Red Canary Mac Monitor is a newly available tool for collection and dynamic system analysis on macOS endpoints >> https://9to5mac.com/2023/06/17/red-canary-mac-monitor/ #security #securityresearcher #analysis #forensic #EndpointSecurityAPI #macOS

Two C# Methods and test on Win 11 [v22H2] with last updates.

Simple #Technique to Load Assembly/Bytes into local process (#inmemory) via C# #Delegation + #Native #APIs and #Bypassing Anti-viruses ;), some part of code changed via [D]elegate Techniques which i called [Technique ;D] to change some #behavior of code (also change source code) and Method is not really new but C# code a little bit is ;D [since 2022 i used this], changing RWX to X and after 2 min to RX by "NativePayload_PE1.cs" or changing RWX to X only by "NativePayload_PE2.cs"
and
some anti-virus companies say "COME-ON", like Kaspersky ;D

note: as #pentester you really need to change your own codes sometimes very fast , these codes changed and again worked very well and as #securityresearcher this is really fun to find out new method/codes to bypass AVs always ;D

article => https://lnkd.in/e4PPJe7R
source code => https://lnkd.in/eZEEhfDY

#bypass #bypassav #redteaming #pentesting #blueteaming #csharp #offensivesecurity #offensive

Two C# Methods vs "Kaspersky cloud security v21.3"
now testing Kaspersky with last update 22/1/2023 and bypassed very well

Simple #Technique to Load Assembly/Bytes into local process (#inmemory) via C# #Delegation + #Native #APIs and #Bypassing Anti-viruses ;), some part of code changed via [D]elegate Techniques which i called [Technique ;D] to change some #behavior of code (also change source code) and Method is not really new but C# code a little bit is ;D [since 2022 i used this], changing RWX to X and after 2 min to RX by "NativePayload_PE1.cs" or changing RWX to X only by "NativePayload_PE2.cs"
and
some anti-virus companies says "COME-ON", like Kaspersky ;D

note: as #pentester you really need to change your own codes sometimes very fast , these codes changed and again worked very well and as #securityresearcher this is really fun to find out new method/codes to bypass AVs always ;D

article => https://lnkd.in/e4PPJe7R
source code => https://lnkd.in/eZEEhfDY

#bypass #bypassav #redteaming #pentesting #blueteaming #csharp #offensivesecurity #offensive #kaspersky

Simple #Technique to Load Assembly/Bytes into local process (#inmemory) via C# #Delegation + #Native #APIs and #Bypassing Anti-viruses ;), some part of code changed via [D]elegate Techniques which i called [Technique ;D] to change some #behavior of code (also change source code) and ...

note: as #pentester you really need to change your own codes sometimes very fast , these codes changed and again worked very well and as #securityresearcher this is really fun to find out new method/codes to bypass AVs always ;D

Method is not really new but C# code a little bit is ;D [since 2022 i used this], changing RWX to X and after 2 min to RX ;D
and
some anti-viruses companies says "COME-ON" ;p

ok , i want to share something for #Blueteamers about "#chatgpt " or "#Youdotcom" #ai websites how much is good/helpful for you and how you can use them to make your own #defensive tools (very fast) but always as #developer you will have your own #bugs so you need work hard on these things , i will create article about this but in this post i will show you with very basic steps you can make your own C# or C++ tools for [Remote thread injection Detection] as you can see in "you.com", my search for monitoring #sysmon event-log [#realtime ] via c# for two EID 8,25 (but you need process creation/network connection event ids too) and our search result have two codes which both have same result, so now with #csharp you can detect these event (king of real-time) also you need Memory scanner which my simple search result was something like this pic but i did not test that (for sure, is working or not) i had my own #memoryscanner tools and C# codes ;D , ...

note : sometimes these codes in these AI platforms which made by others is better than your own old codes so you can replace them (for example for memory scanner i will test this simple code which seems is better and faster than some of part of my own codes ;D but should test in my LAB for sure..)

and finally you can see my own Blue-teaming "SysPM2Mon2.7.exe" tools (which background of code was something like these steps in these pictures but my memory scanner is "Pe-sieve.exe" + my own C# code for Memory scanner, i had 2 memory scanners in this tool ;D)
so as you can see As #Pentester and #SecurityResearcher i made my own Blue-teaming tools (#opensource which is available in my github) so you can do same things with your own IDEA , but now with these #ai "Chatgpt" , "YOU.COM" , ... websites you can make them faster and much better...
i will create an article about this but i am working on my things and research about my new ebook also some codes for ebook, so i am very busy to make article now but i will create that ;)
#blueteam #redteam #pentesting #securityresearch #defensive #ai #chatgpt #youdotcom

RT @nullcon
🎄Last Day to Apply Santa's Holiday Special Code for #NullconBerlin!

