Malware News
15.1K subscribers
1.63K photos
7 videos
130 files
7.97K links
The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ...

Partner channel: @cveNotify

For ads: https://telega.io/c/malwr
Download Telegram
Looking to learn more about VM on the cheap? Here's a comparison of the top free Vulnerability Assessment tools
πŸ—£adrownedcoast

Nice article, thanks.

I would have honestly mentioned flanscan, which is basically a wrapper around Nmap and vulners, rather than Nmap and/or Tsunami.

OpenVAS is a nice tool, but oh boy how painful it is to interact with it.
πŸ‘€Sudneo

Not sure if anyone is interested but we did a video some time ago on vulnerability assessment.
πŸ‘€FLSecAdm


πŸŽ–@malwr
[Legitimate Mastering Malware Analysis β€” currently available for FREE download, only for the next 6 days by its publishers.](https://twitter.com/TheHackersNews/status/1286314227997712384)
πŸ—£kkaosninja

I found a weird script in a community site. I tried posting it here and in /r/javascript but it got removed. Anyone know how to get help with something like that?
πŸ‘€strange_fate

Had the PDF scanned at hybrid-analysis.com

Came out clean.
πŸ‘€BlockBag

I just scrolled through the PDF and I think you'll need a deep understanding of coding language...so this'll be a long time before I open this book again.
πŸ‘€KomputerIdiat


πŸŽ–@malwr
Battelle Publishes Open Source Binary Visualization Tool
πŸ—£BattelleCyber

I'm sad it became a Ghidra plugin, it considerably reduces the chances that I ever use it. I'd rather have two good tools than one that tries to do too much.

One suggestion though: something alternatives such as Veles do that cantordust could really benefit from: color gradiant based on position. All your examples of digraphs are cute but well chosen: real files have multiple types of data in them and that's where a tool such as cantordust shines.

Here is a screenshot of ls using veles in the most basic way possible. As you can see there are some colors. It's not very pronounced because we have the whole file so it kind of blends in, but we can still see that some points are blue, others orange, others white. There's a gradient that is applied: the closer to the begining of the range, the more orange it is, the closer to the end of the range, the more blue it is. So I can say at a glance that there's more text toward the end than toward the beginning (although I still see some orange in there and some white so there must be some). I can also say from the color of the "executable cross" which is white, slightly yellowish, that executable code is mostly at the center of the file, trending toward the beginning.

This added information gets really interesting when you consider 3D graphs, such as one of the most useful graphs in my opinion: the layered trigraph. It's built by splitting the file into 256 chunks, then do a digraph of each of those and stack them into a 256x256x256 cube. Here is a screenshot although 3D benefits greatly from motion. You can clearly see how the file is layered while having the digraph information at all point of the file. You see diagonal lines which indicates some counter that increases as you go deeper in the file (timestamps in a pcap react like that also). This is something that you can't see in another graph. And when switching between layered digraph and digraph or trigraph the color of each point doesn't change so you can match parts of the file that you're interested in with where they map in a 2D or 3D space.

tl;dr: add a position gradient, your digraphs that are all green are an eyesore.

BTW, I don't really like Veles all that much, they fell in the same trap as you, trying to do too much, too fast, and finally stopping at a point where it's barely usable. Cantordust has some really nifty features but could really learn something from the competition.
πŸ‘€cym13


πŸŽ–@malwr