Studying βNext Generation Malwareβ - NightHawkβs Attempt At Obfuscate and Sleep
π£digicat
π@malwr
π£digicat
π@malwr
Suspicious Actor
Studying βNext Generation Malwareβ - NightHawkβs Attempt At Obfuscate and Sleep
Over the last year and a half, Iβve often seen mentions of a self-proclaimed βnext generation malwareβ of the name NightHawk. Ordinarily, Iβd know most of those claims tend to be nothing more than hubris, and choose to ignore it, but, I get bored. As suchβ¦
Shoggoth: Shoggoth: Asmjit Based Polymorphic Encryptor - Shoggoth is an open-source project based on C++ and asmjit library used to encrypt given shellcode, PE, and COFF files polymorphically. Shoggoth will generate an output file that stores the payload and its corresponding loader
π£digicat
π@malwr
π£digicat
π@malwr
GitHub
GitHub - frkngksl/Shoggoth: Shoggoth: Asmjit Based Polymorphic Encryptor
Shoggoth: Asmjit Based Polymorphic Encryptor. Contribute to frkngksl/Shoggoth development by creating an account on GitHub.
FLARE VM update!
π£Diesl
Nice! I remember when the installer would break due to outdated or unsupported applications. Chocolatey would fail and I would be so bummed.
π€rotten_sec
π@malwr
π£Diesl
Nice! I remember when the installer would break due to outdated or unsupported applications. Chocolatey would fail and I would be so bummed.
π€rotten_sec
π@malwr
Google Cloud Blog
FLARE VM: A FLAREytale Open to the Public | Mandiant | Google Cloud Blog
DarkTortilla .Net Malware Spreading Via Phishing Sites, Modifying Userβs .LNK files to Establish persistence
π£Skipper3943
π@malwr
π£Skipper3943
π@malwr
Cyble
DarkTortilla Malware Spread Through Phishing Sites
Cyble Research and Intelligence Labs analyzes DarkTortilla, a sophisticated malware spreading via Phishing sites.
π1
NIST Retires SHA-1 Cryptographic Algorithm
π£OfftheTopRope
It's really hard for industries to change after they adopt a specific technology. In the USA, legal and accounting industries still use FAX machines, even though the rest of us have long ago replaced FAX with emailed attachments, SMS/MMS attachments, cloud sharing services, etc. Why do they use FAX? Because FAX is literally written into law as an approved method. It's hard enough to get a technology approved, it's even harder to get it obsoleted.
By today's standards, MD5 is horribly weak and broken. Creating two files with the same arbitrary hash can be done on a typical desktop in under 1 second. (Forced hash match.) Generatting a file with a specific hash (not arbitrary) might take hours or days. And natural hash collisions (not intentionally forced) have been encountered in the real world. MD5 hasn't been recommended for use in over a decade. And yet, MD5 is still widely used for tracking evidence. It is widely used by the legal system because long ago it was approved.
SHA1 has been considered relatively weak for years. However, forced collisions for specific hashes are very difficult and time consuming to generate. And I'm not aware of any natural (not forced) collisions. Even though SHA1 is officially retired, I suspect that SHA1 will be widely used long after anyone reading this posting is dead. from old age.
π€hackerfactor
SHA-1 has been broken for over a decade. We forensicators haven't used it in over 10 years.
π€gibson_mel
Not sure how this is relevant to digital forensics.
π€baggins422
π@malwr
π£OfftheTopRope
It's really hard for industries to change after they adopt a specific technology. In the USA, legal and accounting industries still use FAX machines, even though the rest of us have long ago replaced FAX with emailed attachments, SMS/MMS attachments, cloud sharing services, etc. Why do they use FAX? Because FAX is literally written into law as an approved method. It's hard enough to get a technology approved, it's even harder to get it obsoleted.
By today's standards, MD5 is horribly weak and broken. Creating two files with the same arbitrary hash can be done on a typical desktop in under 1 second. (Forced hash match.) Generatting a file with a specific hash (not arbitrary) might take hours or days. And natural hash collisions (not intentionally forced) have been encountered in the real world. MD5 hasn't been recommended for use in over a decade. And yet, MD5 is still widely used for tracking evidence. It is widely used by the legal system because long ago it was approved.
SHA1 has been considered relatively weak for years. However, forced collisions for specific hashes are very difficult and time consuming to generate. And I'm not aware of any natural (not forced) collisions. Even though SHA1 is officially retired, I suspect that SHA1 will be widely used long after anyone reading this posting is dead. from old age.
π€hackerfactor
SHA-1 has been broken for over a decade. We forensicators haven't used it in over 10 years.
π€gibson_mel
Not sure how this is relevant to digital forensics.
π€baggins422
π@malwr
NIST
NIST Retires SHA-1 Cryptographic Algorithm
The venerable cryptographic hash function has vulnerabilities that make its further use inadvisable.
π1
Azure PenTesting Tools
I need to curate the most extensive list of Azure PenTesting tools I can. Most are already covered in this (as far as I can tell) fantastic list: https://github.com/Kyuu-Ji/Awesome-Azure-Pentest. I'd just add:
- Stratus: https://stratus-red-team.cloud/
- Basic Blob Finder (though there is a Blob finder in Kyuu-Ji's github already): https://github.com/joswr1ght/basicblobfinder
Is there any thing else anybody would add? Any favorites? Anything that's missing here?
Thanks!
π£Round-Campaign-1692
I didnβt see Bloodhound on there.
π€DH_Prelude
π@malwr
I need to curate the most extensive list of Azure PenTesting tools I can. Most are already covered in this (as far as I can tell) fantastic list: https://github.com/Kyuu-Ji/Awesome-Azure-Pentest. I'd just add:
- Stratus: https://stratus-red-team.cloud/
- Basic Blob Finder (though there is a Blob finder in Kyuu-Ji's github already): https://github.com/joswr1ght/basicblobfinder
Is there any thing else anybody would add? Any favorites? Anything that's missing here?
Thanks!
π£Round-Campaign-1692
I didnβt see Bloodhound on there.
π€DH_Prelude
π@malwr
GitHub
GitHub - Kyuu-Ji/Awesome-Azure-Pentest: A collection of resources, tools and more for penetration testing and securing Microsoftsβ¦
A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure. - Kyuu-Ji/Awesome-Azure-Pentest
Get a better understanding of the Functions Window with our new #IDAPro tutorial π https://youtu.be/DA7dTADDbc8
#IDAProTutorials #IDAPro #hexrays #LearningIDA
π£HexRaysSA
π@malwr
#IDAProTutorials #IDAPro #hexrays #LearningIDA
π£HexRaysSA
π@malwr
Hi everybody. To make channel better, we need your suggestions. Send your messages to @SirMalware
π@malwr
π@malwr
π1