Mastodon

OTX BotRemcos RAT Malware Disguised as Major Carrier's WaybillA sophisticated malware campaign has been discovered, utilizing the Remcos RAT disguised as a shipping company waybill. The attack begins with an email containing an HTML script, which when executed, downloads a JavaScript file. This file creates and downloads several components, including a configuration file, an encoded Remcos binary, a legitimate AutoIt loader, and a malicious AutoIt script. The AutoIt script employs evasion techniques, establishes persistence, decrypts the Remcos binary, and executes shellcode. The shellcode injects Remcos into a legitimate process (RegSvcs.exe) using various API calls. The Remcos RAT, once active, can steal information and execute remote commands based on C2 instructions. The campaign demonstrates the evolving tactics of cybercriminals, emphasizing the need for caution when handling emails from unknown sources.Pulse ID: 67ebfc9f824c09e5b3ce991b Pulse Link: <a href="https://otx.alienvault.com/pulse/67ebfc9f824c09e5b3ce991b" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67ebfc9f824c09e5b3ce991b</a> Pulse Author: AlienVault Created: 2025-04-01 14:47:59Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Autoit" class="mention hashtag" rel="nofollow noopener" target="_blank">#Autoit</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener" target="_blank">#Email</a> <a href="https://social.raytec.co/tags/HTML" class="mention hashtag" rel="nofollow noopener" target="_blank">#HTML</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Java" class="mention hashtag" rel="nofollow noopener" target="_blank">#Java</a> <a href="https://social.raytec.co/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#JavaScript</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#RCE</a> <a href="https://social.raytec.co/tags/Remcos" class="mention hashtag" rel="nofollow noopener" target="_blank">#Remcos</a> <a href="https://social.raytec.co/tags/RemcosRAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RemcosRAT</a> <a href="https://social.raytec.co/tags/ShellCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShellCode</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

OTX BotOperation HollowQuill: Russian R&D Networks Targeted via Decoy PDFsOperation HollowQuill targets Russian research and defense networks, particularly the Baltic State Technical University, using weaponized decoy documents disguised as research invitations. The attack chain involves a malicious RAR file containing a .NET dropper, which deploys a Golang-based shellcode loader and a legitimate OneDrive application. The final payload is a Cobalt Strike beacon. The campaign focuses on academic institutions, military and defense industries, aerospace and missile technology, and government-oriented research entities within the Russian Federation. The threat actor employs sophisticated techniques, including anti-analysis measures, APC injection, and infrastructure rotation across multiple ASNs.Pulse ID: 67ea888fa30c32d310f46b3c Pulse Link: <a href="https://otx.alienvault.com/pulse/67ea888fa30c32d310f46b3c" rel="nofollow noopener" translate="no" target="_blank">https://otx.alienvault.com/pulse/67ea888fa30c32d310f46b3c</a> Pulse Author: AlienVault Created: 2025-03-31 12:20:31Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener" target="_blank">#CobaltStrike</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/EDR" class="mention hashtag" rel="nofollow noopener" target="_blank">#EDR</a> <a href="https://social.raytec.co/tags/Golang" class="mention hashtag" rel="nofollow noopener" target="_blank">#Golang</a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener" target="_blank">#Government</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Military" class="mention hashtag" rel="nofollow noopener" target="_blank">#Military</a> <a href="https://social.raytec.co/tags/NET" class="mention hashtag" rel="nofollow noopener" target="_blank">#NET</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/PDF" class="mention hashtag" rel="nofollow noopener" target="_blank">#PDF</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a> <a href="https://social.raytec.co/tags/ShellCode" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShellCode</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlienVault</a>

