Jump to content
Tuts 4 You

Leaderboard

  1. Kurapica

    Kurapica

    Full Member


    • Points

      22

    • Content Count

      914


  2. Xyl2k

    Xyl2k

    Full Member


    • Points

      15

    • Content Count

      141


  3. CodeExplorer

    CodeExplorer

    Moderator


    • Points

      15

    • Content Count

      3,124


  4. deepzero

    deepzero

    Full Member+


    • Points

      12

    • Content Count

      1,235


Popular Content

Showing content with the highest reputation since 12/18/2020 in all areas

  1. Happy New Year 2021 For All members
    5 points
  2. Happy New Year and welcome to 2021! I hope we have a better year than 2020 and we get back to some normality... Ted.
    5 points
  3. That is it. Or c:\:$i30:$bitmap inside of a shortcut file would do the job. This will cause immediate corruption in Win10 builds 1803 or later. It will cause prompts to reboot to repair the disk and then chkdsk on boot will be unable to repair. This sounds quite dangerous as it makes downloading zip or rar archives and extracting them potentially harmful if they contain such a shortcut .lnk in them. https://www.bleepingcomputer.com/news/security/windows-10-bug-corrupts-your-hard-drive-on-seeing-this-files-icon/
    4 points
  4. 3 points
  5. 3 points
  6. I will release an update for the tool which allows the skipping of metadata writing errors!
    3 points
  7. https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
    3 points
  8. Aspects of Strings in .NET Aspects of Strings in .pdf
    3 points
  9. Found it PSC_-_A-One_DVD_Ripper_6.34crk.xm https://www.youtube.com/watch?v=WT2ulyq5-_Y
    2 points
  10. There's an old DOS game called Cyberia which has this saying in it. Maybe they sampled it from that game: Please enter identification: https://youtu.be/8eXK76pvHFc?t=65 Welcome back to Cyberia: https://youtu.be/8eXK76pvHFc?t=74 May be a clue to help find it.
    2 points
  11. I congratulate everyone on the new year 2021. I wish you all the best in the coming year.
    2 points
  12. Happy New Year 2021 to everyone
    2 points
  13. 2 points
  14. Reverse Engineering the source code of the BioNTech/Pfizer SARS-CoV-2 Vaccine berthub.eu/articles/posts/reverse-engineering-source-code-of-the-biontech-pfizer-vaccine/
    2 points
  15. today powered by white wine @ 2015 ( ITA @tonyweb ) src - otondo.com
    2 points
  16. View File CheckMePlease This crackme is created with Qt v4.8.4, The goal of this crackme is to make the CheckBox checked, not to only pass the check when the Check button is pressed. There is also the options of creating an program which will change the state of CheckBox. I don't think is trivial task: I can't even enumerate windows. Submitter CodeExplorer Submitted 12/20/2020 Category CrackMe
    2 points
  17. Microsoft discovers SECOND hacking team dubbed 'Supernova' installed backdoor in SolarWinds software in March - as Feds say first Russian 'act of war' cyber attack struck at least 200 firms and US federal agencies https://www.dailymail.co.uk/news/article-9071645/Microsoft-discovers-SECOND-hacking-team-installed-backdoor-SolarWinds-software-March.html It just keeps getting better...
    2 points
  18. It's weird how resourceful companies and organizations with sensitive data rely on a 3rd-party contractor to provide such software for monitoring their systems. And the access level those monitoring tools had over these systems, I wonder if it's a full access to every thing on these networks. But it was epic to see .NET finally being used in a sophisticated attack.
    2 points
  19. Came across these Stylesheets and thought i would share, these are not created by me but look better than the cream, there are 10 different versions for most taste's, here's a sample of them h"""s://github.com/x64dbg/x64dbg/wiki/Stylesheets
    1 point
  20. SUNSPOT: An Implant in the Build Process https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/
    1 point
  21. i cant deob the calli ; some new encryption may be ? but i reconstruct the exe with some old tools How i have done ====== 1. dotnet dumper with dont rename option 2. reconstruct blod , us , string with cff explorer (i used) 3. universel fixer for fixed some dummy pe 4. de4dot option --keep-names-d --keep-types 5. now we can reflect the code with lutz reflector 6. confuser codecracker tools 7. drop again de4dot with 45 error what ever now SIMPLE ASSEMBLY EXPLORER for crack CrackMe69420_C_Cracked.exe
    1 point
  22. Beautiful templates, and nice to see someone doing something in asm and thx for libv2 1.5, you might want to see this one who have a replay function https://forum.tuts4you.com/topic/33593-libv2m-v15-with-replay-function/ on KeygenTemp14 you would have just minors modification to make it work. invoke V2M_V15_Init,FUNC(GetForegroundWindow),offset theTune,1000,44100,1 ; v2m initialization with current window invoke V2M_V15_Play,0 invoke V2M_V15_Stop,0 invoke V2M_V15_Close
