Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by tester1337

  1. anyone happens to have the sektor7 course about malware development intermediate?
  2. what you got is stuff that was publicly uploaded by others or commonly available(the books for instance). why not share what you got to help other people who try to learn as well and can't afford the expensive training in those difficult times? i don't have dark side ops and one additional course, but i am sure that you got it from some forum or telegram or p2p and you are trying to use that in order to trade/sell, which is not okay, as the people who shared their stuff with you did it for free to help you and others grow and develop. this is not your stuff and you can't sell stuff that does not belong to you. what we share here, we share because a lot of people just can't afford paying a lot of money for knowledge, to help each other. selling other peoples work is not right in my opinion. if anyone here knows additional places to get courses (knowledge - not collecting), then please share. i believe that there's a lot of insight and cool tricks that can be taught from courses like dark side ops, offensive security and similar. thanks
  3. honestly, and i am sorry for saying this, this is not an advanced course. it teaches the basics of modern exploitation, it is not aimed towards people who know programming(which means they don't actually teach the inner windows things), and it is barely the basics. for instance they teach basic heap spraying after like 100 pages in the heap section, and it doesn't go beyond the very basics of how to write a basic for loop(they don't teach you how to fuzz javascript engines or browsers, typical vulnerability classes, inner engines and their weaknesses, escaping from a sandboxed environment and such), same goes for the kernel module and similar. worst thing - they don't even teach how to bypass modern mitigations. this is really not an advanced course, it should be called sans 664 or something, and they should really invent a course dedicated to people who want to learn modern exploitation, to bypass modern mitigations, to learn about different architectures and their inner weaknesses, teach hooking or new ways of manipulating the kernel(handles, irps, abusing devices and similar). they should do a course for people who are not afraid of programming. basically, if you want to learn the course in a fast way and not go through like 1000 pages: learn basic heap/kernel structures(peb/teb/eprocess/ethread and many others), learn about low fragment heap, learn about basic kernel programming and how to communicate with devices from userland - then study writeups of hevd(highly vulnerable kernel driver). other important skills: know ida/windbg, basic patch diffing and read a lot of articles by professionals you may find in the internet. if you can watch videos of people doing stuff(not explaining the theory which is nonsense to me) - you can learn way more. basically, you can google everything you'd like to know and you might be lucky enough to find results by some good developers who teach their experience and most importantly - tips on how to overcome mitigations or failures. good luck, and if you have good information or courses, please share here as well. and no, i don't have the videos nor i care for them.
  4. check hybrid-analysis.com, they provide the information in an easy to understand way, along with "proofs". you can also create a separate vm/sandbox(probably cuckoo or similar) and try to see what's going on by yourself. if you are familiar with dynamic analysis, you can try(in a safe environment) to check what's going on, what api and handles are used, check resource monitor to check allocations(process hacker or sysinternals tool can help you with that). you can also check for handles, network monitoring to see outgoing packets(fiddler for instance or burp along with proxify or similar tools(there are a lot of fake net tools that fake a network in order for the analyzer to see how it's communicating with a c2c or similar). anyways, it can become more complex as you need to have a safe sandbox/vm while eliminating "evidence" of having a vm(can be tricky and there are always ways to bypass), and malware can leak from contained vms/sandboxes to the pc. don't know if this is the case with the uploaded pdf, but i know that something weird is going on with the pdf, and there are a lot of weird allocations going on. to stay on the safe side, if you don't do a red team exercise or build tools(don't build tools to *** up others, it's morally bad), try to use available resources first, such as virustotal, hybrid-analysis, online parsers or exif information scanners and similar. if you have private stuff, don't upload them to virustotal, but if you have private stuff, you probably know more than i know and you don't need online services lol. however, as i am not an expert in malware analysis, i don't know how to strip the stuff in the pdf out, to have a clean pdf(aside from disabling js). if someone knows how to "clean" a pdf, it will help a lot of us who want to study, but don't want to install possible malware in their system. hope i could help a bit. the malware analysis course from elearnsecurity is quite good in my opinion, but it doesn't involve code too much sadly(probaby to keep stuff simpler), and doesn't go in depth with hooking or advanced concepts.
