Group Details Private

administrators

Member List

  • RE: Shibari not working at all (Windows 10 1909)

    A path with spaces on the command line must be surrounded by double quotes, that's no Shibari issue. Just fire up the application without installing it as a service and share what it outputs so people could actually see why it doesn't work instead of guessing. Troubleshooting one-o-one.

    posted in Discussion and Support
  • RE: Why is nobody helping me???

    @MoltresRider welcome to the internet. Stop trolling or victimizing yourself, nobody falls for that around here. It's insanely disrespectful towards the volunteers floating around here to demand immediate attention and response times like you have some sort of enterprise SLA - which you don't. With free products comes the liberty of us to invest as much or as little time in free support as we please so stop acting entitled. This isn't Instagram.

    The nerve of some people these days...

    Cheers

    posted in Discussion and Support
  • RE: The gamepad cannot be removed sometimes. posted in Discussion and Support
  • RE: Shibari error error code 1064

    I've never heard of that error and I doubt that's all that's logged.

    posted in Discussion and Support
  • RE: Shibari wont start after updating vigem

    This error could literally mean anything... Just run the executable directly or at least have the courtesy to share some logs...

    posted in Discussion and Support
  • RE: Keyboard and mouse blocked after HidGuardian install

    Where did you even get it and why did you tinker with it? I mean, I'm used to people ignoring every little bit of documentation I provide but what do I have to do next, a flashing, screaming banner? Or switch the repositories to private?

    62637ec5-b9c2-4d5d-8070-00b1619238a5-image.png

    ๐Ÿ˜‘

    posted in Discussion and Support
  • Shady shenanigans collection

    Kernel hooking/exploitation

    HOW TO HOOK WIN32 API WITH KERNEL PATCHING

    This post is about SSDT patching to perform API hooking within the kernel instead of the classic user mode hooking using remote threads and things like that.

    SSDT hooking is as far as I know the lowest level technique to replace/hook/intercept/whatever API and for this reason has been used for years both by malwares writers and AV vendors.

    Hooking the kernel directly

    Sometimes, we run into a situation when we badly need to hook some kernel function, but are unable to do it via conventional PE-based hooking. This article explains how kernel functions can be directly hooked. As a sample project, we are going to present a removable USB storage device as a basic disk to the system, so that we can create and manage multiple partitions on it (for this or that reason, Windows does not either allow or recognize multiple partitions on removable storage devices, so we are going to cheat the system). On this particular occasion, we will hook only one function, but the approach described in this article can be extended to handle multiple functions (for example, one of my projects required direct hooking of quite a few functions from the NDIS library). You should clearly realize that this article is about direct hooking and not about dealing with USB storage, so please don't tell me that the sample problem may have been solved differently.

    SecWiki/windows-kernel-exploits

    List ow Windows kernel exploits.

    taviso/ctftool

    This is ctftool, an interactive command line tool to experiment with CTF, a little-known protocol used on Windows to implement Text Services. This might be useful for studying Windows internals, debugging complex issues with Text Input Processors and analyzing Windows security.

    mrexodia/TitanHide

    TitanHide is a driver intended to hide debuggers from certain processes. The driver hooks various Nt* kernel functions (using SSDT table hooks) and modifies the return values of the original functions. To hide a process, you must pass a simple structure with a ProcessID and the hiding option(s) to enable, to the driver. The internal API is designed to add hooks with little effort, which means adding features is really easy.

    x64dbg/ScyllaHide

    ScyllaHide is an advanced open-source x64/x86 user mode Anti-Anti-Debug library. It hooks various functions to hide debugging. This tool is intended to stay in user mode (ring 3). If you need kernel mode (ring 0) Anti-Anti-Debug, please see TitanHide.

    Mattiwatti/EfiGuard

    EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager, boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).

    hfiref0x/UPGDSED

    Universal PatchGuard and Driver Signature Enforcement Disable

    9176324/Shark

    Turn off PatchGuard in real time for win7 (7600) ~ win10 (18950).

    Process & Memory

    DarthTon/Blackbone

    Windows memory hacking library

    Dramacydal/WhiteMagic

    API to work with Win32 process memory and hardware breakpoints

    acidburn974/Blackmagic

    Memory reading and Writing for C# / VB / .Net Applications.

    DLL-injection (user-land)

    vmcall/loadlibrayy

    x64 PE injector with kernel handle elevation and thread hijacking capabilities

    Misc.

    zaproxy/zaproxy

    The OWASP Zed Attack Proxy (ZAP) is one of the worldโ€™s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

    posted in Research and Development
  • RE: BthPS3 input inconsistencies. Works with MotionInJoy

    Once again: BthPS3 has nothing to do with the input and output of the controller, it handles the connection to Windows, nothing more, nothing less. Those issues are Shibari business and possibly there's some overlooked hack or trick that MIJ accounts for but I don't know of that and don't have the capacity to go after that so I can't really recommend any solution at this point in time.

    TL;DR: It is what it is ๐Ÿ˜Ž

    Cheers

    posted in Discussion and Support
  • RE: Two PS3 controllers which used to work with SCPToolkit (1 working 1 not)

    @mmbossoni all devices I wanna support are already supported. If the reports differ that's not the business of BthPS3 but of Shibari or a function driver and I don't have the capacity to further dig into that with my current resources. So I guess no, I won't follow that route as long as I'm solo on this.

    posted in Discussion and Support
  • RE: Issues after ViGEMBus Updater message and attempted update

    Has nothing to do with the functionality, try a complete reinstall. Shibari creates a log with information on what's happening, look at that and/or share it here, otherwise it's poke in the dark.

    Cheers

    posted in Discussion and Support