Malware News
15K subscribers
1.63K photos
7 videos
130 files
7.96K links
The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ...

Partner channel: @cveNotify

For ads: https://telega.io/c/malwr
Download Telegram
Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902
πŸ—£digicat

I’m a simple man. I see root cause I upvote.

Wish more problems were discussed like that. Understanding problems os the key to not repeating them.
πŸ‘€nkrgovic

Interesting read. This one was bad.
πŸ‘€hazmatte


πŸŽ–@malwr
What are some good books for malware analysis?
I was thinking of buying both practical malware analysis and malware data science but, practical malware analysis came out 2012 and I is probably outdated.

Is there any other book you would recommend? Or should I just go with the two I have in my mind?
πŸ—£Enes_24

People tend to have the impression that books about security date quickly; in general this is not true.

Practical Malware Analysis and Malware Analyst's Cookbook are still quite useful. I might suggest The Art of Memory Forensics too.
πŸ‘€thatwasntme806

The Malware Forensics Field Guide for Linux Systems (2014) is still a good read, covering a lot of what's out there. I think Windows has gotten significantly more complex in the interim since its publication, so you'll want something more current for Windows Malware.
πŸ‘€Borne2Run

Not a book but checkout the malwareunicorn workshops. The Reverse Engineering 101 is a good place to start.

https://malwareunicorn.org/#/workshops
πŸ‘€wonka_fans_only


πŸŽ–@malwr
ExAllocatePoolZero
πŸ—£FastInvite2k2

> you can see that check is made for build numbers later than 18362. The problem with that is that Windows 1909 isn’t build 18362, it’s 18363.

The off-by-one error strikes again, this time in kernel mode.
πŸ‘€WonderfulNinja


πŸŽ–@malwr
LibreHealth Version 2.0.0 - Multiple High-Risk CVEs
πŸ—£breach_house

Reading through the unmerged pull requests here, surely there's a point where this many "string concatenation straight into SQL" combines with "this was fixed years ago in the other product this was forked from", a vendor that got a 30 day disclosure extended to 90 days and still hasn't merged fixes, and you've got to consider whether the product can really be salvaged.
πŸ‘€disclosure5


πŸŽ–@malwr
SIGRed - Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers - Check Point Research
πŸ—£digicat

We are all remediated now but this is an ugly ugly hole that is going to lead to some multi million dollar hacks against companies who don’t patch promptly.
πŸ‘€afwaller

Seems kinda bold of them to give the world only a few hours head start to patch their systems given that it's not thought to be in the wild yet. Shoulda bought CheckPoint IPS I guess /shrug.
πŸ‘€OnARedditDiet


πŸŽ–@malwr
TSK/Autopsy - Web Artifacts Opera
Hello,

i was wondering why the history of the opera web browser is not detected.
I know that on the web page it says Firefox, Chrome and Internet Explorer. Is it anywhere documented why the Opera browser is not included?
πŸ—£guyizda

As to why I don't know. It does seem it is an sqllite database, much like Chrome/Firefox.

Looks like there is a reference in their github for android:
https://github.com/sleuthkit/autopsy/blob/646a7a9e12148512de8db6ab030f78f297248394/InternalPythonModules/android/operabrowser.py

Mention to the windows location here:
https://github.com/sleuthkit/autopsy/blob/ab60e9c29ed8be6a43f918ffa29f228a6cdf270a/thirdparty/plaso/plaso-20180818-Win32/artifacts/webbrowser.yaml
πŸ‘€AnalyzeAllTheLogs

Autopsy is generally...not that good. Opera is Chromium based and uses WebKit (Blink now?), so it is probably sorted under the Chrome history.
πŸ‘€FunkeDope


πŸŽ–@malwr