Jump to content
Tuts 4 You

Leaderboard

  1. kao

    kao

    Full Member+


    • Points

      9

    • Content Count

      2,322


  2. N0P/ribthegreat99

    N0P/ribthegreat99

    Junior+


    • Points

      5

    • Content Count

      7


  3. Teddy Rogers

    Teddy Rogers

    Administrator


    • Points

      3

    • Content Count

      8,934


  4. whoknows

    whoknows

    Full Member


    • Points

      3

    • Content Count

      523



Popular Content

Showing content with the highest reputation since 07/05/2020 in all areas

  1. 5 points
    https://github.com/ribthegreat99OrN0P/Agile.NET-Deobfuscator @GameHackerPM @BlackHat To fix delegates, controlflow, and strings here yous go ive made a tool with many comments to help you understand!
  2. 2 points
    https://www.bleepingcomputer.com/news/security/net-core-vulnerability-lets-attackers-evade-malware-detection/ bonus medium.com/pcmag-access/former-intel-engineer-explains-why-apple-switched-to-arm-deba86e560b1 Hard Disk Hacking (2013) - spritesmods.com/?art=hddhack&page=1
  3. 1 point
    Would recommend avoiding this for the time being. Deno is a re-envision of NodeJS, created/founded by the original creator of NodeJS. However, the project is more of a dictatorship now than being an open source community collaboration. Safety/security are also not something I would say this project actually is, and rather just a buzz-word way of saying, "If you don't enable anything and basically have a useless shell of an application; it's secure!". Majority of any real-world usage out of this will require various flags be enabled that completely diminish the security aspect of it. The way imports/third-party libraries is handled is done via remote URL inclusions directly from your source code. Rather than allow any means of locking things down in a sensible way, the author has decided third-party includes are allowed to break the mixed-mode browser security implications and inherit from insecure sources. So importing a library you assume is safe via an HTTPS url can then itself import insecure libraries. Would say more than half their GitHub issues are revolved around this security problem and the creator has basically said 'deal with it' because normal JavaScript <script> tags allow for http includes, therefore he sees it as 'fine'. Give the project a lot more time to mature and break from the chains of the main guys "final say" over things and become an actual community project before bothering with it, imo.
  4. 1 point
    On the topic of PHP, they are also potentially adding a JIT compiler in PHP 8.0 https://stitcher.io/blog/php-jit https://wiki.php.net/rfc/jit
  5. 1 point
    Hello guys. Your forum is great and very helpful! Thanks for your work! I am a beginner in reverse engineering with some basic knowledge of C++. I wanted to create a small offset patch in c++. I found a simple template on how to do that. I tried it first with a simple NOP patching and it worked. After I edited it to patch 8 offsets I ended up with a not working-Send report to Microsoft application. I uploaded the edited source code. I don't know much about it, and why that happened. . . Is this the proper way to do it? Is there another better template? I know that there exist some cool patch engines but I would like to experiment and building my own. Thanks in advance! #include <windows.h> #include <stdio.h> #include <stdlib.h> int applyPatch(); const int SIZE = 8; int main(){ applyPatch(); return 0; } int applyPatch() { int offset[SIZE]={0x5758F,0x57590,0x57591,0x57592,0x57594,0x5792D,0x5792F,0x5F963}; byte patch[SIZE]={0xE9,0x97,0x03,0x90,0x90,0xE4,0x01,0xEB}; int i=0; int patch_counter = 0; FILE *f; f=fopen("target.exe","r+"); if(f==0) { MessageBox(0,"File not found!","Error",MB_ICONERROR); return 0; } for(patch_counter = 0; patch_counter < SIZE ; patch_counter++) { for(i=0;i<2;i++) { fseek(f,offset[patch_counter],SEEK_SET); fprintf(f,"%c",patch[patch_counter]); // Write patch offset[patch_counter]++; } } fclose(f); MessageBox(0,"Successfully patched! ","Patched",MB_OK); return 0; }
  6. 1 point
    Hi deep, so I also thought too that WD would be fine for my tasks (more as normal user) specially when using Windows 10.So sometimes WD dosent react for 100% when I disable the realtime scanner for a while and WD still does say something / detect.Otherwise when WD moves any file in Q then its easy to restore it but the problem in this case is that sometimes just works for few days and then it gets detected again.I mean its not working for 100% to mark any file manually as clean or telling WD no more to say anything about that file XY.Not sure why. greetz
  7. 1 point
    WD is fine. Modern AV arent exactly very deterministic things. If you have a problem with a false positive, just disable it.
  8. 1 point
    Also Windows Defender might have options to do live cloud verification or other levels of threat verification like generic heuristics. Is the web connection enabled in the VM and all Windows Defender settings the same? Virustotal style hash checking and stuff are becoming more common in antivirus apps lately for having access to a more up to date and broader database that allows vendors to find viruses earlier as well. Could even be some random spyware setting in your Windows account profile usually under the title of "help Microsoft improve our products and user experience" type of option. Or Windows Defender is so smart that it knows when you are in a VM or sandbox probably you are studying the viruses and do not want to block them. But doubt it
  9. 1 point
    Updates between Windows 10 machines are not always equal regardless of what date/version things say. They roll things out in batches and based on each devices hardware and other qualifying identifiers. Windows Defender symbols and definitions work in a similar manner. So both of your setups may show the same version of WD, but the definitions could be different as one of the machines probably hasn't gotten "permission" to obtain the latest stuff yet. That said, the detection difference could just be an updated difference in the definitions they pushed or that the way WD detected things was done in a different order. (Pretty sure their scanner does multi-threaded scans for performance purposes so one of the threads may have hit the other detection before another thread completed etc. and it just shows what was found first.)
  10. 1 point
    you shouldn't be using WD in first place.
  11. 1 point

    544 downloads

    This is a complete archive (site rip) of all files on Tuts 4 You as of July 2011 except for the malware samples - you will need to download these directly from Tuts 4 You. I have created the torrent as directories and files rather than one archive which gives you the option to download files individually or in categories. The entire collection is 3.69 GB of which some sections may be of little interest to some but you have the option of downloading what you want. This collection will be updated annually so please check at the following link for the official and up-to-date torrent file. Base 32 Hash-ID magnet:?xt=urn:btih:slpgvubkpp4dyhxbaxpmogludkgmw7wi Base 16 Hash-ID magnet:?xt=urn:btih:92DE6AD02A7BF83C1EE105DEC719741A8CCB7EC8 Please remember to seed the torrent and help share the knowledge within the reversing community. I hope this satisfies the leechers, thank you! Tuts 4 You - Collection 2011.md5
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...