MalPull version 1.4 brings a more usable CLI, which now only requires the destination folder for the samples which are to be downloaded, and one or more hashes that are to be downloaded. It also allows users to fetch samples from VirusShare via their API, as long as an API key is provided. VirusShare accounts are free, but have a limit of 4 requests per minute, for every minute of the day.
Using MalPull, one can easily search for a given hash on MalShare, Malware Bazaar, VirusShare, Triage, VirusTotal, and Koodous, after which the sample is downloaded. When more samples are requested, the downloads are concurrently processed via N amount of threads, as specified in the settings file.
https://maxkersten.nl/2022/09/29/malpull-1-4-stable-release/
βΉοΈ Sent from one of our channel members
π@malwr
Using MalPull, one can easily search for a given hash on MalShare, Malware Bazaar, VirusShare, Triage, VirusTotal, and Koodous, after which the sample is downloaded. When more samples are requested, the downloads are concurrently processed via N amount of threads, as specified in the settings file.
https://maxkersten.nl/2022/09/29/malpull-1-4-stable-release/
βΉοΈ Sent from one of our channel members
π@malwr
π2
The PS5 Has Been Jailbroken β Custom Packages Can Now Be Installed
π£tnavda
This article from Wololo is a bit better (the tweet author in this article even links to it). https://wololo.net/2022/10/03/released-ps5-kernel-exploit-webkit-vulnerability-for-firmware-4-03/
π€Greger34
Tempted to delete this post, more of a press release with zero details
π€tnavda
WOOO YEAH BABY! NOW I CAN PLAY P.T ON PS5
π€BetaTalk64
π@malwr
π£tnavda
This article from Wololo is a bit better (the tweet author in this article even links to it). https://wololo.net/2022/10/03/released-ps5-kernel-exploit-webkit-vulnerability-for-firmware-4-03/
π€Greger34
Tempted to delete this post, more of a press release with zero details
π€tnavda
WOOO YEAH BABY! NOW I CAN PLAY P.T ON PS5
π€BetaTalk64
π@malwr
GLITCHED
The PS5 Has Been Jailbroken β Custom Packages Can Now Be Installed
The PS5 has been jailbroken and can now install custom packages. This marks the first major hack in the console lifecycle since its launch back in 2020.
π1π₯1
BSides San Francisco 2022 Conference Recordings
π£sanitybit
Thanks for posting! I almost made it to this con but had to duck out last minute, glad to be able to watch all the talks.
π€IkePAnderson
Click through for the full playlist, the embed starts at opening remarks.
π€sanitybit
π@malwr
π£sanitybit
Thanks for posting! I almost made it to this con but had to duck out last minute, glad to be able to watch all the talks.
π€IkePAnderson
Click through for the full playlist, the embed starts at opening remarks.
π€sanitybit
π@malwr
YouTube
BSidesSF 2022 - YouTube
Seer β a GUI front end to GDB for Linux
π£modelop
Very enigmatic name.
π€shevy-java
Looks like a powerful debugging frontend, nice work!
I currently use vscodium's debugger GUI, pretty good but sometimes lacking.
If you could add valgrind support, it would make it even more powerful.
π€Settling2981
FINALLY A GUI DEBUGGER AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA *explodes in excitement*
Yes this is valid because it seems CLI is king, but certainly not the king of usability. A GUI is VERY MUCH APPRECIATED.
Yaaaaaaaaaaaaaaaaaaaaaaaaaaaaaay!
π€darkguy2008
π@malwr
π£modelop
Very enigmatic name.
π€shevy-java
Looks like a powerful debugging frontend, nice work!
I currently use vscodium's debugger GUI, pretty good but sometimes lacking.
If you could add valgrind support, it would make it even more powerful.
π€Settling2981
FINALLY A GUI DEBUGGER AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA *explodes in excitement*
Yes this is valid because it seems CLI is king, but certainly not the king of usability. A GUI is VERY MUCH APPRECIATED.
Yaaaaaaaaaaaaaaaaaaaaaaaaaaaaaay!
π€darkguy2008
π@malwr
GitHub
GitHub - epasveer/seer: Seer - a gui frontend to gdb
Seer - a gui frontend to gdb. Contribute to epasveer/seer development by creating an account on GitHub.
β€1π1
Wireshark 4.0.0 is now available
π£ouyawei
The Windows installers now ship with Qt 6.2.3. They previously shipped with Qt 6.2.4.
> The default main window layout has been changed so that the Packet
Detail and Packet Bytes are side by side underneath the Packet List
pane.
Life changing
π€Deliveranc3
π@malwr
π£ouyawei
The Windows installers now ship with Qt 6.2.3. They previously shipped with Qt 6.2.4.
> The default main window layout has been changed so that the Packet
Detail and Packet Bytes are side by side underneath the Packet List
pane.
Life changing
π€Deliveranc3
π@malwr
HDD Password Toshiba
Hello,
i have a Toshiba Laptop which HDD i can't image with FTK. Only zeros with Software Writeblocker. With Hardware Writeblocker you don't See the drive. If you boot the system there ist the info: Input HDD password. I think it's a firmware password. Any suggestions? Is there a tool that shows If it is so?
