ESET's Vladislav HrΔka (@HrckaVladislav) explains the attribution of the WinorDLL64 backdoor to Lazarus and provides an analysis of the initially unknown Wslink payload. https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
A very good starting point if you would like to know how the Android Anti-Reversing defences look like - by MSTG - OWASP https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05j-testing-resiliency-against-reverse-engineering #Android #AndroidSecurity #MobileSecurity #security #rasp #AppDevelopment
π£maqsoodahmadjan
π@malwr
π£maqsoodahmadjan
π@malwr
To dump executable code bytes from PE file, I wrote a small helper tool.
I intend to use this tool for shellcode development, etc.
https://github.com/daem0nc0re/TangledWinExec/tree/main/Misc#peripper
π£daem0nc0re
π@malwr
I intend to use this tool for shellcode development, etc.
https://github.com/daem0nc0re/TangledWinExec/tree/main/Misc#peripper
π£daem0nc0re
π@malwr
TrueBot Analysis Part I - A short glimpse into packed TrueBot samples : https://malware.love/malware_analysis/reverse_engineering/2023/02/12/analyzing-truebot-packer.html
Part 2 : Static Unpacker : https://malware.love/malware_analysis/reverse_engineering/2023/02/18/analyzing-truebot-static-unpacking.html credits @lazy_daemon
π£binitamshah
π@malwr
Part 2 : Static Unpacker : https://malware.love/malware_analysis/reverse_engineering/2023/02/18/analyzing-truebot-static-unpacking.html credits @lazy_daemon
π£binitamshah
π@malwr
First world cyber problems
TrueBot Analysis Part I - A short glimpse into packed TrueBot samples
Detailed Analysis of Nevada Ranswomware : https://www.resecurity.com/blog/article/nevada-ransomware-waiting-for-the-next-dark-web-jackpot
π£binitamshah
π@malwr
π£binitamshah
π@malwr
Chatting Our Way Into Creating a Polymorphic Malware : https://www.cyberark.com/resources/threat-research-blog/chatting-our-way-into-creating-a-polymorphic-malware
π£binitamshah
π@malwr
π£binitamshah
π@malwr
Expose Backdoors on the Way : A Feature-Based Efficient Defense against Textual Backdoor Attacks : https://aclanthology.org/2022.findings-emnlp.47.pdf (pdf)
π£binitamshah
π@malwr
π£binitamshah
π@malwr
MemFiles: A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
π£digicat
π@malwr
π£digicat
π@malwr
GitHub
GitHub - Octoberfest7/MemFiles: A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk - Octoberfest7/MemFiles
New AMSI lifetime bypass, it works by searching for the first byte of each instruction to prevent updates from affecting it, Check it out.
#amsi #redteam #cybersecurity
https://github.com/ZeroMemoryEx/Amsi-Killer
π£ZeroMemoryEx
π@malwr
#amsi #redteam #cybersecurity
https://github.com/ZeroMemoryEx/Amsi-Killer
π£ZeroMemoryEx
π@malwr
GitHub
GitHub - ZeroMemoryEx/Amsi-Killer: Lifetime AMSI bypass
Lifetime AMSI bypass. Contribute to ZeroMemoryEx/Amsi-Killer development by creating an account on GitHub.