h o ʍ l e t t→ <a href="https://mamot.fr/tags/Speedrunners" class="mention hashtag" rel="nofollow noopener" target="_blank">#Speedrunners</a> are <a href="https://mamot.fr/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#vulnerability</a> researchers, they just don't know it yet <a href="https://zetier.com/speedrunners-are-vulnerability-researchers/" rel="nofollow noopener" translate="no" target="_blank">https://zetier.com/speedrunners-are-vulnerability-researchers/</a>“Super Mario World runners will place items in extremely precise locations so that the X,Y coordinates form <a href="https://mamot.fr/tags/shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#shellcode</a> they can jump to with a dangling reference. Legend of <a href="https://mamot.fr/tags/Zelda" class="mention hashtag" rel="nofollow noopener" target="_blank">#Zelda</a>: Ocarina of Time players will do heap grooming and write a <a href="https://mamot.fr/tags/function" class="mention hashtag" rel="nofollow noopener" target="_blank">#function</a> pointer […] so the game “wrong warps” directly to the <a href="https://mamot.fr/tags/end" class="mention hashtag" rel="nofollow noopener" target="_blank">#end</a> <a href="https://mamot.fr/tags/credit" class="mention hashtag" rel="nofollow noopener" target="_blank">#credit</a> sequence… with nothing more than a <a href="https://mamot.fr/tags/game" class="mention hashtag" rel="nofollow noopener" target="_blank">#game</a> <a href="https://mamot.fr/tags/controller" class="mention hashtag" rel="nofollow noopener" target="_blank">#controller</a> and a steady <a href="https://mamot.fr/tags/hand" class="mention hashtag" rel="nofollow noopener" target="_blank">#hand</a>”<a href="https://mamot.fr/tags/Mario" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mario</a>

Pyrzout :vm:SideWinder targets the maritime and nuclear sectors with an updated toolset – Source: securelist.com <a href="https://ciso2ciso.com/sidewinder-targets-the-maritime-and-nuclear-sectors-with-an-updated-toolset-source-securelist-com/" rel="nofollow noopener" translate="no" target="_blank">https://ciso2ciso.com/sidewinder-targets-the-maritime-and-nuclear-sectors-with-an-updated-toolset-source-securelist-com/</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT</a>(Targetedattacks) <a href="https://social.skynetcloud.site/tags/MalwareDescriptions" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareDescriptions</a> <a href="https://social.skynetcloud.site/tags/MalwareTechnologies" class="mention hashtag" rel="nofollow noopener" target="_blank">#MalwareTechnologies</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/Targetedattacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#Targetedattacks</a> <a href="https://social.skynetcloud.site/tags/Defenseevasion" class="mention hashtag" rel="nofollow noopener" target="_blank">#Defenseevasion</a> <a href="https://social.skynetcloud.site/tags/Windowsmalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windowsmalware</a> <a href="https://social.skynetcloud.site/tags/securelistcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#securelistcom</a> <a href="https://social.skynetcloud.site/tags/spearphishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#spearphishing</a> <a href="https://social.skynetcloud.site/tags/APTreports" class="mention hashtag" rel="nofollow noopener" target="_blank">#APTreports</a> <a href="https://social.skynetcloud.site/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#JavaScript</a> <a href="https://social.skynetcloud.site/tags/SideWinder" class="mention hashtag" rel="nofollow noopener" target="_blank">#SideWinder</a> <a href="https://social.skynetcloud.site/tags/shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#shellcode</a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> #.NET <a href="https://social.skynetcloud.site/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT</a> <a href="https://social.skynetcloud.site/tags/HTA" class="mention hashtag" rel="nofollow noopener" target="_blank">#HTA</a>

cryptaxDecai decompiling a malicious shellcode. The instructions are not so readable, if you're not used to syscalls int 0x80. AI does it for you.<a href="https://asciinema.org/a/4PY8wn2TPg2oBdDQ0Q5bgMYjk" rel="nofollow noopener" translate="no" target="_blank">https://asciinema.org/a/4PY8wn2TPg2oBdDQ0Q5bgMYjk</a><a href="https://mastodon.social/tags/r2ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#r2ai</a> <a href="https://mastodon.social/tags/decai" class="mention hashtag" rel="nofollow noopener" target="_blank">#decai</a> <a href="https://mastodon.social/tags/r2" class="mention hashtag" rel="nofollow noopener" target="_blank">#r2</a> <a href="https://mastodon.social/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> <a href="https://mastodon.social/tags/shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#shellcode</a> <a href="https://mastodon.social/tags/syscall" class="mention hashtag" rel="nofollow noopener" target="_blank">#syscall</a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a>

postmodernWhat are people using as a syscall database?<a href="https://infosec.exchange/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#reverseengineering</a> <a href="https://infosec.exchange/tags/assembly" class="mention hashtag" rel="nofollow noopener" target="_blank">#assembly</a> <a href="https://infosec.exchange/tags/asm" class="mention hashtag" rel="nofollow noopener" target="_blank">#asm</a> <a href="https://infosec.exchange/tags/shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#shellcode</a>

