Speakeasy is a portable, modular, binary emulator designed to emulate Windows kernel and user mode malware
Code: https://github.com/fireeye/speakeasy
Article: https://www.fireeye.com/blog/threat-research/2020/08/emulation-of-malicious-shellcode-with-speakeasy.html
#reverse #malware #dukeBarman
Code: https://github.com/fireeye/speakeasy
Article: https://www.fireeye.com/blog/threat-research/2020/08/emulation-of-malicious-shellcode-with-speakeasy.html
#reverse #malware #dukeBarman
GitHub
GitHub - mandiant/speakeasy: Windows kernel and user mode emulation.
Windows kernel and user mode emulation. Contribute to mandiant/speakeasy development by creating an account on GitHub.
How To Reverse Engineer RC4 Crypto For Malware Analysis https://www.youtube.com/watch?v=-EQKiIbOLEc #reverse #malware #ghidra #dukeBarman
YouTube
How To Reverse Engineer RC4 Crypto For Malware Analysis
View our malware analysis training: https://AGDCservices.com/training/
Follow me on Twitter for RE tips and resources: https://twitter.com/AGDCservices
View our malware analysis products to aid in your RE efforts (Ghidra / python scripts, tools, and individual…
Follow me on Twitter for RE tips and resources: https://twitter.com/AGDCservices
View our malware analysis products to aid in your RE efforts (Ghidra / python scripts, tools, and individual…
VM Detection Tricks, Part 1: Physical memory resource maps
In this series we’ll document a novel and as-yet-undocumented Virtual Machine detection trick for each month of 2021. These detection tricks will be focused on 64-bit Windows 10 or Windows Server 2019 guests, targeting a variety of VM platforms.
https://labs.nettitude.com/blog/vm-detection-tricks-part-1-physical-memory-resource-maps/
#reverse #detect #vm #malware #redteam #darw1n
In this series we’ll document a novel and as-yet-undocumented Virtual Machine detection trick for each month of 2021. These detection tricks will be focused on 64-bit Windows 10 or Windows Server 2019 guests, targeting a variety of VM platforms.
https://labs.nettitude.com/blog/vm-detection-tricks-part-1-physical-memory-resource-maps/
#reverse #detect #vm #malware #redteam #darw1n
LRQA
VM Detection Tricks, Part 1: Physical memory resource maps
In this series we’ll document a novel and as-yet-undocumented Virtual Machine detection trick for each month of 2021. These detection tricks will be focused on 64-bit Windows 10 or Windows Server 2019 guests, targeting a variety of VM platforms.
Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.
https://github.com/D3VI5H4/Antivirus-Artifacts
#malware #av #redteam #artifacts #darw1n
https://github.com/D3VI5H4/Antivirus-Artifacts
#malware #av #redteam #artifacts #darw1n
GitHub
GitHub - ethereal-vx/Antivirus-Artifacts: Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes…
Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot. - ethereal-vx/Antivirus-Artifacts
Free Malware Analysis training. Volume 1 via hasherezade https://github.com/hasherezade/malware_training_vol1 (in progress) #reverse #malware #dukeBarman
GitHub
GitHub - hasherezade/malware_training_vol1: Materials for Windows Malware Analysis training (volume 1)
Materials for Windows Malware Analysis training (volume 1) - hasherezade/malware_training_vol1
FIN7: Lizar toolkit architecture
https://bi-zone.medium.com/from-pentest-to-apt-attack-cybercriminal-group-fin7-disguises-its-malware-as-an-ethical-hackers-c23c9a75e319
#malware #analysis #darw1n
https://bi-zone.medium.com/from-pentest-to-apt-attack-cybercriminal-group-fin7-disguises-its-malware-as-an-ethical-hackers-c23c9a75e319
#malware #analysis #darw1n
Medium
From pentest to APT attack: cybercriminal group FIN7 disguises its malware as an ethical hacker’s…
The article was prepared by BI.ZONE Cyber Threats Research Team
Nim implementation of Process Hollowing using syscalls (for educational purposes)
https://github.com/snovvcrash/NimHollow
#malware #redteam #processhollowing #inject #darw1n
https://github.com/snovvcrash/NimHollow
#malware #redteam #processhollowing #inject #darw1n
Anubis Android Malware Analysis / Source Code https://forum.reverse4you.org/t/anubis-android-malware-analysis/16982 #reverse #mobile #malware #anroid #anubis #analysis #darw1n
R0 CREW
Anubis Android Malware / Source Code / Leaked
Anubis is one of the most well-known malware in the Android Malware family. It’s still popular for threat actors today, given its capabilities and the damage it has done to andorid users in the past. On the other hand, it offers many Malware Developers the…
JavaScript Deobfuscator and Unpacker https://forum.reverse4you.org/t/javascript-deobfuscator-and-unpacker/16986 #tools #malware #javascript #unpack #obfuscation #darw1n
R0 CREW
JavaScript Deobfuscator and Unpacker
Online: https://lelinhtinh.github.io/de4js/ Github: GitHub - lelinhtinh/de4js: JavaScript Deobfuscator and Unpacker
SleepyCrypt: Encrypting a running PE image while it sleeps
https://forum.reverse4you.org/t/sleepycrypt-encrypting-a-running-pe-image-while-it-sleeps/17116
#malware #redteam #tips #encrypt #protection #windows #cobaltstrike #Octopus
https://forum.reverse4you.org/t/sleepycrypt-encrypting-a-running-pe-image-while-it-sleeps/17116
#malware #redteam #tips #encrypt #protection #windows #cobaltstrike #Octopus
R0 CREW
SleepyCrypt: Encrypting a running PE image while it sleeps
Introduction In the course of building a custom C2 framework, I frequently find features from other frameworks I’d like to implement. Cobalt Strike is obviously a major source of inspiration, given its maturity and large feature set. The only downside to…
Richkware a framework for building Windows malware, written in C++
https://forum.reverse4you.org/t/richkware-a-framework-for-building-windows-malware-written-in-c/17103
#tools #redteam #malware #framework #agent #Karina
https://forum.reverse4you.org/t/richkware-a-framework-for-building-windows-malware-written-in-c/17103
#tools #redteam #malware #framework #agent #Karina
R0 CREW
Richkware a framework for building Windows malware, written in C++
Description Richkware is a library of network and OS functions, that you can use to create malware. The composition of these functions permits the application to assume behaviors referable to the following types of malware: Virus Worms Bot Spyware Keylogger…
HashDB is a free community-sourced library of hashing algorithms used in malware, with an IDA plugin!
