Telegram channel "r0 Crew (Channel)" — @R0_Crew

r0 Crew (Channel)

17 Mar, 16:08

Mergen converts Assembly code into LLVM IR, a process known as lifting. It leverages the LLVM optimization pipeline for code optimization and constructs control flow through pseudo-emulation of instructions. Unlike typical emulation, Mergen can handle unknown values, easing the detection of opaque branches and theoretically enabling exploration of multiple code branches.

These capabilities facilitate the deobfuscation and devirtualization of obfuscated or virtualized functions. Currently in early development, Mergen already shows promise in devirtualizing older versions of VMProtect, with ambitions to support most x86_64 instructions.

https://github.com/NaC-L/Mergen

#llvm #lifting #vmprotect #tnaci

GitHub - NaC-L/Mergen: Deobfuscation via optimization with usage of LLVM IR and parsing assembly.

Deobfuscation via optimization with usage of LLVM IR and parsing assembly. - NaC-L/Mergen

2.9k 0 51 6 28

r0 Crew (Channel)

8 Dec 2023, 00:58

Titan is a VMProtect devirtualizer

https://github.com/archercreat/titan

#tools #reverse #devirt #devirtualizer #vmp #protector

GitHub - archercreat/titan: Titan is a VMProtect devirtualizer

Titan is a VMProtect devirtualizer. Contribute to archercreat/titan development by creating an account on GitHub.

7.1k 0 105 1 35

r0 Crew (Channel)

7 Dec 2023, 14:46

vmp-3.5.1.zip

20.2Mb

VMProtect Source Code (Leaked 07.12.2023)

intel.cc and processors.cc included

mirror:
https://github.com/jmpoep/vmprotect-3.5.1

#tools #source #leaked #vmp #protector

8.1k 0 266 6 57

r0 Crew (Channel)

29 Nov 2023, 20:08

Reverse Engineering Go Binaries with Ghidra (Part 1)
https://forum.reverse4you.org/t/reverse-engineering-go-binaries-with-ghidra-part-1/20096/1

Reverse Engineering Go Binaries with Ghidra (Part 2)
https://forum.reverse4you.org/t/reverse-engineering-go-binaries-with-ghidra-part-2/20097

#reverse #ghidra #golang

Reverse Engineering Go Binaries with Ghidra (Part 1)

Source: cujo.com Go (also called Golang) is an open source programming language designed by Google in 2007 and made available to the public in 2012. It gained popularity among developers over the years, but it’s not always used for good purposes. As it often happens, it attracts the attention of ma...

7.1k 0 126 2 18

r0 Crew (Channel)

23 Nov 2023, 17:36

Use the free Microsoft bing's gpt with ida pro, to perform free analyzes!

https://github.com/p1ay8y3ar/idaBingGPTPlugin

#tools #reverse #idapro #ai

GitHub - p1ay8y3ar/idaBingGPTPlugin: Use the free Microsoft bing's gpt with ida pro, to perform free analyzes!

Use the free Microsoft bing's gpt with ida pro, to perform free analyzes! - GitHub - p1ay8y3ar/idaBingGPTPlugin: Use the free Microsoft bing's gpt with ida pro, to perform free analyzes!

7.1k 0 99 1 16

r0 Crew (Channel)

8 Nov 2023, 14:40

LdrLibraryEx a small x64 library to load dll's into memory.

https://github.com/Cracked5pider/LdrLibraryEx

#tools #redteam #dev

GitHub - Cracked5pider/LdrLibraryEx: A small x64 library to load dll's into memory.

A small x64 library to load dll's into memory. Contribute to Cracked5pider/LdrLibraryEx development by creating an account on GitHub.

6.8k 0 48 4 8

r0 Crew (Channel)

8 Nov 2023, 14:36

PatchaPalooza uses the power of Microsoft's MSRC CVRF API to fetch, store, and analyze security update data. Designed for cybersecurity professionals, it offers a streamlined experience for those who require a quick yet detailed overview of vulnerabilities, their exploitation status, and more. This tool operates entirely offline once the data has been fetched, ensuring that your analyses can continue even without an internet connection.

https://github.com/xaitax/PatchaPalooza

https://patchapalooza.com

#expdev #helpers #tools

GitHub - xaitax/PatchaPalooza: A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates.

A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates. - GitHub - xaitax/PatchaPalooza: A comprehensive tool that provides an insightful analysis...

5.4k 0 28 2

r0 Crew (Channel)

25 Oct 2023, 13:42

msdocviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.

https://github.com/alexander-hanel/msdocsviewer

#tools #idapro #windows #api

5.8k 0 54 1 31

r0 Crew (Channel)

4 Oct 2023, 19:48

Local Privilege Escalation in the glibc's ld.so (CVE-2023-4911)

https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

POC: https://github.com/leesh3288/CVE-2023-4911

#expdev #linux #lpe #Alexs3y

GitHub - leesh3288/CVE-2023-4911: PoC for CVE-2023-4911

PoC for CVE-2023-4911. Contribute to leesh3288/CVE-2023-4911 development by creating an account on GitHub.

11.8k 2 128 12

r0 Crew (Channel)

3 Oct 2023, 12:38

HEVD: How a simple K-TypeConfusion took me 3 months long to create a exploit? — Windows 11 (build 22621)

https://wafzsucks.medium.com/how-a-simple-k-typeconfusion-took-me-3-months-long-to-create-a-exploit-f643c94d445f

#expdev #windows #hevd #kaslr #smep

How a simple K-TypeConfusion took me 3 months long to create a exploit?

