Explore >> Select a destination


You are here

8051enthusiast.github.io
| | blog.fahhem.com
3.8 parsecs away

Travel
| | Posts and writings by Fahrzin Hemmati
| | cybergibbons.com
3.6 parsecs away

Travel
| | Last time we looked at using the SWD interface of an STM32 ARM chip. This isn't the only way we can interact with this device though. It also contains a serial interface on the bootloader tha...
| | prog.world
4.0 parsecs away

Travel
| | [AI summary] The article discusses the use of Intel Processor Trace (PT) technology to capture code traces from the System Management Mode (SMM) in a computer's BIOS. The authors detail the process of creating a backdoor to access SMM, modifying the SMI dispatcher to redirect execution to a custom shellcode, and using tools like WinIPT and ptxed to analyze the trace data. They also mention challenges such as synchronization issues and the need for cross-platform compatibility, and conclude that this method provides an efficient way to investigate SMM code for vulnerabilities.
| | forensicitguy.github.io
23.5 parsecs away

Travel
| In this post I want to take a look at a PowerShell-based Cobalt Strike beacon that appeared on MalwareBazaar. This particular beacon is representative of most PowerShell Cobalt Strike activity I see in the wild during my day job. The beacons often show up as service persistence during incidents or during other post-exploitation activity. If you want to follow along at home, the sample I'm using is here: