxS39J2ZY #video #conference #macos #ios #dukeBarman
YouTube
Objective by the Sea, v4.0
#OBTS v4, September 2021 Maui, HI Objective by the Sea (#OBTS) is the world's only Apple-centric security conference, which brings together the worlds top Ap...
π1
Android security checklist: WebView
https://blog.oversecured.com/Android-security-checklist-webview/
#mobile #android #webview #checklist #security #darw1n
https://blog.oversecured.com/Android-security-checklist-webview/
#mobile #android #webview #checklist #security #darw1n
News, Techniques & Guides
Android security checklist: WebView
WebView is a web browser that can be built into an app, and represents the most widely used component of the Android ecosystem; it is also subject to the largest number of potential errors.
easy-kernelmapper: map your driver with a batch
Intro - https://www.unknowncheats.me/forum/anti-cheat-bypass/476567-easy-kernelmapper-map-driver-batch.html
Repo - https://github.com/0dayatday0/BattleFN-cheat-analysis
Analysis - https://github.com/0dayatday0/BattleFN-cheat-analysis/blob/main/cheat-analysis.pdf
#re #cheat #gamehack #malware #redteam #kernel #driver #0dayatday0
Intro - https://www.unknowncheats.me/forum/anti-cheat-bypass/476567-easy-kernelmapper-map-driver-batch.html
Repo - https://github.com/0dayatday0/BattleFN-cheat-analysis
Analysis - https://github.com/0dayatday0/BattleFN-cheat-analysis/blob/main/cheat-analysis.pdf
#re #cheat #gamehack #malware #redteam #kernel #driver #0dayatday0
π1
This media is not supported in your browser
VIEW IN TELEGRAM
On December 11, a meeting of the r0 Crew KZ group will take place in Almaty.
Group: @r0crewKZ
Language: Russian
Meeting organizers:
- @Thatskriptkid
- @novitoll
Sponsors / Friends
@r0_Crew @novitoll_ch @sysadm_in_channel
Group: @r0crewKZ
Language: Russian
Meeting organizers:
- @Thatskriptkid
- @novitoll
Sponsors / Friends
@r0_Crew @novitoll_ch @sysadm_in_channel
π9β€3
Hello friends! We would like to inform you that we have opened an official local group for residents in Ukraine.
https://xn--r1a.website/r0crewUA
We will be glad to see all Ukrainians in our new group.
https://xn--r1a.website/r0crewUA
We will be glad to see all Ukrainians in our new group.
Telegram
r0 Crew (UA)
Ukrainian chapter of r0 Crew community
π14
π₯21π4
Binary Ninja 3.0 The Next Chapter (Pseudo C decompile!) https://binary.ninja/2022/01/27/3.0-the-next-chapter.html #reverse #binaryninja #dukeBarman
Binary Ninja
Binary Ninja - 3.0 The Next Chapter
Binary Ninja is a modern reverse engineering platform with a scriptable and extensible decompiler.
π10π4π3β€2
#ZeroNights 2022 CFP is OPEN: Offensive and defensive researches (15/30/45min, for each 45 min exclusive offensive research, the committee will provide an honorarium of $1000) Submit your talks! https://zeronights.ru/en/#cfp #conference #ZN
π12π4
An experimental dynamic approach to devirtualize pure functions protected by VMProtect 3.x
https://github.com/JonathanSalwan/VMProtect-devirtualization
#reverse #vmp #vmprotect #protection #obfuscation #deobfuscation #devirtualization #sloukixnx
https://github.com/JonathanSalwan/VMProtect-devirtualization
#reverse #vmp #vmprotect #protection #obfuscation #deobfuscation #devirtualization #sloukixnx
GitHub
GitHub - JonathanSalwan/VMProtect-devirtualization: Playing with the VMProtect software protection. Automatic deobfuscation ofβ¦
Playing with the VMProtect software protection. Automatic deobfuscation of pure functions using symbolic execution and LLVM. - JonathanSalwan/VMProtect-devirtualization
π18π₯6β€4