JavaScript Anti-Debugging Tricks https://forum.reverse4you.org/showthread.php?t=3055 #re #javascript #malware #tips #antidebug #darw1n
R0 CREW
JavaScript Anti-Debugging Tricks
Оригинал: x-c3ll.github.io Прошлым летом я много времени беседовал с @cgvwzq о трюках с антиотладкой в JavaScript. Мы пытались найти ресурсы или статьи, в которых эта тема была бы проанализирована, но документация оказалась плохой и в основном неполной.…
Defeating Ptrace Anti-Debug
https://aaronyoo.github.io/ptrace-anti-debug.html
#re #tips #linux #antidebug #darw1n
https://aaronyoo.github.io/ptrace-anti-debug.html
#re #tips #linux #antidebug #darw1n
IDA Pro Tips to Add to Your Bag of Tricks
https://swarm.ptsecurity.com/ida-pro-tips/
#revese #ida #tips #darw1n
https://swarm.ptsecurity.com/ida-pro-tips/
#revese #ida #tips #darw1n
PT SWARM
IDA Pro Tips to Add to Your Bag of Tricks
This article is a selection of tips for IDA Pro
SleepyCrypt: Encrypting a running PE image while it sleeps
https://forum.reverse4you.org/t/sleepycrypt-encrypting-a-running-pe-image-while-it-sleeps/17116
#malware #redteam #tips #encrypt #protection #windows #cobaltstrike #Octopus
https://forum.reverse4you.org/t/sleepycrypt-encrypting-a-running-pe-image-while-it-sleeps/17116
#malware #redteam #tips #encrypt #protection #windows #cobaltstrike #Octopus
R0 CREW
SleepyCrypt: Encrypting a running PE image while it sleeps
Introduction In the course of building a custom C2 framework, I frequently find features from other frameworks I’d like to implement. Cobalt Strike is obviously a major source of inspiration, given its maturity and large feature set. The only downside to…
A Comprehensive Guide to Hooking Windows APIs with Python
https://forum.reverse4you.org/t/a-comprehensive-guide-to-hooking-windows-apis-with-python/18152
#reverse #malware #inject #hook #tips #darw1n
https://forum.reverse4you.org/t/a-comprehensive-guide-to-hooking-windows-apis-with-python/18152
#reverse #malware #inject #hook #tips #darw1n
R0 CREW
A Comprehensive Guide to Hooking Windows APIs with Python
Developers apply API hooking practices to better understand how a system works, alter the behavior of an operating system or an application, detect malicious code, and build strong products. The majority of guides and tutorials on Windows API hooking are…
👍12🔥11
One I/O Ring to Rule Them All: A Full Read/Write Exploit Primitive on Windows 11
https://windows-internals.com/one-i-o-ring-to-rule-them-all-a-full-read-write-exploit-primitive-on-windows-11/
https://github.com/yardenshafir/IoRingReadWritePrimitive
#expdev #windows #kernel #expolit #tips #Aligner
https://windows-internals.com/one-i-o-ring-to-rule-them-all-a-full-read-write-exploit-primitive-on-windows-11/
https://github.com/yardenshafir/IoRingReadWritePrimitive
#expdev #windows #kernel #expolit #tips #Aligner
GitHub
GitHub - yardenshafir/IoRingReadWritePrimitive: Post exploitation technique to turn arbitrary kernel write / increment into full…
Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2 - yardenshafir/IoRingReadWritePrimitive
🔥9👍7
WindowsNoExec - Abusing existing instructions to executing arbitrary code without allocating executable memory
https://www.x86matthew.com/view_post?id=windows_no_exec
#windows #ctf #malware #tips
https://www.x86matthew.com/view_post?id=windows_no_exec
#windows #ctf #malware #tips
🔥6
Process Injection without R/W target memory and without creating a remote thread
https://github.com/Maff1t/InjectNtdllPOC
#windows #redteam #ctf #malware #tips
https://github.com/Maff1t/InjectNtdllPOC
#windows #redteam #ctf #malware #tips
GitHub
GitHub - Maff1t/InjectNtdllPOC: Process Injection without R/W target memory and without creating a remote thread
Process Injection without R/W target memory and without creating a remote thread - Maff1t/InjectNtdllPOC
🔥16👍3