DarkTortilla .Net Malware Spreading Via Phishing Sites, Modifying Userβs .LNK files to Establish persistence
π£Skipper3943
π@malwr
π£Skipper3943
π@malwr
Cyble
DarkTortilla Malware Spread Through Phishing Sites
Cyble Research and Intelligence Labs analyzes DarkTortilla, a sophisticated malware spreading via Phishing sites.
π1
NIST Retires SHA-1 Cryptographic Algorithm
π£OfftheTopRope
It's really hard for industries to change after they adopt a specific technology. In the USA, legal and accounting industries still use FAX machines, even though the rest of us have long ago replaced FAX with emailed attachments, SMS/MMS attachments, cloud sharing services, etc. Why do they use FAX? Because FAX is literally written into law as an approved method. It's hard enough to get a technology approved, it's even harder to get it obsoleted.
By today's standards, MD5 is horribly weak and broken. Creating two files with the same arbitrary hash can be done on a typical desktop in under 1 second. (Forced hash match.) Generatting a file with a specific hash (not arbitrary) might take hours or days. And natural hash collisions (not intentionally forced) have been encountered in the real world. MD5 hasn't been recommended for use in over a decade. And yet, MD5 is still widely used for tracking evidence. It is widely used by the legal system because long ago it was approved.
SHA1 has been considered relatively weak for years. However, forced collisions for specific hashes are very difficult and time consuming to generate. And I'm not aware of any natural (not forced) collisions. Even though SHA1 is officially retired, I suspect that SHA1 will be widely used long after anyone reading this posting is dead. from old age.
π€hackerfactor
SHA-1 has been broken for over a decade. We forensicators haven't used it in over 10 years.
π€gibson_mel
Not sure how this is relevant to digital forensics.
π€baggins422
π@malwr
π£OfftheTopRope
It's really hard for industries to change after they adopt a specific technology. In the USA, legal and accounting industries still use FAX machines, even though the rest of us have long ago replaced FAX with emailed attachments, SMS/MMS attachments, cloud sharing services, etc. Why do they use FAX? Because FAX is literally written into law as an approved method. It's hard enough to get a technology approved, it's even harder to get it obsoleted.
By today's standards, MD5 is horribly weak and broken. Creating two files with the same arbitrary hash can be done on a typical desktop in under 1 second. (Forced hash match.) Generatting a file with a specific hash (not arbitrary) might take hours or days. And natural hash collisions (not intentionally forced) have been encountered in the real world. MD5 hasn't been recommended for use in over a decade. And yet, MD5 is still widely used for tracking evidence. It is widely used by the legal system because long ago it was approved.
SHA1 has been considered relatively weak for years. However, forced collisions for specific hashes are very difficult and time consuming to generate. And I'm not aware of any natural (not forced) collisions. Even though SHA1 is officially retired, I suspect that SHA1 will be widely used long after anyone reading this posting is dead. from old age.
π€hackerfactor
SHA-1 has been broken for over a decade. We forensicators haven't used it in over 10 years.
π€gibson_mel
Not sure how this is relevant to digital forensics.
π€baggins422
π@malwr
NIST
NIST Retires SHA-1 Cryptographic Algorithm
The venerable cryptographic hash function has vulnerabilities that make its further use inadvisable.
π1
Azure PenTesting Tools
I need to curate the most extensive list of Azure PenTesting tools I can. Most are already covered in this (as far as I can tell) fantastic list: https://github.com/Kyuu-Ji/Awesome-Azure-Pentest. I'd just add:
- Stratus: https://stratus-red-team.cloud/
- Basic Blob Finder (though there is a Blob finder in Kyuu-Ji's github already): https://github.com/joswr1ght/basicblobfinder
Is there any thing else anybody would add? Any favorites? Anything that's missing here?
Thanks!
π£Round-Campaign-1692
I didnβt see Bloodhound on there.
π€DH_Prelude
π@malwr
I need to curate the most extensive list of Azure PenTesting tools I can. Most are already covered in this (as far as I can tell) fantastic list: https://github.com/Kyuu-Ji/Awesome-Azure-Pentest. I'd just add:
- Stratus: https://stratus-red-team.cloud/
- Basic Blob Finder (though there is a Blob finder in Kyuu-Ji's github already): https://github.com/joswr1ght/basicblobfinder
Is there any thing else anybody would add? Any favorites? Anything that's missing here?
Thanks!