    1 point
  23. 1 point
  24. 1 point
  25. Usual method I hear is to pull the SPI chip (well SPI on modern but not too modern) from the motherboard and modify offline, and solder back - this is what the repair guys do - you can find some of this info and backup images for the bios on the typical places to get laptop or motherboard schematics web sites although most of them are subscription You can pick up a USB SPI read/write tool on ebay for 20-100$ or so
    1 point
  26. Didn't notice much change, used the same techniques I used for v1, but unlike v1 here I kept your dynamic stuff. WindowsFormsApplication41.exe
    1 point
  27. another keygen template made on xmas 2o2o the keygen algo is replaced with MirrorMe algo (from Canterwood's keygen template) v2m by Dafunk. Merry xmas 2 all tuts4you members around here KeygenTemp15.zip
    1 point
  28. The entire source code to taskkill has leaked online with the recent Windows XP / Server 2003 / etc. leaks if your goal is to see what the program does in full. https://github.com/bestbat/Windows-Server/blob/master/sdktools/cmdline/taskkill/parse.cpp https://github.com/bestbat/Windows-Server/blob/master/sdktools/cmdline/taskkill/taskkill.cpp https://github.com/PubDom/Windows-Server-2003/blob/master/sdktools/cmdline/taskkill/parse.cpp https://github.com/PubDom/Windows-Server-2003/blob/master/sdktools/cmdline/taskkill/taskkill.cpp Some of the leak is still
    1 point
  29. ThreatNix has uncovered a large scale phishing campaign using GitHub pages and targeted Facebook ads that has affected more than 615000 users. The campaign is targeting Nepal, Egypt, Philippines along with a large number of other countries. threatnix.io/blog/large-scale-phishing-campaign-affecting-615000-users-worldwide/
    1 point
  30. Those big companies are tasting their own poison now, violating the privacy of all humans for years ! Why is it legal when they do it ? no one bats an eye when they spy on users and fu⁠ck us everyday by the name of improving services or protecting their interests ! now it's named an act of war because they are the victims.
    1 point
  31. Reader-Viewer seems to view offline files but not sure about highlighting etc
    1 point
  32. Statement from MS side. Just to clarify, Frank X Shaw is Corporate Vice President, Corporate Communications at Microsoft Corporation. So a pretty senior executive who usually doesn't talk out of his ass, unlike a certain journalist..
    1 point
  33. rofl , so what should Windows 10 users say about their systems ?!
    1 point
  34. Microsoft says it found malicious software in its systems reuters.com/article/usa-cyber-breach-exclusive-int-idUSKBN28R3E2 51% of 4 million Docker images have critical vulnerabilities thechief.io/c/news/51-4-million-docker-images-have-critical-vulnerabilities/ Rocky Linux: A CentOS replacement by the CentOS founder github.com/rocky-linux/rocky rockylinux.org Europol launches new decryption platform for law enforcement bleepingcomputer.com/news/security/europol-launches-new-decryption-platform-for-law-enforcement/
    1 point
  35. I also have to say that i'm impressed by the result. Excellent indeed. Since there is knowledge and maybe tools, sharing the method or the tools (as @SychicBoy did for his control flow deobfuscator) would be great for the community. Personally, in solving the challenge, when dealing with this kind of obfuscators, I hook UnsafeInvokeInternal and get the result, This indeed works. In this case the challenge are simple so reversing the logic is also. However to properly reconstruct the assembly a different approach is obviously needed. About the Necrobit protection, what maybe
    1 point
  36. awesome.vmp35_cracked.exe Every other portion of VMP is removed including CRC etc check. But still it will not run until we fix Delegates. It is still left
    1 point
  37. 1 point
  38. I am considering to start using Code Virtualizer (mainly because it supports binary formats not only for Windows). Could someone share experience/impressions on this piece of software? If possible, how it stands compared with other code virtualizing obfuscators? Note: I found a paper "Comparing the Effectiveness of Commercial Obfuscators against MATE Attacks" (by several guys from Univerisites of South Alabama and Nebraska), where the Subj: is compared with VMProtect and Themida - I can guess the Code Virtualizer gained some attention, if it became a subject of study. Thanks in
    1 point
  39. they've done a really nice job! valid key: how: simply you need to figure out how VM read instructions/Eh etc and restore them. devirtualizing all .net targets are the same so try to write a devirtualizer for simple VM and learn how to deal with them. some other info you can find here & here. awesome.vmp-devirtualized.exe
    1 point
  40. 16,440 downloads

