FLARE VM update!
🗣Diesl

Nice! I remember when the installer would break due to outdated or unsupported applications. Chocolatey would fail and I would be so bummed.
👤rotten_sec


🎖@malwr

NIST Retires SHA-1 Cryptographic Algorithm
🗣OfftheTopRope

It's really hard for industries to change after they adopt a specific technology. In the USA, legal and accounting industries still use FAX machines, even though the rest of us have long ago replaced FAX with emailed attachments, SMS/MMS attachments, cloud sharing services, etc. Why do they use FAX? Because FAX is literally written into law as an approved method. It's hard enough to get a technology approved, it's even harder to get it obsoleted.

By today's standards, MD5 is horribly weak and broken. Creating two files with the same arbitrary hash can be done on a typical desktop in under 1 second. (Forced hash match.) Generatting a file with a specific hash (not arbitrary) might take hours or days. And natural hash collisions (not intentionally forced) have been encountered in the real world. MD5 hasn't been recommended for use in over a decade. And yet, MD5 is still widely used for tracking evidence. It is widely used by the legal system because long ago it was approved.

SHA1 has been considered relatively weak for years. However, forced collisions for specific hashes are very difficult and time consuming to generate. And I'm not aware of any natural (not forced) collisions. Even though SHA1 is officially retired, I suspect that SHA1 will be widely used long after anyone reading this posting is dead. from old age.
👤hackerfactor

SHA-1 has been broken for over a decade. We forensicators haven't used it in over 10 years.
👤gibson_mel

Not sure how this is relevant to digital forensics.
👤baggins422


🎖@malwr

Azure PenTesting Tools
I need to curate the most extensive list of Azure PenTesting tools I can. Most are already covered in this (as far as I can tell) fantastic list: https://github.com/Kyuu-Ji/Awesome-Azure-Pentest. I'd just add:

- Stratus: https://stratus-red-team.cloud/
- Basic Blob Finder (though there is a Blob finder in Kyuu-Ji's github already): https://github.com/joswr1ght/basicblobfinder

Is there any thing else anybody would add? Any favorites? Anything that's missing here?

Thanks!
🗣Round-Campaign-1692

I didn’t see Bloodhound on there.
👤DH_Prelude


🎖@malwr

Get a better understanding of the Functions Window with our new #IDAPro tutorial 🌐 https://youtu.be/DA7dTADDbc8

#IDAProTutorials #IDAPro #hexrays #LearningIDA
🗣HexRaysSA


🎖@malwr

Hi everybody. To make channel better, we need your suggestions. Send your messages to @SirMalware


🎖@malwr

📍📍📍Please forward posts to the other groups 📍📍📍

Grab the new version of Rizin, v0.5.1, together with Cutter 2.2.0.
An improved stack analysis, better FLIRT detection and generation and multithreaded string search are just few of the several changes and fixes we deliver with these new releases!

https://github.com/rizinorg/rizin/releases/tag/v0.5.1

🗣rizinorg

ℹ Rizin is a fork of the radare2 reverse engineering framework with a focus on usability, working features and code cleanliness.

🎖@malwr

Hello Guys! 😃
Just created a playlist for #androidhunting101 for better access. Make sure to go through it.

Click to Watch : https://youtube.com/playlist?list=PLhEvofbdZibepMtBr6rH7YkuM8mhTmHpE

#bugbountytips #Hacking #BugBounty #ethicalhacking
🗣mr_hacker0007


🎖@malwr

ESET's Vladislav Hrčka (@HrckaVladislav) explains the attribution of the WinorDLL64 backdoor to Lazarus and provides an analysis of the initially unknown Wslink payload. https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
🗣virusbtn


🎖@malwr

A very good starting point if you would like to know how the Android Anti-Reversing defences look like - by MSTG - OWASP https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05j-testing-resiliency-against-reverse-engineering #Android #AndroidSecurity #MobileSecurity #security #rasp #AppDevelopment
🗣maqsoodahmadjan


🎖@malwr