Pyrzout :vm:Shellcode over MIDI? Bad Apple on a PSR-E433, Kinda <a href="https://hackaday.com/2025/01/23/shellcode-over-midi-bad-apple-on-a-psr-e433-kinda/" rel="nofollow noopener" translate="no" target="_blank">https://hackaday.com/2025/01/23/shellcode-over-midi-bad-apple-on-a-psr-e433-kinda/</a> <a href="https://social.skynetcloud.site/tags/ReverseEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#ReverseEngineering</a> <a href="https://social.skynetcloud.site/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#reverseengineering</a> <a href="https://social.skynetcloud.site/tags/MusicalHacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#MusicalHacks</a> <a href="https://social.skynetcloud.site/tags/shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#shellcode</a> <a href="https://social.skynetcloud.site/tags/badapple" class="mention hashtag" rel="nofollow noopener" target="_blank">#badapple</a> <a href="https://social.skynetcloud.site/tags/yamaha" class="mention hashtag" rel="nofollow noopener" target="_blank">#yamaha</a> <a href="https://social.skynetcloud.site/tags/video" class="mention hashtag" rel="nofollow noopener" target="_blank">#video</a> <a href="https://social.skynetcloud.site/tags/midi" class="mention hashtag" rel="nofollow noopener" target="_blank">#midi</a>

IT NewsShellcode over MIDI? Bad Apple on a PSR-E433, Kinda - If hacking on consumer hardware is about figuring out what it can do, and pushing ... - <a href="https://hackaday.com/2025/01/23/shellcode-over-midi-bad-apple-on-a-psr-e433-kinda/" rel="nofollow noopener" translate="no" target="_blank">https://hackaday.com/2025/01/23/shellcode-over-midi-bad-apple-on-a-psr-e433-kinda/</a> <a href="https://schleuss.online/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#reverseengineering</a> <a href="https://schleuss.online/tags/musicalhacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#musicalhacks</a> <a href="https://schleuss.online/tags/shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#shellcode</a> <a href="https://schleuss.online/tags/badapple" class="mention hashtag" rel="nofollow noopener" target="_blank">#badapple</a> <a href="https://schleuss.online/tags/yamaha" class="mention hashtag" rel="nofollow noopener" target="_blank">#yamaha</a> <a href="https://schleuss.online/tags/video" class="mention hashtag" rel="nofollow noopener" target="_blank">#video</a> <a href="https://schleuss.online/tags/midi" class="mention hashtag" rel="nofollow noopener" target="_blank">#midi</a>

Alexandre BorgesThe nineth article (38 pages) of the Malware Analysis Series (MAS) is available on:<a href="https://exploitreversing.com/2025/01/08/malware-analysis-series-mas-article-09/" rel="nofollow noopener" translate="no" target="_blank">https://exploitreversing.com/2025/01/08/malware-analysis-series-mas-article-09/</a>I would like to thank Ilfak Guilfanov @ilfak and <a href="https://infosec.exchange/@HexRaysSA" class="u-url mention" rel="nofollow noopener" target="_blank">@HexRaysSA</a> (on X) for their constant and uninterrupted support, which have helped me write these articles.Even though I haven't been on this subject for years, I promised I would write a series of ten articles, and the last one will be released next week (JAN/15).Have a great day.<a href="https://infosec.exchange/tags/windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#windows</a> <a href="https://infosec.exchange/tags/shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#shellcode</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#reverseengineering</a> <a href="https://infosec.exchange/tags/reversing" class="mention hashtag" rel="nofollow noopener" target="_blank">#reversing</a> <a href="https://infosec.exchange/tags/idapro" class="mention hashtag" rel="nofollow noopener" target="_blank">#idapro</a> <a href="https://infosec.exchange/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#malwareanalysis</a>

postmodernIs there an example of shellcode or other malware needing to use Floating Point assembly instructions?<a href="https://infosec.exchange/tags/shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#shellcode</a> <a href="https://infosec.exchange/tags/asm" class="mention hashtag" rel="nofollow noopener" target="_blank">#asm</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a>