    A collection of tutorials aimed particularly for newbie reverse engineers. 01. Olly + assembler + patching a basic reverseme 02. Keyfiling the reverseme + assembler 03. Basic nag removal + header problems 04. Basic + aesthetic patching 05. Comparing on changes in cond jumps, animate over/in, breakpoints 06. "The plain stupid patching method", searching for textstrings 07. Intermediate level patching, Kanal in PEiD 08. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor 09. Explaining the Visual Basic concept, introduction to SmartCheck and configurati
    1 point
  41. .NET Reactor v6.2.0.0 changed a few things. First, they added code virtualization which is not that hard because it's more straightforward than rest of code virtualization implementations that are in the market. You forgot to protect your code with this feature. Secondly, you can now hide your external and internal calls with their new "Hide calling" feature. You can use de4dot standard ProxyCallFixer1 to fix those delegates. Of course firstly you need to read them from initialization method but reading method is already implemented in the base version of de4dot (which is used for resources, s
    1 point
  42. Many years ago I wrote a software protector called MyAppSecured. Somewhere in the middle of porting it from Delphi to C++ I lost my interest in this project. Just found it on my HDD so I thought it might be helpful for someone. In short, the GUI of this protector is written in C++ and the protection stub in written in MASM. The C++ code loads a target in memory and adds 2 PE sections to it. One for the TLS callback code and one for the main code. The MASM stub will be written to those 2 sections. This protector has just 2 protection features: Analyze Immunity (anti-debug) and Me
    1 point
  43. Difficulty : 8 Language : VB.NET (.NET) Platform : Windows OS Version : Windows 7, Windows 8, Windows 10 Packer / Protector : Agile.net ( Full Version with Virtualization ) Description : if u click on the "try" button the tool will check if the entered text in the textbox is correct. What u need to do is unpack the tool and get the password. Screenshot : Secured.rar Secured.rar
    1 point
  44. Version 0.9.8

    3,105 downloads

    Scylla - x64/x86 Imports Reconstruction ImpREC, CHimpREC, Imports Fixer... this are all great tools to rebuild an import table, but they all have some major disadvantages, so I decided to create my own tool for this job. Scylla's key benefits are: x64 and x86 support full unicode support written in C/C++ plugin support works great with Windows 7 This tool was designed to be used with Windows 7 x64, so it is recommend to use this operating system. But it may work with XP and Vista, too. Source code is licensed under GNU GENERAL PUBLIC LICENSE
    1 point
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...