⚙️API
https://hashdb.openanalysis.net/
🧩IDA Plugin
https://github.com/OALabs/hashdb-ida
👾 Add Custom Algorithms
https://github.com/OALabs/hashdb
#malware #idapro #plugin #hashlib #KosBeg
⚙️API
https://hashdb.openanalysis.net/
🧩IDA Plugin
https://github.com/OALabs/hashdb-ida
👾 Add Custom Algorithms
https://github.com/OALabs/hashdb
#malware #idapro #plugin #hashlib #KosBeg
GitHub
GitHub - OALabs/hashdb-ida: HashDB API hash lookup plugin for IDA Pro
HashDB API hash lookup plugin for IDA Pro. Contribute to OALabs/hashdb-ida development by creating an account on GitHub.
easy-kernelmapper: map your driver with a batch
Intro - https://www.unknowncheats.me/forum/anti-cheat-bypass/476567-easy-kernelmapper-map-driver-batch.html
Repo - https://github.com/0dayatday0/BattleFN-cheat-analysis
Analysis - https://github.com/0dayatday0/BattleFN-cheat-analysis/blob/main/cheat-analysis.pdf
#re #cheat #gamehack #malware #redteam #kernel #driver #0dayatday0
Intro - https://www.unknowncheats.me/forum/anti-cheat-bypass/476567-easy-kernelmapper-map-driver-batch.html
Repo - https://github.com/0dayatday0/BattleFN-cheat-analysis
Analysis - https://github.com/0dayatday0/BattleFN-cheat-analysis/blob/main/cheat-analysis.pdf
#re #cheat #gamehack #malware #redteam #kernel #driver #0dayatday0
👍1
A Comprehensive Guide to Hooking Windows APIs with Python
https://forum.reverse4you.org/t/a-comprehensive-guide-to-hooking-windows-apis-with-python/18152
#reverse #malware #inject #hook #tips #darw1n
https://forum.reverse4you.org/t/a-comprehensive-guide-to-hooking-windows-apis-with-python/18152
#reverse #malware #inject #hook #tips #darw1n
R0 CREW
A Comprehensive Guide to Hooking Windows APIs with Python
Developers apply API hooking practices to better understand how a system works, alter the behavior of an operating system or an application, detect malicious code, and build strong products. The majority of guides and tutorials on Windows API hooking are…
👍12🔥11
The FLARE Obfuscated String Solver (FLOSS) has been supporting analysts to extract hidden strings from malware samples for many years now. Over the last few months, we’ve added new functionality and improved the tool’s performance. In this blog post we will share exciting new features and improvements including a new string deobfuscation technique, simplified tool usage, and much faster result output.
https://www.mandiant.com/resources/floss-version-2
#malware #reverse #tools #SoGood0x1
https://www.mandiant.com/resources/floss-version-2
#malware #reverse #tools #SoGood0x1
Google Cloud Blog
FLOSS Version 2.0 | Mandiant | Google Cloud Blog
❤10👍8
Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)
https://github.com/memN0ps/bootkit-rs
#redteam #malware #bootkit #windows #rust
https://github.com/memN0ps/bootkit-rs
#redteam #malware #bootkit #windows #rust
GitHub
GitHub - memN0ps/redlotus-rs: Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)
Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus) - memN0ps/redlotus-rs
🔥5👍1
WindowsNoExec - Abusing existing instructions to executing arbitrary code without allocating executable memory
https://www.x86matthew.com/view_post?id=windows_no_exec
#windows #ctf #malware #tips
https://www.x86matthew.com/view_post?id=windows_no_exec
#windows #ctf #malware #tips
🔥6
Process Injection without R/W target memory and without creating a remote thread
https://github.com/Maff1t/InjectNtdllPOC
#windows #redteam #ctf #malware #tips
https://github.com/Maff1t/InjectNtdllPOC
#windows #redteam #ctf #malware #tips
GitHub
GitHub - Maff1t/InjectNtdllPOC: Process Injection without R/W target memory and without creating a remote thread
Process Injection without R/W target memory and without creating a remote thread - Maff1t/InjectNtdllPOC
🔥16👍3
Centralized resource for listing and organizing known injection techniques and POCs
https://github.com/itaymigdal/awesome-injection
#redteam #malware #process #inject
https://github.com/itaymigdal/awesome-injection
#redteam #malware #process #inject
GitHub
GitHub - itaymigdal/awesome-injection: Centralized resource for listing and organizing known injection techniques and POCs
Centralized resource for listing and organizing known injection techniques and POCs - itaymigdal/awesome-injection
🔥8👍5