Defeating Userland Hooks (ft. Bitdefender) https://0x00sec.org/t/defeating-userland-hooks-ft-bitdefender/12496 #debugger #dukeBarman
0x00sec - The Home of the Hacker
Defeating Userland Hooks (ft. Bitdefender)
It has been brought to my attention by @lkw of a recent Cylance bypass that would allow an application to dump memory from the lsass.exe process. The article discusses the issues of userland hooks employed by the EDR to detect the use of the ReadProcessMemory…
Reverse Engineering Gootkit with Ghidra Part I https://dannyquist.github.io/gootkit-reversing-ghidra/#malware #ghidra #dukeBarman
dannyquist.github.io
Reverse Engineering Gootkit with Ghidra Part I
Ghidra is pretty handy for looking at malware. This series of post is an informal overview of what I do. Gootkit is a great implant to learn the functionality of Ghidra. Gootkit is a NodeJS server with packaged Javascript implementing the implant functionality.…
Someone published the source code of the GAPZ bootkit:
Bootkit: https://github.com/Darkabode/zerokit
Usermode Part: https://github.com/Darkabode/possessor
Server Controller Part: https://github.com/Darkabode/0ctrl
Some shared Code: https://github.com/Darkabode/0lib
Analysis GAPZ Bootkit: https://www.welivesecurity.com/wp-content/uploads/2013/04/gapz-bootkit-whitepaper.pdf
#vx #rootkit #bootkit #re #source #leak #darw1n
Bootkit: https://github.com/Darkabode/zerokit
Usermode Part: https://github.com/Darkabode/possessor
Server Controller Part: https://github.com/Darkabode/0ctrl
Some shared Code: https://github.com/Darkabode/0lib
Analysis GAPZ Bootkit: https://www.welivesecurity.com/wp-content/uploads/2013/04/gapz-bootkit-whitepaper.pdf
#vx #rootkit #bootkit #re #source #leak #darw1n
GitHub
GitHub - Darkabode/zerokit: Zerokit/GAPZ rootkit (non buildable and only for researching)
Zerokit/GAPZ rootkit (non buildable and only for researching) - Darkabode/zerokit
Analysis of a Chrome Zero Day: CVE-2019-5786
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analysis-of-a-chrome-zero-day-cve-2019-5786/
#re #expdev #browser #filereader #win32 #darw1n
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analysis-of-a-chrome-zero-day-cve-2019-5786/
#re #expdev #browser #filereader #win32 #darw1n
McAfee Blog
Cybersecurity News and Insights to Stay Safe Online | McAfee Blog
Welcome to the McAfee Blog, where we share posts about security solutions and products to keep you and your connected family safe online.
Alternative methods of becoming SYSTEM
For many pentesters, Meterpreter's getsystem command has become the default method of gaining SYSTEM account privileges, but have you ever have wondered just how this works behind the scenes?
https://blog.xpnsec.com/becoming-system/
#re #expdev #getsystem #meterpeter #howitworks #darw1n
For many pentesters, Meterpreter's getsystem command has become the default method of gaining SYSTEM account privileges, but have you ever have wondered just how this works behind the scenes?
https://blog.xpnsec.com/becoming-system/
#re #expdev #getsystem #meterpeter #howitworks #darw1n
XPN InfoSec Blog
@_xpn_ - Alternative methods of becoming SYSTEM
For many pentesters, Meterpreter's getsystem command has become the default method of gaining SYSTEM account privileges, but have you ever have wondered just how this works behind the scenes? In this post I will show the details of how this technique works…
How to bypass Instagram SSL Pinning on Android (v78)
https://plainsec.org/how-to-bypass-instagram-ssl-pinning-on-android-v78/
#re #android #sslpinning #instagram #darw1n
https://plainsec.org/how-to-bypass-instagram-ssl-pinning-on-android-v78/
#re #android #sslpinning #instagram #darw1n
mkYARA - generating YARA rules based on binary code https://github.com/fox-it/mkyara #ida #reverse #dukeBarman
GitHub
GitHub - fox-it/mkYARA: Generating YARA rules based on binary code
Generating YARA rules based on binary code. Contribute to fox-it/mkYARA development by creating an account on GitHub.
Part 2 of Heap Exploitation series: Understanding the Glibc Heap: Free, Bins, Tcache https://azeria-labs.com/heap-exploitation-part-2-glibc-heap-free-bins/ #exploit #dukeBarman
Azeria-Labs
Heap Exploitation Part 2: Understanding the Glibc Heap Implementation
Migrated IDA Pro FindCrypt plugin to Ghidra https://github.com/d3v1l401/FindCrypt-Ghidra #ghidra #reverse #dukeBarman
GitHub
GitHub - d3v1l401/FindCrypt-Ghidra: IDA Pro's FindCrypt ported to Ghidra, with an updated and customizable signature database
IDA Pro's FindCrypt ported to Ghidra, with an updated and customizable signature database - d3v1l401/FindCrypt-Ghidra
A few Ghidra tips for IDA users, part 0 - automatic comments for API call parameters https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+0+automatic+comments+for+API+call+parameters/24806/ #ghidra #reverse #dukeBarman
r2frida v3.4.0 was released https://github.com/nowsecure/r2frida/releases/tag/v3.4.0 #radare2 #frida #dukeBarman
Ghidra Plugin Development for Vulnerability Research - Part-1 https://www.somersetrecon.com/blog/2019/ghidra-plugin-development-for-vulnerability-research-part-1 #ghidra #dukeBarman
Somerset Recon
Ghidra Plugin Development for Vulnerability Research - Part-1 — Somerset Recon
Overview On March 5th at the RSA security conference, the National Security Agency (NSA) released a reverse engineering tool called Ghidra. Similar to IDA Pro, Ghidra is a disassembler and decompiler with many powerful features (e.g., plugin support,…
Pwn2Own 2018: Safari RCE, sandbox escape + LPE to kernel for macOS 10.13.3 full exploit chain details
https://github.com/saelo/pwn2own2018
#re #expdev #rce #lpe #macos #browser #pwn2own #darw1n
https://github.com/saelo/pwn2own2018
#re #expdev #rce #lpe #macos #browser #pwn2own #darw1n
GitHub
GitHub - saelo/pwn2own2018: A Pwn2Own exploit chain
A Pwn2Own exploit chain. Contribute to saelo/pwn2own2018 development by creating an account on GitHub.
User-Friendly Fuzzing with Sienna Locomotive https://blog.trailofbits.com/2019/04/08/user-friendly-fuzzing-with-sienna-locomotive/ #fuzzing #dukeBarman
The Trail of Bits Blog
User-Friendly Fuzzing with Sienna Locomotive
Fuzzing is a great way to find bugs in software, but many developers don’t use it. We hope to change that today with the release of Sienna Locomotive, a new open-source fuzzer for Windows that emphasizes usability. Sienna Locomotive aims to make fuzzing accessible…
Videos from OffensiveCon 2019 https://www.youtube.com/channel/UCMNvAtT4ak2azKNk6UlB1QQ/featured #videos #conference #dukeBarman
QScripts – IDA Scripting productivity tool http://0xeb.net/2019/04/ida-qscripts/ #ida #reverse #dukeBarman
Shortjump!
QScripts – IDA Scripting productivity tool
Just a quick post to introduce QScripts. QScripts is a productivity tool that helps IDA users speed up their scripts development. The idea for QScripts sprang from my autox script that I wrote for …