MalPull version 1.4 brings a more usable CLI, which now only requires the destination folder for the samples which are to be downloaded, and one or more hashes that are to be downloaded. It also allows users to fetch samples from VirusShare via their API, as long as an API key is provided. VirusShare accounts are free, but have a limit of 4 requests per minute, for every minute of the day.

Using MalPull, one can easily search for a given hash on MalShare, Malware Bazaar, VirusShare, Triage, VirusTotal, and Koodous, after which the sample is downloaded. When more samples are requested, the downloads are concurrently processed via N amount of threads, as specified in the settings file.


https://maxkersten.nl/2022/09/29/malpull-1-4-stable-release/

ℹ️ Sent from one of our channel members

🎖@malwr

The PS5 Has Been Jailbroken – Custom Packages Can Now Be Installed
🗣tnavda

This article from Wololo is a bit better (the tweet author in this article even links to it). https://wololo.net/2022/10/03/released-ps5-kernel-exploit-webkit-vulnerability-for-firmware-4-03/
👤Greger34

Tempted to delete this post, more of a press release with zero details
👤tnavda

WOOO YEAH BABY! NOW I CAN PLAY P.T ON PS5
👤BetaTalk64


🎖@malwr

BSides San Francisco 2022 Conference Recordings
🗣sanitybit

Thanks for posting! I almost made it to this con but had to duck out last minute, glad to be able to watch all the talks.
👤IkePAnderson

Click through for the full playlist, the embed starts at opening remarks.
👤sanitybit


🎖@malwr

Seer – a GUI front end to GDB for Linux
🗣modelop

Very enigmatic name.
👤shevy-java

Looks like a powerful debugging frontend, nice work!
I currently use vscodium's debugger GUI, pretty good but sometimes lacking.

If you could add valgrind support, it would make it even more powerful.
👤Settling2981

FINALLY A GUI DEBUGGER AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA *explodes in excitement*

Yes this is valid because it seems CLI is king, but certainly not the king of usability. A GUI is VERY MUCH APPRECIATED.

Yaaaaaaaaaaaaaaaaaaaaaaaaaaaaaay!
👤darkguy2008


🎖@malwr

Wireshark 4.0.0 is now available
🗣ouyawei

The Windows installers now ship with Qt 6.2.3. They previously shipped with Qt 6.2.4.

> The default main window layout has been changed so that the Packet
Detail and Packet Bytes are side by side underneath the Packet List
pane.

Life changing
👤Deliveranc3


🎖@malwr

HDD Password Toshiba
Hello,

i have a Toshiba Laptop which HDD i can't image with FTK. Only zeros with Software Writeblocker. With Hardware Writeblocker you don't See the drive. If you boot the system there ist the info: Input HDD password. I think it's a firmware password. Any suggestions? Is there a tool that shows If it is so?
🗣Civil_Structure_1033

1\. It may be ATA security at work: simplified, hard disks can be assigned a password, and won't allow access unless that password is used to 'login' to the HDD.

Such HDD will, on request, say that security is enabled, so you can use tools such as hdparm (Linux) to identify. (See https://www.admin-magazine.com/Archive/2014/19/Using-the-ATA-security-features-of-modern-hard-disks-and-SSDs for an introduction.)

In this case, as long as you have the password, you can also 'login' to the HDD (pre-boot or post-boot) before you image the drive. The details will obviously depend on the platform you use.

2\. Write blocking may affect the issue. If the blocker prevents all requests that are not simple reads, it will also block login requests. Professional tools usually won't make that mistake, but I can't identify the tool you mention, so I can't say if that is the case here.

The password may be assigned by Toshiba, and be part of the hardware platform: that is, the HDD cannot be removed from the computer and work normally, unless you also extract the password. In these cases, it is easier to let the drive remain mounted, and make a image from a forensic boot environment.
👤athulin12


🎖@malwr