danielsauder

Like last here here some recommendations for starting into 2019. Mainly from 35C3 and one from Bluehat. See the original thread from twitter here (It’s a bit messed up, but should be complete): A deep dive into the world of DOS viruses by @Benjojo12https://t.co/ufSYk5Bcs8 — Daniel Sauder (@DanielX4v3r) January 4, 2019 What The Fax?! by…

Now there is a setup.sh script for easier installation of AVET (thanks to https://github.com/tacticaljmp). Tested with kali linux 2018.3a. I made two short videos: After starting the script you may have to wait for a couple of minutes. Then click trough the installation routine for the compiler: … and you are done. Download AVET: https://github.com/govolution/avet

Here is the paper for the Blackhat Arsenal 2018 AVET presentation: https://govolution.files.wordpress.com/2018/08/blackhat_usa_2018_arsenal.pdf Thanks to Nina and Florian for reviewing & improving!

Since I found that some information was missing from this course https://govolution.wordpress.com/2018/06/30/review-udemy-certified-cyber-threat-intelligence-analyst/ I found a course on cybrary, which is only about 3 hours long and which is free. So the review will also be a bit shorter. For the content please review: https://www.cybrary.it/course/advanced-cyber-threat-intelligence/ Module 1 – Threat Intelligence Maturity Model is the intro, with…

As a second course (see previous blog post for the first course) I bought “Certified Cyber Threat Intelligence Analyst” which has the same instructor as “Certified Advanced Persistent Threat Analyst”. Section 1: Phases Overview The first three videos give an overview on the agenda (hunting, features&behavior extraction, attribution, tracking and take down). The two videos…

Although being a Pentester, I am also into that topic, since I also got some Incident Response experience. So I took the course as a wrap up for myself, in a special offer the course costs about 10$ instead of about 100$. The course is starting with a short introduction of the instructor, followed by…

DKMC is a tool that writes shellcode into valid pictures and was written by Mr.Un1k0d3r (https://twitter.com/MrUn1k0d3r). I wrote a PoC that can be used here (and of course also for other raw shellcode). The PoC is downloading a shellcode file into memory and then execute the shellcode. Download DKMC: https://github.com/Mr-Un1k0d3r/DKMC Update: The PoC is now…

A new year always brings the talks from the Chaos Communication Congress. Since I had some time for watching, here is a list with my tweets of recommended talks (plus one from Blackhat). Have fun watching. 34C3 talk 1-day exploit development for Cisco IOS by @artkond https://t.co/OvoCBvGzxc — Daniel Sauder (@DanielX4v3r) December 28, 2017 34C3…

So after exploring libssh a little bit I wanted to do something useful, so my idea was to have a kind of a reverse (pseudo) shell that works via SSH. the client connects to the ssh server of the attacker with a port forward on the attacker machine port 8080 will be opened on localhost…

Here I describe some first steps for using libssh on an old setup (WinXP with Visual Studio 2008). I think steps for other platforms are more or less similar. OpenSSL: Win32OpenSSL-1_0_2m.exe from http://slproweb.com/products/Win32OpenSSL.html -> Install it. zlib123dll.zip from http://www.winimage.com/zLibDll/ zlibwapi.dll renamed to zlib1.dll -> I placed it into my working directory. libssh-0.7.2-msvc.zip from https://red.libssh.org/projects/libssh/files ->…