Malware News
15.1K subscribers
1.63K photos
7 videos
130 files
7.97K links
The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ...

Partner channel: @cveNotify

For ads: https://telega.io/c/malwr
Download Telegram
CAPA - FireEye
πŸ—£deadbroccoli

>CAPA detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the file is a backdoor, is capable of installing services, or relies on HTTP to communicate.
πŸ‘€deadbroccoli


πŸŽ–@malwr
serpentine - Windows RAT (Remote Administration Tool) with a multiplatform RESTful C2 server
πŸ—£jafarlihi

It's great that the client is in C++, but the Java server is a deal breaker.
πŸ‘€PhisherPrice

I always knew RAT as β€œRemote Access Trojan”
πŸ‘€Wiamly


πŸŽ–@malwr
Booting to 'Hello Rust' on x86_64
πŸ—£micouy

Author here. It's my first post and I'd really appreciate your feedback. If you have any questions, you can comment here, DM me or send me an email. Thanks for reading :)
πŸ‘€micouy


πŸŽ–@malwr
Process Injection DInvoke
πŸ—£dmchell


πŸŽ–@malwr
Bypassing Symantec Endpoint Protection for Fun & Profit!
πŸ—£input0

This is fun, but missing some details.

1. Version of Symantec Endpoint Protection tested is not listed. SEP14.3 came out a couple weeks ago and adds new capabilities including AMSI (finally).
1. Test was conducted on Windows 2012R2. Yes, Windows 2012R2 is still widespread in production and under support, however Windows 10/2016 have enhancements that make dumping credentials much more difficult (LSAS virtualization in Virtualization Bases Security).

Without this information, this blog really is "I walked through an intentionally vulnerable pen testing lab scenario", vs. "here is a demonstration that you should do something and actionable guidance on what you should do". (IE, you should upgrade your fleet to 2016/10, etc).
πŸ‘€R-EDDIT


πŸŽ–@malwr