  5. care to give examples to good exploitation courses that are not corelan, awe or exodus? something that teaches exploitation and modern tricks and not the basics of it like 760. for the people downloading the file: beaware, run it through cukoo or some monitoring container and see for yourself something is not right with the file(was scanned several times on virus total and hybrid scanner). some weird heap allocation going on, i think it spawns a process with a different pid, and basically looks like a heap spray and process injection... would appreciate other people input as well
  6. thanks, but i meant kinda after the sec consult slides... (used them a lot to learn the basics(even though i would really appreciate having the dynamorio code he wrote to understand it better, or a good workshop on dynamorio). anyway, there are a lot of "modern" fuzzers for a lot different architectures or systems and purposes, and a lot of offsets afl/libfuzz/hongfuzz and similar. at each conference someone makes an offset and it's hard to understand what is good or bad, or modern optimizations for fuzzing. if you come across something more advanced than the "art of fuzzing" slides you've given here, please share, especially if it contains interesting harnesses or interesting example on how to make the coverage better, speed optimizations, corpus optimizations and such. anyways, thanks for sharing nice to know people here are actually learning material and not collecting courses
  7. can you notify us when they release exploitation courses as well? like awe/exodus or similar interesting courses? hard to find good courses on exploitation
  8. I was told by a friend that AWAE 2019 was released in some other forum(raid). if you have an account, please share it here. it can help many people who've been looking for this for quite a while. [Hidden Content] thank you very much!
  9. hello, i am looking for some advanced course on fuzzing: something that is not about afl/winafl or spike/sulley/etc, that teaches modern approaches to fuzz modern binaries (including methodologies or tactics), code coverage, instrumentation and modern approaches on different black/grey fuzzing techniques. mostly interested in: kernel fuzzing(anything newer than syzkaller), binary fuzzing(elf/pe), bootloaders, iot and android related and advanced tactics on code coverage and fuzzing optimization(for instance sanitization, optimizing corpus and similar). revsec shared here a great free course on binary reversing, and i was hoping for similar courses that deal with modern fuzzing for vulnerability hunting. thank you very much. pretty sure a lot of people can benefit from such a share
  10. anybody has it? some user once said he's uploading it and forgot to notify us that he finished(or still uploading lol). seriously, if you have it - please share it. a lot of people can learn from this. thank you very much
  11. because i asked for it and i don't have it? if i had it i would've shared it here...
  12. hey people, does anyone happens to have the new pentester academy courses about windows internals and usages? Windows Process Injection for Red-Blue Teams and Windows System Programming: Fundamentals (stil going) ? the iot arm reversing could've been nice, but they hadn't progressed a bit with it in the last months and the video listing seems quite basic now. additionally, if anyone has modern information about hooking and persistence in either linux/windows or iot, i would be more than happy to study it, and i am sure many other people as well. thank you very much!
  13. thanks, it really helps. do you happen to have stuff about rootkit or exploit development or iot stuff or advanced red team courses? hard to come by good material nowadays
  14. i think it's a fake link and i hope not from a hazardous site. i tried to download several times with several browsers and it acts as if it generates a link, but it does nothing(except maybe doing bad stuff - which i hope it doesn't do)
  15. no need for videos, just the pdf :)
  16. could you share the pdfs/videos with us? it will help people to want to help you
  17. can anyone share this course? it seems really nice and i believe can help many people here link to official course page: thank you in advance
  18. waiting for it as well, if i see it around i will share links
  19. anyone got the videos or the labs of the course? really want to check them out
  20. they released two courses: a lite version and the full version. this is the full version, and i think that someone already shared the lite version before
  21. you are right, my mistake. added a link to the udemy page
  22. hey guys, i saw the following on some other site and wanted to share here so people can enjoy it as well. please upload the files to mega/gdrive/anon so other people can enjoy it as well. [Hidden Content] enjoy!
  23. This course sounds interesting and can help many people with kernel research. i hope he also gives some cool tricks that make this course special. he says he worked at tencent for 5 years, so it has the potential of being interesting at gaining insights or learning new ways of inspecting the kernel. i bet many people would want this course as well here to begin with kernel debugging and research, so share if you have it. thanks course link:
  • Create New...