π£Civil_Structure_1033
1\. It may be ATA security at work: simplified, hard disks can be assigned a password, and won't allow access unless that password is used to 'login' to the HDD.
Such HDD will, on request, say that security is enabled, so you can use tools such as hdparm (Linux) to identify. (See https://www.admin-magazine.com/Archive/2014/19/Using-the-ATA-security-features-of-modern-hard-disks-and-SSDs for an introduction.)
In this case, as long as you have the password, you can also 'login' to the HDD (pre-boot or post-boot) before you image the drive. The details will obviously depend on the platform you use.
2\. Write blocking may affect the issue. If the blocker prevents all requests that are not simple reads, it will also block login requests. Professional tools usually won't make that mistake, but I can't identify the tool you mention, so I can't say if that is the case here.
The password may be assigned by Toshiba, and be part of the hardware platform: that is, the HDD cannot be removed from the computer and work normally, unless you also extract the password. In these cases, it is easier to let the drive remain mounted, and make a image from a forensic boot environment.
π€athulin12
π@malwr
Hello,
i have a Toshiba Laptop which HDD i can't image with FTK. Only zeros with Software Writeblocker. With Hardware Writeblocker you don't See the drive. If you boot the system there ist the info: Input HDD password. I think it's a firmware password. Any suggestions? Is there a tool that shows If it is so?
π£Civil_Structure_1033
1\. It may be ATA security at work: simplified, hard disks can be assigned a password, and won't allow access unless that password is used to 'login' to the HDD.
Such HDD will, on request, say that security is enabled, so you can use tools such as hdparm (Linux) to identify. (See https://www.admin-magazine.com/Archive/2014/19/Using-the-ATA-security-features-of-modern-hard-disks-and-SSDs for an introduction.)
In this case, as long as you have the password, you can also 'login' to the HDD (pre-boot or post-boot) before you image the drive. The details will obviously depend on the platform you use.
2\. Write blocking may affect the issue. If the blocker prevents all requests that are not simple reads, it will also block login requests. Professional tools usually won't make that mistake, but I can't identify the tool you mention, so I can't say if that is the case here.
The password may be assigned by Toshiba, and be part of the hardware platform: that is, the HDD cannot be removed from the computer and work normally, unless you also extract the password. In these cases, it is easier to let the drive remain mounted, and make a image from a forensic boot environment.
π€athulin12
π@malwr
Reddit
From the computerforensics community on Reddit
Explore this post and more from the computerforensics community
Dissect enables you to go from acquisition of thousands of systems to answering the how, when, and what in a matter of hours β A game changer for incident response teams. Itβs modular and concise API allows for anyone with Python experience to adapt it to their own needs and create output ..
π£digicat
Big fat kudos to Fox IT for releasing Dissect as open source. Wonderful contribution to the community.
On GitHub: https://github.com/fox-it/dissect
π€mrkoot
π@malwr
π£digicat
Big fat kudos to Fox IT for releasing Dissect as open source. Wonderful contribution to the community.
On GitHub: https://github.com/fox-it/dissect
π€mrkoot
π@malwr
GitHub
GitHub - fox-it/dissect: Dissect is a digital forensics & incident response framework and toolset that allows you to quickly accessβ¦
Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fo...
Bumblebee: increasing its capacity and evolving its TTPs - Check Point Research
π£digicat
π@malwr
π£digicat
π@malwr
Check Point Research
Bumblebee: increasing its capacity and evolving its TTPs - Check Point Research
Research by: Marc Salinas Fernandez Background & Key Findings The spring of 2022 saw a spike in activity of Bumblebee loader, a recent threat that has garnered a lot of attention due to its many links to several well-known malware families. In this pieceβ¦
Remove All The Callbacks β BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse
π£digicat
π@malwr
π£digicat
π@malwr
Sophos News
Remove All The Callbacks β BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse
A fresh exploration of the malware uncovers a new tactic for bypassing security products by abusing a known driver vulnerability
DeftTorero TTPs in 2019β2021 - aka Lebanese Cedar, Volatile Cedar - this post focuses primarily on the TTPs used by the threat actor in intrusions between late 2019 and mid-2021 to compromise victims.
π£digicat
π@malwr
π£digicat
π@malwr
Securelist
DeftTorero TTPs in 2019β2021
In this report we focus on tactics, techniques, and procedures (TTPs) of the DeftTorero (aka Lebanese Cedar or Volatile Cedar) threat actor, which targets Middle East countries.
Security Researchers shares Lockbit 3.0 ransomware technical details, defense tips on case study.
π£Late_Ice_9288
π@malwr
π£Late_Ice_9288
π@malwr
CIP Blog
LockBit 3.0 Ransomware Case Study: A Huge Cybersecurity Risk | CIP Blog
In this article, we will analyze LockBit 3.0 ransomware attack cases to show you how attacks similar to these cases can be prevented.
What is LockBit 3.0 Ransomware?
LockBit 3.0 (also known as LockBit Black) is ransomware created by the cybercrime syndicateβ¦
What is LockBit 3.0 Ransomware?
LockBit 3.0 (also known as LockBit Black) is ransomware created by the cybercrime syndicateβ¦