Jump to content
tester1337

AWAE 2019 was released in other forum

Recommended Posts

2 hours ago, revsec said:

awae 2019 was first released  weeks ago in telegram...

AWAE 2019

Hidden Content
  • Hidden Content

      Give reaction to this post to see the hidden content.

 

 

ENJOY!

Thank you very much, sir- Could you please share the link of the telegram group where it was shared?

  • Confused 1

Share this post


Link to post
Share on other sites

i will not share the channel ,its easy to find it just be creative 😉

Share this post


Link to post
Share on other sites

can you notify us when they release exploitation courses as well? like awe/exodus or similar interesting courses? hard to find good courses on exploitation

Share this post


Link to post
Share on other sites

only best exploitation and worthy training are only in exchange between people no body will share them until years....sadly...

Share this post


Link to post
Share on other sites

care to give examples to good exploitation courses that are not corelan, awe or exodus? something that teaches exploitation and modern tricks and not the basics of it like 760.

for the people downloading the file: beaware, run it through cukoo or some monitoring container and see for yourself something is not right with the file(was scanned several times on virus total and hybrid scanner). some weird heap allocation going on, i think it spawns a process with a different pid, and basically looks like a heap spray and process injection... would appreciate other people input as well

Share this post


Link to post
Share on other sites

@tester1337 hi , can you provide us with some details about the injection process from spraying to spawning a different pid i am interesting to learn some of the techniques you have used while analyzing thank you so much and best regards :)

Share this post


Link to post
Share on other sites
16 hours ago, MrHuh said:

@tester1337 hi , can you provide us with some details about the injection process from spraying to spawning a different pid i am interesting to learn some of the techniques you have used while analyzing thank you so much and best regards :)

check hybrid-analysis.com, they provide the information in an easy to understand way, along with "proofs". you can also create a separate vm/sandbox(probably cuckoo or similar) and try to see what's going on by yourself.
if you are familiar with dynamic analysis, you can try(in a safe environment) to check what's going on, what api and handles are used,  check resource monitor to check allocations(process hacker or sysinternals tool can help you with that). you can also check for handles, network monitoring to see outgoing packets(fiddler for instance or burp along with proxify or similar tools(there are a lot of fake net tools that fake a network in order for the analyzer to see how it's communicating with a c2c or similar).

anyways, it can become more complex as you need to have a safe sandbox/vm while eliminating "evidence" of having a vm(can be tricky and there are always ways to bypass), and malware can leak from contained vms/sandboxes to the pc. don't know if this is the case with the uploaded pdf, but i know that something weird is going on with the pdf, and there are a lot of weird allocations going on.

to stay on the safe side, if you don't do a red team exercise or build tools(don't build tools to *** up others, it's morally bad), try to use available resources first, such as virustotal, hybrid-analysis, online parsers or exif information scanners and similar. if you have private stuff, don't upload them to virustotal, but if you have private stuff, you probably know more than i know and you don't need online services lol.

however, as i am not an expert in malware analysis, i don't know how to strip the stuff in the pdf out, to have a clean pdf(aside from disabling js). if someone knows how to "clean" a pdf, it will help a lot of us who want to study, but don't want to install possible malware in their system.

hope i could help a bit. the malware analysis course from elearnsecurity is quite good in my opinion, but it doesn't involve code too much sadly(probaby to keep stuff simpler), and doesn't go in depth with hooking or advanced concepts.

 

Share this post


Link to post
Share on other sites

@tester1337

hi thank you so much for your feedback was really helpful what i did actually when i downloaded the pdf from another thread at the forum i launched wireshark and started to have a closer look at the packets i am sending out as  i didn't  try it on vm so if we expected that there would be a sand box escaping technique for a successful exploition or the malware inside it self protected from running inside a sandbox so it would be needed to be installed at a safe environment not a contained  environment well for me ididnt find any outbound connections comming from my side and i will not say that the file is clean or not so it would take a (timer) to run down the exploit but thats what i did from my side , finally i will try down what you have mentioned above and thank you so much for your feedback and i am really glad that i can see someone finally studying the courses materials in here :😄 thank you :))

Edited by MrHuh
  • Like 2

Share this post


Link to post
Share on other sites
On 10/13/2020 at 7:55 PM, revsec said:

awae 2019 was first released  weeks ago in telegram...

AWAE 2019

Hidden Content
  • Hidden Content

      Give reaction to this post to see the hidden content.

 

 

ENJOY!

Can you please re up? Thanks

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...