Have you ever tested something for a really long time, that it made part of your life? that’s what happen to me for the last months when a…

8.2k 2 71 11

r0 Crew (Channel)

23 Sep 2023, 12:36

Emulating IoT Firmware Made Easy: Start Hacking Without the Physical Device

https://boschko.ca/qemu-emulating-firmware/

#qemu #firmware

Emulating IoT Firmware Made Easy: Start Hacking Without the Physical Device

A step-by-step how-to guide to using QEMU in Ubuntu 18.04 to emulate embedded devices

6.7k 0 118 1 19

r0 Crew (Channel)

21 Sep 2023, 14:13

Advanced Root Detection & Bypass Techniques

In this blog, we will explore techniques related to root detection on Android devices and methods to bypass it. Our main focus will be on the strategies employed by app developers to protect their applications and prevent them from running on compromised devices.

https://8ksec.io/advanced-root-detection-bypass-techniques/

#mobile #android #reverse #frida #root #detection #bypass

Advanced root detection & bypass techniques - 8kSec

Introduction Welcome to another blog post in our series on Advanced Frida Usage. In this blog, we will explore techniques related to root detection on Android devices and methods to bypass it. Our main focus will be on the strategies employed by app developers to protect their applications and preve...

5.6k 0 65 10

r0 Crew (Channel)

20 Sep 2023, 13:11

CVE-2023-4047 Root Cause Analysis

https://www.richardosgood.com/posts/cve---2023---4047-root-cause-analysis/

#expdev #windows #1day #winrar

CVE-2023-4047 Root Cause Analysis

Root cause analysis for CVE-2023-40477 with PoC

5k 0 30 5

r0 Crew (Channel)

20 Sep 2023, 13:03

Analyzing a Modern In-the-wild Android Exploit

https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html

#expdev #android #linux

Analyzing a Modern In-the-wild Android Exploit

By Seth Jenkins, Project Zero Introduction In December 2022, Google’s Threat Analysis Group (TAG) discovered an in-the-wild exploit chain ta...

5.3k 0 45 5

r0 Crew (Channel)

19 Sep 2023, 20:30

Centralized resource for listing and organizing known injection techniques and POCs

https://github.com/itaymigdal/awesome-injection

#redteam #malware #process #inject

GitHub - itaymigdal/awesome-injection: Centralized resource for listing and organizing known injection techniques and POCs

Centralized resource for listing and organizing known injection techniques and POCs - GitHub - itaymigdal/awesome-injection: Centralized resource for listing and organizing known injection techniqu...

5.1k 0 63 13

r0 Crew (Channel)

15 Sep 2023, 13:21

Process Injection without R/W target memory and without creating a remote thread

https://github.com/Maff1t/InjectNtdllPOC

#windows #redteam #ctf #malware #tips

GitHub - Maff1t/InjectNtdllPOC: Process Injection without R/W target memory and without creating a remote thread

Process Injection without R/W target memory and without creating a remote thread - GitHub - Maff1t/InjectNtdllPOC: Process Injection without R/W target memory and without creating a remote thread

6.6k 1 141 19

r0 Crew (Channel)

15 Sep 2023, 13:15

WindowsNoExec - Abusing existing instructions to executing arbitrary code without allocating executable memory

https://www.x86matthew.com/view_post?id=windows_no_exec

#windows #ctf #malware #tips

5.5k 1 90 1 6

r0 Crew (Channel)

14 Sep 2023, 13:29

Finding and exploiting process killer drivers with LOL for 3000$

In this article, I will introduce some kernel driver/internals theory and explain how to use the data in LOLDrivers to find interesting drivers. Finally, I will present 2 examples of vulnerable drivers and explain how to quickly reverse them and create a PoC to exploit them.

https://alice.climent-pommeret.red/posts/process-killer-driver/

#redteam #loldrivers #windows

Finding and exploiting process killer drivers with LOL for 3000$

This article describes a quick way to find easy exploitable process killer drivers. There are many ways to identify and exploit process killer drivers. This article is not exhaustive and presents only one (easy) method. Lately, the use of the BYOVD technique to kill AV and EDR agents seems trending....

5.9k 2 67 9

r0 Crew (Channel)

14 Sep 2023, 13:26

Living Off The Land Drivers is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks. The project helps security professionals stay informed and mitigate potential threats.

https://www.loldrivers.io/

#redteam #loldrivers #windows

4.9k 1 38 5

r0 Crew (Channel)

13 Sep 2023, 21:11

Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)

https://github.com/memN0ps/bootkit-rs

#redteam #malware #bootkit #windows #rust

GitHub - memN0ps/bootkit-rs: Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)

Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus) - GitHub - memN0ps/bootkit-rs: Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)

4.8k 0 75 6

TGAlertsBot

Telegram Analytics

SearcheeBot

TGStat Bot

r0 Crew (Channel)

Channel's geo and language

Category

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

r0 Crew (Channel)

8 886

Popular in the channel

Site language

TGAlertsBot

Telegram Analytics

SearcheeBot

TGStat Bot

r0 Crew (Channel)

Channel's geo and language

Category

8 886

Popular in the channel