A Common Missight in Most Hypervisors
π£mrexodia
This took multiple reads to understand because it's just so dense but it is definitely pretty cool!
π€SirensToGo
π@malwr
π£mrexodia
This took multiple reads to understand because it's just so dense but it is definitely pretty cool!
π€SirensToGo
π@malwr
Blogspot
A Common Missight in Most Hypervisors
Generally, when a hypervisor encounters a VM exit, it is because it needs to emulate the effects of an instruction, be it CPUID, RDMSR, or E...
The Dark Web of Intrigue: How REvil Used the Underground Ecosystem to Form an Extortion Cartel
π£digicat
π@malwr
π£digicat
π@malwr
AdvIntel
The Dark Web of Intrigue: How REvil Used the Underground Ecosystem to Form an Extortion Cartel
Key Takeaways: Just about one year ago, the makers of the infamous GandCrab ransomware announced their retirement, having reportedly earned an astonishing $2 billion since their entry into the ransomware market in January 2018. The vacuum was quickly filledβ¦
Emulating Windows system calls in Linux [LWN.net](https://lwn.net/Articles/824380/)
π£mfilion
Previous discussion: https://old.reddit.com/r/linux/comments/hhyh81
π€the_gnarts
π@malwr
π£mfilion
Previous discussion: https://old.reddit.com/r/linux/comments/hhyh81
π€the_gnarts
π@malwr
LWN.net
Emulating Windows system calls in Linux
The idea of handling system calls differently depending on the origin of each call in the proce [...]
Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine - SentinelLabs
π£digicat
π@malwr
π£digicat
π@malwr
SentinelOne
Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine - SentinelLabs
A new macOS ransomware threat uses a custom file encryption routine not based on public key encryption. Jason Reaves shows how we broke it.
The Domain Generation Algorithm of BazarBackdoor - A DGA based on the Emercoin TLD .bazar
π£digicat
π@malwr
π£digicat
π@malwr
Johannes Bader's Blog
The Domain Generation Algorithm of BazarLoader - A DGA based on the Emercoin TLD .bazar
BazarBackdoor is a module of the dreaded TrickBot Trojan. It is mostly used to gain a foothold in compromised enterprise networks.