π£Round-Campaign-1692
I didnβt see Bloodhound on there.
π€DH_Prelude
π@malwr
GitHub
GitHub - Kyuu-Ji/Awesome-Azure-Pentest: A collection of resources, tools and more for penetration testing and securing Microsoftsβ¦
A collection of resources, tools and more for penetration testing and securing Microsofts cloud platform Azure. - Kyuu-Ji/Awesome-Azure-Pentest
Get a better understanding of the Functions Window with our new #IDAPro tutorial π https://youtu.be/DA7dTADDbc8
#IDAProTutorials #IDAPro #hexrays #LearningIDA
π£HexRaysSA
π@malwr
#IDAProTutorials #IDAPro #hexrays #LearningIDA
π£HexRaysSA
π@malwr
Hi everybody. To make channel better, we need your suggestions. Send your messages to @SirMalware
π@malwr
π@malwr
π1
Malware News pinned Β«πππPlease forward posts to the other groups πππΒ»
Grab the new version of Rizin, v0.5.1, together with Cutter 2.2.0.
An improved stack analysis, better FLIRT detection and generation and multithreaded string search are just few of the several changes and fixes we deliver with these new releases!
https://github.com/rizinorg/rizin/releases/tag/v0.5.1
π£rizinorg
βΉ Rizin is a fork of the radare2 reverse engineering framework with a focus on usability, working features and code cleanliness.
π@malwr
An improved stack analysis, better FLIRT detection and generation and multithreaded string search are just few of the several changes and fixes we deliver with these new releases!
https://github.com/rizinorg/rizin/releases/tag/v0.5.1
π£rizinorg
βΉ Rizin is a fork of the radare2 reverse engineering framework with a focus on usability, working features and code cleanliness.
π@malwr
GitHub
Release Release v0.5.1 Β· rizinorg/rizin
This release fixes the building issues with system capstone versions, and a type formatting crash
π1
Hello Guys! π
Just created a playlist for #androidhunting101 for better access. Make sure to go through it.
Click to Watch : https://youtube.com/playlist?list=PLhEvofbdZibepMtBr6rH7YkuM8mhTmHpE
#bugbountytips #Hacking #BugBounty #ethicalhacking
π£mr_hacker0007
π@malwr
Just created a playlist for #androidhunting101 for better access. Make sure to go through it.
Click to Watch : https://youtube.com/playlist?list=PLhEvofbdZibepMtBr6rH7YkuM8mhTmHpE
#bugbountytips #Hacking #BugBounty #ethicalhacking
π£mr_hacker0007
π@malwr
ESET's Vladislav HrΔka (@HrckaVladislav) explains the attribution of the WinorDLL64 backdoor to Lazarus and provides an analysis of the initially unknown Wslink payload. https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
A very good starting point if you would like to know how the Android Anti-Reversing defences look like - by MSTG - OWASP https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05j-testing-resiliency-against-reverse-engineering #Android #AndroidSecurity #MobileSecurity #security #rasp #AppDevelopment
π£maqsoodahmadjan
π@malwr
π£maqsoodahmadjan
π@malwr
To dump executable code bytes from PE file, I wrote a small helper tool.
I intend to use this tool for shellcode development, etc.
https://github.com/daem0nc0re/TangledWinExec/tree/main/Misc#peripper
π£daem0nc0re
π@malwr
I intend to use this tool for shellcode development, etc.
https://github.com/daem0nc0re/TangledWinExec/tree/main/Misc#peripper
π£daem0nc0re
π@malwr
TrueBot Analysis Part I - A short glimpse into packed TrueBot samples : https://malware.love/malware_analysis/reverse_engineering/2023/02/12/analyzing-truebot-packer.html
Part 2 : Static Unpacker : https://malware.love/malware_analysis/reverse_engineering/2023/02/18/analyzing-truebot-static-unpacking.html credits @lazy_daemon
π£binitamshah
π@malwr
Part 2 : Static Unpacker : https://malware.love/malware_analysis/reverse_engineering/2023/02/18/analyzing-truebot-static-unpacking.html credits @lazy_daemon
π£binitamshah
π@malwr
First world cyber problems
TrueBot Analysis Part I - A short glimpse into packed TrueBot samples
Detailed Analysis of Nevada Ranswomware : https://www.resecurity.com/blog/article/nevada-ransomware-waiting-for-the-next-dark-web-jackpot
π£binitamshah
π@malwr
π£binitamshah
π@malwr