😎Speakers are being announced, ☃️go grab your tickets soon 'DESANTA2023'👉https://bit.ly/3Tq3Em2

#NullconDE2023 #infosec #Cybersecurity #Conference #securityresearcher #hackers

those Cyber Security guys which called itself #pentester or #Redteamer or #SecurityResearcher "just because" they are in university (learning something As [basics ;D more often] or academic things or out-of-date things ;D) and they "did not have any Experience" in Cyber Security Fields (even 1 year) and some of them even did not have any good/unique/new Cyber Security Research or tools/codes (which shared before to public).
and yeah we call them beginner "geniuses" in cyber security lol

Vs

those Cyber Security Guys which they have at least 3-5 years experience of learning real/new/unique things in these fields like #penetrationtesting or #redteaming or #securityresearch .

believe me your academic things are "Bullshit" and your instructors did not have updated content , they even don't have good viewpoint for cyber security fields like Penetration test or ... ,more often they don't have any experience of working with Offensive tools like Modern C2 servers, they don't know how you can write Offensive Codes like Writing #C2 server/agent (and why should do that) or they don't know how you can writing Offensive codes for bypassing #avs or #EDRs or #bypassing other things ... you don't know about these things or a lot other things which you should learn them outside of university "by yourself".

you can learn these things from #infosec #communities (with read Articles or Learn Courses which shared Publicly or Privately by #SecurityResearchers and #Pentesters or #redteamers or #blueteamers) and you need at least 2-3 years experiences for learn these new things.

Some guys think if you know all tools in Kali linux then you can call yourself #Pentester or Red-teamer, which is not true "geniuses".
Penetration testing is not about Tools , its about background "concepts" of tools omfg "remember this". (its about logic behind tools)

#pentesting #redteam #blueteam #video #infosec
since 2020 i decided to write my Second #eBook but for some reasons this started since 2021 and now 50% of eBook is ready so setp-by-step CHM file will create ;D but still i have problem with this MS word hahaha for making simple html file, i am fan of Frontpage which we cant have in win10 ;( so...

Video : first steps to make Second eBook "How can be a #Pentester ,#SecurityResearcher"

Simple Useful Method for #Pentesters and Security Researchers to learn new things
One simple way [#trick] to learn new things is create Document for each thing you learn [step-by-step] with details and pictures with your “native language” etc. this will help you to rethink/rewrite those things which you want to learn, believe me this will help you a lot and sometimes you need to go back to these #documents to read something so these #documentation will help you to read very fast old things which you learned years ago also making Video [step-by-step] will help too but if you have both THEN this will be very good for you also if you are (or want to be) #instructor or #teacher these things will help you to teach these things to students also will help to students to learn new things very fast and much better.
As #pentester you should make something like this chm file (help/documentation file [step-by-step]) for each things you want learn as “new thing” but remember this you should make this documents with very details also you need to make video about that too and your documents should have pictures of result (success/fail results) also pictures of bugs and pictures of your test on different OS targets like windows 7/10/11 and Servers too and …
Note: "These documentations should be part of your job always".

As you can see in this documentation (chm file) which I made years ago, I talked about basic of DNS service and Configuration via Server-side tools by example and pictures with my “Native Language”. So, after years I still can read that very fast again and learn some things which I learned so many years ago. But if you are #pentester or #SecurityResearcher you should put your results of research/tests in this documentations (with details) too so as Pentester you will have lots of Documents and CHM/HTML files like this for each research or for each new hacking things or even new Pentest Projects in your own virtual LAB or ...
this is very little part of new chapter in my New eBook: "how can be a #penetrationtester and #SecurityResearcher" (this is my story about how i tried to work on these fields of #cyber #security).

this is my New #ebook which i am working on this
"how can be a #penetrationtester and #SecurityResearcher (this is my story about how i tried to work on these fields of #cyber Security)".

half of eBook is ready but still need to rewrite some parts of them, this is my story about Penetration Test and Security Research , in this ebook my goal is talking about my experience in 7-8 years ago and how i worked in these field of cyber security with Example and talking about story of each #Pentest/Research Projects, my second goal is explaining these things step-by-step to Beginner #pentesters or Security Researchers for learn how they can start their own things.
also i want to suggest to you all #infosec guys make something like this as eBook or Documentation for itself also share that for others in community and let them to learn from your Success and fails Pentest/Research projects and explain to them why you had/have successful/fail experience for each project and what things helped you or what things was necessary but you did not have that object or ... these things in your own free ebook or free documentation will helpful to others when read your experience by ebook or something like that especially when you talk about every thing step by step with pictures of success and fail things (with details) ;D, why not just do it for your friends and for your own infosec #community .
i am working on this New #free #ebook very hard and i will share this but still this ebook needs new chapters which i am thinking about them ;D

Note: "Cyber Security #Instructor or Pentest or #RedTeam Teachers and #Blueteam Teachers should do this [without doubt] , i had very good Teaching experience with this method".

finally i want to say these are my experiences & this does not mean you should have experience like this exactly to work in these fields of cyber security, you will find your own style in #penetrationtesting and #securityresearch "Don't worry."

Instagram Retained Deleted User Data Despite GDPR Rules - The photo-sharing app retained people’s photos and private direct messages on its servers even aft... https://threatpost.com/instagram-retained-deleted-user-data-despite-gdpr-rules/158366/ #securityresearcher #directmessages #saugatpokharel #vulnerability #socialmedia #bugbounty #instagram #facebook #privacy #data #flaw #bug