Malware reverse engineering for beginners.
Part 1: https://intezer.com/blog/malware-analysis/malware-reverse-engineering-beginners/
Part 2: https://intezer.com/blog/incident-response/malware-reverse-engineering-for-beginners-part-2/
Part 1: https://intezer.com/blog/malware-analysis/malware-reverse-engineering-beginners/
Part 2: https://intezer.com/blog/incident-response/malware-reverse-engineering-for-beginners-part-2/
Intezer
Malware Reverse Engineering for Beginners - Part 1: From 0x0
Reverse engineering is an integral part of malware analysis and research - get started learning this advanced skill to investigate malware.
¤ ARM Exploitation - Defeating DEP - executing mprotect()
https://blog.3or.de/arm-exploitation-defeating-dep-executing-mprotect
¤ ARM Exploitation - Defeating DEP - execute system()
https://blog.3or.de/arm-exploitation-defeating-dep-execute-system
¤ ARM Exploitation - Setup and Tools
https://blog.3or.de/arm-exploitation-setup-and-tools
¤ ARM Exploitation: Return oriented Programming (Building ROP Chains)
https://blog.3or.de/arm-exploitation-return-oriented-programming
https://blog.3or.de/arm-exploitation-defeating-dep-executing-mprotect
¤ ARM Exploitation - Defeating DEP - execute system()
https://blog.3or.de/arm-exploitation-defeating-dep-execute-system
¤ ARM Exploitation - Setup and Tools
https://blog.3or.de/arm-exploitation-setup-and-tools
¤ ARM Exploitation: Return oriented Programming (Building ROP Chains)
https://blog.3or.de/arm-exploitation-return-oriented-programming
Zero-Day: A team of researchers from IBM and the VU Amsterdam university in the Netherlands on Tuesday disclosed the details of a new type of data leakage attack impacting all major CPU makers, as well as some widely used software.
https://download.vusec.net/papers/ghostrace_sec24.pdf
https://www.securityweek.com/major-cpu-software-vendors-impacted-by-new-ghostrace-attack
https://download.vusec.net/papers/ghostrace_sec24.pdf
https://www.securityweek.com/major-cpu-software-vendors-impacted-by-new-ghostrace-attack
llamafile lets you distribute and run LLMs with a single file.
https://github.com/Mozilla-Ocho/llamafile
https://hacks.mozilla.org/2023/11/introducing-llamafile/
Usage: https://vt.tiktok.com/ZSFaBjUrK/
https://github.com/Mozilla-Ocho/llamafile
https://hacks.mozilla.org/2023/11/introducing-llamafile/
Usage: https://vt.tiktok.com/ZSFaBjUrK/
GitHub
GitHub - mozilla-ai/llamafile: Distribute and run LLMs with a single file.
Distribute and run LLMs with a single file. Contribute to mozilla-ai/llamafile development by creating an account on GitHub.
Major cyber-security incident may have occurred in Israel as anonymous hacks amid Jewish ✡️ genocide and extermination of Muslims ☪️ in Gaza and West Bank.
The information was shared by Israeli media.
》Hackers infiltrating Dimona nuclear reactor, stealing data.
https://twitter.com/anonymous_opil/status/1769756815560990746
https://www.i24news.tv/en/news/israel/defense/artc-hackers-claim-infiltrating-dimona-nuclear-reactor
The information was shared by Israeli media.
》Hackers infiltrating Dimona nuclear reactor, stealing data.
We have targeted some servers of the baby killer regime's nuclear organisations. In this operation, while wiping and destroying the data, we saved a part of it which includes 7GB data that we will disclose them to the people of the world.
https://twitter.com/anonymous_opil/status/1769756815560990746
https://www.i24news.tv/en/news/israel/defense/artc-hackers-claim-infiltrating-dimona-nuclear-reactor
i24NEWS
Hackers claim infiltrating Dimona nuclear reactor, stealing data - i24NEWS
The 'Anonymous' group said the attack is its response to the war in Gaza - Click the link for more.
cKure Red
Major cyber-security incident may have occurred in Israel as anonymous hacks amid Jewish ✡️ genocide and extermination of Muslims ☪️ in Gaza and West Bank. The information was shared by Israeli media. 》Hackers infiltrating Dimona nuclear reactor, stealing…
This media is not supported in your browser
VIEW IN TELEGRAM
Video 📹 shared earlier by the group where they warn the local civilians at Dimona to take precautions.
Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.
Tracked as CVE-2023-48788, this security flaw is an SQL injection in the DB2 Administration Server (DAS) component discovered and reported by the UK's National Cyber Security Centre (NCSC).
https://www.bleepingcomputer.com/news/security/exploit-released-for-fortinet-rce-bug-used-in-attacks-patch-now/
Tracked as CVE-2023-48788, this security flaw is an SQL injection in the DB2 Administration Server (DAS) component discovered and reported by the UK's National Cyber Security Centre (NCSC).
https://www.bleepingcomputer.com/news/security/exploit-released-for-fortinet-rce-bug-used-in-attacks-patch-now/
BleepingComputer
Exploit released for Fortinet RCE bug used in attacks, patch now
Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.
Chaining N-days to Compromise All: Part 1 — Chrome Renderer RCE.
https://blog.theori.io/chaining-n-days-to-compromise-all-part-1-chrome-renderer-rce-1afccf56721b
https://blog.theori.io/chaining-n-days-to-compromise-all-part-1-chrome-renderer-rce-1afccf56721b
theori.io
Chaining N-days to Compromise All: Part 1 — Chrome Renderer RCE - Theori BLOG
This post begins our series on the 1-day exploit chain demoed on X, focusing on a Chrome renderer exploit, CVE-2023-3079, a type confusion bug in V8. | Vulnerability Research
The new cs.github.com search allows for regex, new GitHub Dorks are possible!
Example: For getting SSH and FTP passwords via connection strings with:
Example: For getting SSH and FTP passwords via connection strings with:
/ssh:\/\/.*:.*@.*target\.com/
/ftp:\/\/.*:.*@.*target\.com/
Inside the failed attempt to backdoor SSH globally — that got caught by chance.
https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd
https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd
Medium
Inside the failed attempt to backdoor SSH globally — that got caught by chance
Why the threat actor rushed deployment.
Running 'cat' command to read a script is not safe. As a researcher points out. An interesting thread!
https://twitter.com/0xAsm0d3us/status/1774534241084445020
https://twitter.com/0xAsm0d3us/status/1774534241084445020
X (formerly Twitter)
Devansh (⚡, 🥷) (@0xAsm0d3us) on X
If you, like many, think relying just on `cat` command's output is enough to be sure about the integrity of a bash file. Think twice, you could get hacked. Read below 👇
Is the frequency of posts?
Final Results
66%
Good
22%
Less (increase the no. of posts)
12%
More (reduce the no. of posts)
Secator: The swiss army knife 🔪
https://docs.freelabz.com/
It is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and is designed to improve productivity for pentesters and security researchers.
https://docs.freelabz.com/
Iran 🇮🇷 Israel 🇮🇱 Cyber-War: Israel has jammed GPS at the highest levels on its territory for fear of Iranian missile strikes, though Iran is familiar with the use of Russian GLONASS.
https://t.me/cKure/13785
The attack anticipation is based on the intel by the United States's 🇺🇸 CIA about an imminent attack on Israel in the upcoming 48 hours. It has been a day since. So, the attack anticipation is today.
https://t.me/cKure/13785
😃 A new class of vulnerability (on a lighter note). An interesting thread on watching police body cam footages.
https://twitter.com/vxunderground/status/1777121604574560462
https://twitter.com/vxunderground/status/1777121604574560462
X (formerly Twitter)
vx-underground (@vxunderground) on X
For example, based on his understanding of hundreds or possibly thousands of police body cam footage, he has learned that Walmart employee usernames are in the format of https://t.co/TyHsnV1fVs_number