Security researcher says Microsoft built a Bitlocker backdoor, releases exploit

https://www.techspot.com/news/112410-security-researcher-microsoft-secretly-built-backdoor-bitlocker-releases.html

#HackerNews #SecurityResearcher #Microsoft #Bitlocker #Backdoor #CyberSecurity #Exploit

#Router #Vulnerability #Discovery for #Overseas #Systems. This article covers a large range of vulnerabilities in routers including #hardcoded #default #passwords and #router #misconfigurations with available #CVEs as well. Check it out and don’t miss a thing. Click the link below to learn more about it:

https://medium.com/@brotheralameen/discovery-of-a-vulnerability-on-routers-through-collaboration-with-a-scam-baiter-ce3901a1983c

#CVE #Common #Vulnerability and #Exposures #Routers #Improper #Access #Control #Router #Hacking #Critical #Vulnerability #WhiteHat #Hacker #Penetration #Testing #SecurityResearcher #Security #Cybersecurity #InformationSecurity

NULLCON (http://nullcon.net):

👊Passionate to share your latest research masterpiece, then here is the platform to outshine amongst the finest international #infosec community

🌴 Call for Papers at #NullconGoa is now Open

Submit here ----->https://t.co/ZVLrlw02ha

#NullconGoa2023 #CFP #securityresearcher https://t.co/Kfwsyw7eF6

Two C# Methods and test on Win 11 [v22H2] with last updates.

Simple #Technique to Load Assembly/Bytes into local process (#inmemory) via C# #Delegation + #Native #APIs and #Bypassing Anti-viruses ;), some part of code changed via [D]elegate Techniques which i called [Technique ;D] to change some #behavior of code (also change source code) and Method is not really new but C# code a little bit is ;D [since 2022 i used this], changing RWX to X and after 2 min to RX by "NativePayload_PE1.cs" or changing RWX to X only by "NativePayload_PE2.cs"
and
some anti-virus companies say "COME-ON", like Kaspersky ;D

note: as #pentester you really need to change your own codes sometimes very fast , these codes changed and again worked very well and as #securityresearcher this is really fun to find out new method/codes to bypass AVs always ;D

article => https://lnkd.in/e4PPJe7R
source code => https://lnkd.in/eZEEhfDY

#bypass #bypassav #redteaming #pentesting #blueteaming #csharp #offensivesecurity #offensive

Two C# Methods vs "Kaspersky cloud security v21.3"
now testing Kaspersky with last update 22/1/2023 and bypassed very well

Simple #Technique to Load Assembly/Bytes into local process (#inmemory) via C# #Delegation + #Native #APIs and #Bypassing Anti-viruses ;), some part of code changed via [D]elegate Techniques which i called [Technique ;D] to change some #behavior of code (also change source code) and Method is not really new but C# code a little bit is ;D [since 2022 i used this], changing RWX to X and after 2 min to RX by "NativePayload_PE1.cs" or changing RWX to X only by "NativePayload_PE2.cs"
and
some anti-virus companies says "COME-ON", like Kaspersky ;D

note: as #pentester you really need to change your own codes sometimes very fast , these codes changed and again worked very well and as #securityresearcher this is really fun to find out new method/codes to bypass AVs always ;D

article => https://www.linkedin.com/pulse/2-simple-c-techniques-bypassing-anti-virus-damon-mohammadbagher/

source code => https://github.com/DamonMohammadbagher/NativePayload_PE1

#bypass #bypassav #redteaming #pentesting #blueteaming #csharp #offensivesecurity #offensive #kaspersky

Simple #Technique to Load Assembly/Bytes into local process (#inmemory) via C# #Delegation + #Native #APIs and #Bypassing Anti-viruses ;), some part of code changed via [D]elegate Techniques which i called [Technique ;D] to change some #behavior of code (also change source code) and ...

note: as #pentester you really need to change your own codes sometimes very fast , these codes changed and again worked very well and as #securityresearcher this is really fun to find out new method/codes to bypass AVs always ;D

Method is not really new but C# code a little bit is ;D [since 2022 i used this], changing RWX to X and after 2 min to RX ;D
and
some anti-viruses companies says "COME-ON" ;p
#redteam #pentesting

ok , i want to share something for #Blueteamers about "#chatgpt " or "#Youdotcom" #ai websites how much is good/helpful for you and how you can use them to make your own #defensive tools (very fast) but always as #developer you will have your own #bugs so you need work hard on these things , i will create article about this but in this post i will show you with very basic steps you can make your own C# or C++ tools for [Remote thread injection Detection] as you can see in "you.com", my search for monitoring #sysmon event-log [#realtime ] via c# for two EID 8,25 (but you need process creation/network connection event ids too) and our search result have two codes which both have same result, so now with #csharp you can detect these event (king of real-time) also you need Memory scanner which my simple search result was something like this pic but i did not test that (for sure, is working or not) i had my own #memoryscanner tools and C# codes ;D , ...

note : sometimes these codes in these AI platforms which made by others is better than your own old codes so you can replace them (for example for memory scanner i will test this simple code which seems is better and faster than some of part of my own codes ;D but should test in my LAB for sure..)

and finally you can see my own Blue-teaming "SysPM2Mon2.7.exe" tools (which background of code was something like these steps in these pictures but my memory scanner is "Pe-sieve.exe" + my own C# code for Memory scanner, i had 2 memory scanners in this tool ;D)
so as you can see As #Pentester and #SecurityResearcher i made my own Blue-teaming tools (#opensource which is available in my github) so you can do same things with your own IDEA , but now with these #ai "Chatgpt" , "YOU.COM" , ... websites you can make them faster and much better...
i will create an article about this but i am working on my things and research about my new ebook also some codes for ebook, so i am very busy to make article now but i will create that ;)
#blueteam #redteam #pentesting #securityresearch #defensive #ai #chatgpt #youdotcom