KOPYCAT - Linux Kernel module-less implant (backdoor) https://github.com/milabs/kopycat #linux #exploitation

https://github.com/PositiveTechnologies/ghidra_nodejs

GHIDRA plugin to parse, disassemble and decompile NodeJS Bytenode (JSC) binaries

#ghidra #decompiler #nodejs #reverse #DrMefistO

Flowers and chocolate cannot do what the words of love can. 💐🍰

Every woman in our lives is unique and beautiful. 😍

The power of they have inside is enormous. 🌎💋

They are stronger than anyone can imagine. 💪🚀

And we all know that this world would mean nothing without a woman. 👩‍❤️‍👨👨‍👩‍👧‍👦

So, on this special day we have an amazing opportunity to thank all of them! 🥰

Thank you for making life possible, thank you for being so different and strong! 🎂☕️👨‍🍳

🥳 Happy Women’s Day! ✨💥

Rizin and Cutter have been selected for Google Summer of Code 2021! Great opportunity for students to work with developer's teams, write code and learn about open-source! https://summerofcode.withgoogle.com/organizations/5718117306597376/ #reverse #rizin #opensource #dukeBarman

Hyper-V memory internals. Guest OS memory access

https://hvinternals.blogspot.com/2019/09/hyper-v-memory-internals-guest-os-memory-access.html

#reverse #hyperv #internals #darw1n

Hyper-V memory internals. EXO partition memory access

https://hvinternals.blogspot.com/2020/06/hyper-v-memory-internals-exo-partition.html

#reverse #hyperv #internals #darw1n

Hyper-V debugging for beginners (2nd edition)

https://hvinternals.blogspot.com/2021/01/hyper-v-debugging-for-beginners-2nd.html

#reverse #hyperv #internals #darw1n

Playing in the (Windows) Sandbox: A Windows Sandbox deep dive.

https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/

#reverse #hyperv #sandbox #internals #darw1n

CVE-2021-27365: Linux kernel LPE Exploit. Now with symbols for the latest RHEL8 kernel. Get it while it's still an 0day!

Github: https://github.com/grimm-co/NotQuite0DayFriday/tree/trunk/2021.03.12-linux-iscsi

The following report discloses three distinct vulnerabilities discovered by GRIMM while researching the Linux kernel. The first vulnerability is a heap buffer overflow, the second is a kernel pointer leak, and the third is an out-of-bounds kernel memory read. All three vulnerabilities are associated with the iSCSI subsystem.

Article: https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html?m=1

#reverse #lpe #heap #bof #expdev #linux #darw1n

VM Detection Tricks, Part 1: Physical memory resource maps

In this series we’ll document a novel and as-yet-undocumented Virtual Machine detection trick for each month of 2021. These detection tricks will be focused on 64-bit Windows 10 or Windows Server 2019 guests, targeting a variety of VM platforms.

https://labs.nettitude.com/blog/vm-detection-tricks-part-1-physical-memory-resource-maps/

#reverse #detect #vm #malware #redteam #darw1n

One day short of a full chain: Part 2 - Chrome sandbox escape

https://securitylab.github.com/research/one_day_short_of_a_fullchain_sbx

#reverse #expdev #browser #chrome #sandbox #escape #darw1n

x64dbg plugin for simple spoofing of CPUID instruction behavior

https://github.com/jonatan1024/CpuidSpoofer

#reverse #tools #plugin #x64 #debugger #hwid #darw1n

fpicker: Fuzzing with Frida

https://insinuator.net/2021/03/fpicker-fuzzing-with-frida/

Fpicker is a Frida-based coverage-guided, mostly in-process, blackbox fuzzing suite. Its most significant feature is the AFL++ proxy mode which enables blackbox in-process fuzzing with AFL++ on platforms supported by Frida.

https://github.com/ttdennis/fpicker

#reverse #afl #frida #darw1n

How I cut GTA Online loading times by 70% (how the Reverse Engineering helps to improve game and earn bug bounty at H1) https://nee.lv/2021/02/28/How-I-cut-GTA-Online-loading-times-by-70/ #reverse #dukeBarman

Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.

https://github.com/D3VI5H4/Antivirus-Artifacts

#malware #av #redteam #artifacts #darw1n

In-the-Wild Series: October 2020 0-day discovery
https://googleprojectzero.blogspot.com/2021/03/in-wild-series-october-2020-0-day.html

In October 2020, Google Project Zero discovered seven 0-day exploits being actively used in-the-wild. These exploits were delivered via "watering hole" attacks in a handful of websites pointing to two exploit servers that hosted exploit chains for Android, Windows, and iOS devices. These attacks appear to be the next iteration of the campaign discovered in February 2020 and documented in below blog posts:

Part1: Introducing the In-the-Wild Series
https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html

Part2: Chrome Infinity Bug
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html

Part3: Chrome Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html

Part4: Android Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-exploits.html

Part5: Android Post-Exploitation
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-post-exploitation.html

Part6: Windows Exploits
https://googleprojectzero.blogspot.com/2021/01/in-wild-series-windows-exploits.html

#reverse #expdev #rce #lpe #sandbox #escape #android #ios #windows #chrome #browser #darw1n

https://twitter.com/h0t_max/status/1316028532972281856?s=20

#reverse #intel #microcode

BinDiff 7 beta coming soon. Request yours here: https://docs.google.com/forms/d/e/1FAIpQLSdEPDTnopPEzbXXmTktshVfJb28YiFahYoRfya92yIi5iEFdg/viewform #reverse #dukeBarman

The IDA 7.6 was released!

https://www.hex-rays.com/products/ida/news/7_6/

#reverse #ida #KosBeg

Free Malware Analysis training. Volume 1 via hasherezade https://github.com/hasherezade/malware_training_vol1 (in progress) #reverse #malware #dukeBarman