st1nger :unverified: 🏴‍☠️ :linux: :freebsd:World’s First MIDI <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#RCE</a> <a href="https://infosec.exchange/tags/Shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#Shellcode</a> <a href="https://psi3.ru/blog/swl01u/" rel="nofollow noopener" translate="no" target="_blank">https://psi3.ru/blog/swl01u/</a>

kriware :verified:Basics of Windows shellcode writingDive into crafting Windows shellcode, from assembly basics to execution techniques. Essential for exploit development and system understanding.<a href="https://idafchev.github.io/exploit/2017/09/26/writing_windows_shellcode.html" rel="nofollow noopener" translate="no" target="_blank">https://idafchev.github.io/exploit/2017/09/26/writing_windows_shellcode.html</a><a href="https://infosec.exchange/tags/shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#shellcode</a> <a href="https://infosec.exchange/tags/windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#windows</a>

Habr[Перевод] Создание Powershell Shellcode Downloader для обхода Defender (Без обхода Amsi)Сегодня я покажу, как модифицировать powershell shellcode runner для загрузки и выполнения нагрузки в обход Windows Defender. Я буду использовать shellcode runner, который применял ранее: <a href="https://github.com/dievus/PowerShellRunner/blob/main/runner.ps1" rel="nofollow noopener" translate="no" target="_blank">https://github.com/dievus/PowerShellRunner/blob/main/runner.ps1</a> Для демонстрации я использую виртуальную машину Windows с временно отключённым Defender. Я скопирую код и создам на его основе новый файл, используя PowerShell ISE.<a href="https://habr.com/ru/articles/868622/" rel="nofollow noopener" translate="no" target="_blank">https://habr.com/ru/articles/868622/</a><a href="https://zhub.link/tags/paylaoad" class="mention hashtag" rel="nofollow noopener" target="_blank">#paylaoad</a> <a href="https://zhub.link/tags/shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#shellcode</a> <a href="https://zhub.link/tags/av" class="mention hashtag" rel="nofollow noopener" target="_blank">#av</a> <a href="https://zhub.link/tags/bypass" class="mention hashtag" rel="nofollow noopener" target="_blank">#bypass</a> <a href="https://zhub.link/tags/%D0%B8%D0%BD%D1%84%D0%BE%D1%80%D0%BC%D0%B0%D1%86%D0%B8%D0%BE%D0%BD%D0%BD%D0%B0%D1%8F_%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D1%8C" class="mention hashtag" rel="nofollow noopener" target="_blank">#информационная_безопасность</a> <a href="https://zhub.link/tags/%D1%85%D0%B0%D0%BA%D0%B8%D0%BD%D0%B3" class="mention hashtag" rel="nofollow noopener" target="_blank">#хакинг</a>

kriware :verified:From C to shellcode (simple way)This post explains the journey of turning C code into shellcode, including techniques to create compact and executable shellcode suitable for exploitation.<a href="https://print3m.github.io/blog/from-c-to-shellcode" rel="nofollow noopener" translate="no" target="_blank">https://print3m.github.io/blog/from-c-to-shellcode</a><a href="https://infosec.exchange/tags/shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#shellcode</a> <a href="https://infosec.exchange/tags/c" class="mention hashtag" rel="nofollow noopener" target="_blank">#c</a>

HabrThread execution hijacking. Исполнение шелл-кода в удаленном процессеВ статье разберем технику T1055.003 Подменим контекст потока удаленного процесса и рассмотрим способ доставки шелл-кода в процесс с помощью удаленного маппинга. В ОС Windows существует возможность получения контекста потока и последующего управления значениями регистров. Это дает возможность изменения потока выполнения, например, с помощью модификации регистра rip. Этим и будем пользоваться.<a href="https://habr.com/ru/articles/855710/" rel="nofollow noopener" translate="no" target="_blank">https://habr.com/ru/articles/855710/</a><a href="https://zhub.link/tags/hijacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hijacking</a> <a href="https://zhub.link/tags/shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#shellcode</a> <a href="https://zhub.link/tags/mapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#mapping</a> <a href="https://zhub.link/tags/thread" class="mention hashtag" rel="nofollow noopener" target="_blank">#thread</a>

