MalDev | Asm | C | C++
Joined April 2022
- Tweets 1,087
- Following 558
- Followers 1,513
- Likes 3,934
Pinned Tweet
Wrote an RDI today using @deadvolvo's writeup as a guide. I learned a ton going through the process.
If you haven't checked it out, you're missing out.
blog.malicious.group/writing…
29
100
I just wrote a simple assembly block for dynamically finding the syscall numbers on Windows :P github.com/EgeBalci/syscall_…
1
29
82
Steve S. retweeted
Sliver comms from a threat hunter's perspective, by Kevin Breen of @immersivelabs
#redteam
immersivelabs.com/blog/detec…
43
1
112
Steve S. retweeted
A few methods to play with Windows Defender, by FO-Sec
#redteam
https[:]//www.fo-sec.com/articles/10-defender-bypass-methods
4
78
251
Steve S. retweeted
Join g0tmi1k, the Lead Developer for @kalilinux, alongside other Kali team members on the Kali Linux & Friends Discord Server to discuss the latest release: offs.ec/3WK38Ca
🗓️ Wednesday, June 7th at 12 p.m. EDT
2
15
1
90
Steve S. retweeted
cocomelonc.github.io/malware… next trick in my blog. #cybersec #cybersecurity #informationsecurity #malware #malwaredev #malwareanalysis #hacking #redteam #blueteam #purpleteam #winapi #ethicalhacking #windows #windowssecurity #programming #research
1
32
121
Steve S. retweeted
We’ve successfully integrated malware sandboxing into MS Outlook for incoming email attachments.
Get a sneak peek of our game-changing plugin in the works: Malcore OfficeShield! Seamlessly integrating with MS Outlook, this powerful tool scans your incoming attachments, keeping your inbox secure and worry-free! Stay tuned for its release!
2
5
"Although the code and the technique was copied from the mrd0x original blogpost dating back to 2022, the analysed document is currently only detected by one antivirus engine on VirusTotal (eScan) at the time of writing." 🤔
blog.sekoia.io/apt28-leverag…
3
44
190
Steve S. retweeted
MIT is offering free online courses.
Now you too can learn elite-level knowledge:
No textbooks, no tuition payments.
Here are 7 FREE courses you don't want to miss:
136
1,857
54
6,044
Steve S. retweeted
So GigaByte Control Center adds a GCC-Filedrop user account to enable 'file transfer' functionality between hosts running their Control Center software... but then configures it with a default "gbt123gcc" password. 🤔
I bet many of you "gamers" didn't know that your giga-byte vendor even added a backdoor user account to your box as "GCC-Filedrop" ... wonder what THAT does eh? :))))
Show this thread
13
169
13
474
Wrote an RDI today using @deadvolvo's writeup as a guide. I learned a ton going through the process.
If you haven't checked it out, you're missing out.
blog.malicious.group/writing…
29
100
Steve S. retweeted
BIG NEWS EVERYONE! Relaunching my store!! It's new & improved!!! Can you believe it?? I've got pins, beanies, and two shirts available for pre-order (Shipping June)! Go check it out!! Get yourself something nice!!!
Okay. Thanks :) nickeldoodle.myshopify.com/
6
91
2
377
KittyStager
A simple stage 0 C2. It is made of a web server to host the shellcode and an implant, called kitten. The purpose of this project is to be able to have a web server and some kitten and be able to use the with any shellcode.
… t.me/hackgit/8926
3
53
156
Steve S. retweeted
Back to Vegas! Workshop submission for @RedTeamVillage_ at @defcon 31 was accepted. Prepare for an amazing journey from high to low.
#redteam #itsec #defcon
7
22
1
101
Steve S. retweeted
This was gonna be one of my talks and research projects
Infecting ASAR / Electron apps is fully possible like old school exe files in Windows
Hats off to who ever did this ITW
I have POCs against the following:
Logitech logiOptions
Nvidia Geforce Experience
Slack
Discord
- vx-underground releases research on infecting Discord ASAR files for persistence and abuse, September 20th, 2021
- Twitter nerds: 😴
- Threat Actor uses it exactly as described in the paper and uses some of the code
- Security Vendors:
5
16
1
84
