Posts

fork() bombing windows

Introduction 💡 DISCLAIMER: The content presented in this write-up is for educational purposes only. It demonstrates concepts related to computer security, system processes, and vulnerabilities. The information provided is not intended to encourage or condone any form of malicious activity. Users are expected to use this knowledge responsibly, ethically, and in compliance with all applicable laws and regulations. The author does not endorse or support any illegal or unauthorized use of the information presented in this write-up.

Thermal Paste Testing

Objective The objective of this thermal paste evaluation was to assess and compare the performance of eight different thermal pastes under controlled testing conditions. The primary focus was to analyze their thermal conductivity, heat dissipation capabilities, and overall effectiveness in final performance available via thermal headroom. By conducting a series of systematic tests, we aimed to provide valuable insights and data-driven recommendations to aid in the selection of the most suitable thermal paste for improving the thermal performance for overall peak performance.

AMD Overclocking and Fan Curve Optimization Guide

What is Overclocking a GPU? Overclocking a GPU refers to the process of increasing its clock speeds beyond the manufacturer’s specified limits. The core clock, memory clock, and sometimes voltage can be adjusted to achieve higher performance levels. Here are the pros and cons of overclocking: Pros: Increased Performance: Overclocking can provide a significant boost in GPU performance, resulting in higher frame rates in games, faster rendering times in creative applications, and improved overall system responsiveness.

AMD Undervolting and Fan Curve Optimization Guide

What is Undervolting a GPU? Undervolting a GPU refers to the process of reducing the default voltage supplied to the graphics processing unit. GPUs are typically set to run at a specific voltage by the manufacturer, but undervolting allows users to lower that voltage while maintaining stable performance. Pros Reduced Power Consumption: Undervolting lowers the voltage supplied to the GPU, resulting in reduced power consumption. This can lead to lower electricity bills and increased energy efficiency, particularly in high-performance systems.

Malware Analysis and Triage : DeathNote Infostealer

1. Executive Summary A. Fingerprinting MD5: 459aad8cc95d9fe2bd1d3199966289f7 SHA256: eb22d542b3b6e69a98801ff7843fa6981b13ca8628a5382cfdc0f713cdb72cba VirusTotal Report: https://www.virustotal.com/gui/file/eb22d542b3b6e69a98801ff7843fa6981b13ca8628a5382cfdc0f713cdb72cba B. Classification Infostealer, used to harvest stored credentials and session objects from browsers installed on the machine. C. Behavioral Summary The malware is a PyInstaller packed executable, with slight obfuscation. When the sample is executed, it extracts the packed Python bytecode, and required libraries into a temporary folder. It then proceeds to spawn a child process by executing itself again, sets/adds the temporary folder into its DLL directories, unpacks and unmarshall the Python bytecode on the fly in the memory.

Malware Analysis and Triage Report : AveMaria RAT

1. Executive Summary A. Fingerprinting MD5: 425cf022932c7ace6542f18af4fbac2a SHA256: b24ce8861d8d06d10d73e38c6fcc0c026a5c9529fda74927f85b4cfe022f7e1d VirusTotal Report: https://www.virustotal.com/gui/file/b24ce8861d8d06d10d73e38c6fcc0c026a5c9529fda74927f85b4cfe022f7e1d/detection/f-b24ce8861d8d06d10d73e38c6fcc0c026a5c9529fda74927f85b4cfe022f7e1d-1668189288 B. Classification The AveMariaRat is a Remote Access Trojan that allow the attacker to connect and control the victim’s machine throught the using of a fake process and a reverse connection the its C&C server. C. Behavioral Summary The AveMariaRat comes with a common technique that hide the exe malware using a fake Word icon, once launched the exe start some cmd that creates two distinct dll files.

Malware Analysis and Triage Report : PirateStealer - Discord_beta.exe

1. Executive Summary A. Fingerprinting MD5: c5782ebad92661d4acfacaf4daa1fc52 SHA256: 1b82ac159d87162964a4eb61122bb411a35e748e135cc3b97ab39466e5827c7e VirusTotal Report: https://www.virustotal.com/gui/file/1b82ac159d87162964a4eb61122bb411a35e748e135cc3b97ab39466e5827c7e B. Classification PirateStealer is a new Info Stealer in the scene. Not much info is provided about this family and the sample is relatively new. No traces has been found on either Malware Bazaar or Malpedia. The sample will be submitted to aforementioned databases after this post. C. Behavioral Summary The sample executes itself and checks for presence of Virtualized Environment by using registry information and disk drive identifiers.

HTB Writeup: Paper

Enumeration nmap Scan # Nmap 7.92 scan initiated Mon Apr 11 15:07:52 2022 as: nmap -sC -sV -T3 -oN nmap.all-port.txt -vv -p- 10.10.11.143 Nmap scan report for 10.10.11.143 (10.10.11.143) Host is up, received echo-reply ttl 63 (0.084s latency). Scanned at 2022-04-11 15:07:58 IST for 54s Not shown: 65532 closed tcp ports (reset) PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.0 (protocol 2.0) 80/tcp open http syn-ack ttl 63 Apache httpd 2.

HTB Writeup: Catch

Enumeration nmap scan Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-24 06:52 IST Nmap scan report for 10.129.110.180 (10.129.110.180) Host is up (0.075s latency). Not shown: 65530 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.4 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 48:ad:d5:b8:3a:9f:bc:be:f7:e8:20:1e:f6:bf:de:ae (RSA) | 256 b7:89:6c:0b:20:ed:49:b2:c1:86:7c:29:92:74:1c:1f (ECDSA) |_ 256 18💿9d:08:a6:21:a8:b8:b6:f7:9f:8d:40:51:54:fb (ED25519) 80/tcp open http Apache httpd 2.4.41 ((Ubuntu)) |_http-title: Catch Global Systems |_http-server-header: Apache/2.

HTB Writeup: Acute

Enumeration nmap Starting Nmap 7.92 ( https://nmap.org ) at 2022-07-04 07:55 IST Nmap scan report for 10.129.136.40 (10.129.136.40) Host is up (0.080s latency). Not shown: 65534 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) | ssl-cert: Subject: commonName=atsserver.acute.local | Subject Alternative Name: DNS:atsserver.acute.local, DNS:atsserver | Not valid before: 2022-01-06T06:34:58 |_Not valid after: 2030-01-04T06:34:58 |_http-server-header: Microsoft-HTTPAPI/2.0 |_ssl-date: 2022-07-04T02:43:16+00:00; +15m23s from scanner time. | tls-alpn: |_ http/1.