Ricardo AlvesReady to navigate the treacherous waters of buffer overflows? Check my latest blog post: "Wherein We Study A Buffer Overflow And Ready Our Aim: testing the waters"We'll now be ready to actually exploit the return address and use it for our own means.Consider this the first step before shellcoding gallore.🦶 Dip your toe here: <a href="https://dreaming-of-dragons.blogspot.com/2024/10/wherein-we-study-buffer-overflow.html" rel="nofollow noopener" translate="no" target="_blank">https://dreaming-of-dragons.blogspot.com/2024/10/wherein-we-study-buffer-overflow.html</a><a href="https://mastodon.social/tags/Shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#Shellcode</a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/ReverseEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#ReverseEngineering</a> <a href="https://mastodon.social/tags/LowLevelProgramming" class="mention hashtag" rel="nofollow noopener" target="_blank">#LowLevelProgramming</a> <a href="https://mastodon.social/tags/TechBlog" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechBlog</a> <a href="https://mastodon.social/tags/ExploitDevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#ExploitDevelopment</a>

Ricardo AlvesReady for the troubled waters of shellcode? I'm not. Not just yet, at least. But I'm by the shore and telling you about it in my latest blog post: "Wherein We Wade Through A Shellcode Shore: before the dive"Spoiler alert: shellcode remains relevant (and fun).👉 Check out: <a href="https://dreaming-of-dragons.blogspot.com/2024/10/wherein-we-wade-through-shellcode-shore.html" rel="nofollow noopener" translate="no" target="_blank">https://dreaming-of-dragons.blogspot.com/2024/10/wherein-we-wade-through-shellcode-shore.html</a><a href="https://mastodon.social/tags/Shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#Shellcode</a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/ReverseEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#ReverseEngineering</a> <a href="https://mastodon.social/tags/LowLevelProgramming" class="mention hashtag" rel="nofollow noopener" target="_blank">#LowLevelProgramming</a> <a href="https://mastodon.social/tags/TechBlog" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechBlog</a> <a href="https://mastodon.social/tags/ExploitDevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#ExploitDevelopment</a>

cryptaxSee Sharem in action, emulating a Windows shellcode: <a href="https://www.youtube.com/watch?v=S1PI9O-q6eM" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=S1PI9O-q6eM</a>I don't think it supports Linux shellcodes, does it? Also, I wonder what disassembler it uses.NB. AI for Sharem was presented <a href="https://infosec.exchange/@VirusBulletin" class="u-url mention" rel="nofollow noopener" target="_blank">@VirusBulletin</a> <a href="https://mastodon.social/tags/vb2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#vb2024</a> <a href="https://mastodon.social/tags/shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#shellcode</a> <a href="https://mastodon.social/tags/emulation" class="mention hashtag" rel="nofollow noopener" target="_blank">#emulation</a> <a href="https://mastodon.social/tags/disassembly" class="mention hashtag" rel="nofollow noopener" target="_blank">#disassembly</a>

Revista Occam's RazorEn el número <a href="https://masto.es/tags/ROOR07" class="mention hashtag" rel="nofollow noopener" target="_blank">#ROOR07</a> iniciamos una nueva sección llamada <a href="https://masto.es/tags/AprendeHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#AprendeHacking</a> escribiendo tus propias herramientas. En este primer artículo escribimos una herramienta para volcar shellcodes<a href="https://masto.es/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hacking</a> <a href="https://masto.es/tags/Shellcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#Shellcode</a> <a href="https://masto.es/tags/Capstone" class="mention hashtag" rel="nofollow noopener" target="_blank">#Capstone</a> <a href="https://masto.es/tags/desensamblador" class="mention hashtag" rel="nofollow noopener" target="_blank">#desensamblador</a> <a href="https://masto.es/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#programming</a> <a href="https://masto.es/tags/C" class="mention hashtag" rel="nofollow noopener" target="_blank">#C</a> <a href="https://masto.es/tags/programacion" class="mention hashtag" rel="nofollow noopener" target="_blank">#programacion</a> <a href="https://ibolcode.net/roor/2024-08-volcando-shellcodes--desensamblador-basico" rel="nofollow noopener" translate="no" target="_blank">https://ibolcode.net/roor/2024-08-volcando-shellcodes--desensamblador-basico</a>

Recent searches

Search options

Administered by:

Server stats:

#shellcode