Interesting writeup about reverse engineering embedded/IoT devices (MikroTik router) by @hgarrereyn and @__comedian
Blog post: https://margin.re/2022/06/pulling-mikrotik-into-the-limelight/
Slides (RECon): https://github.com/MarginResearch/resources/blob/83e402a86370f7c3acf8bb3ad982c1fee89c9b53/documents/Pulling_MikroTik_into_the_Limelight.pdf
#iot #embedded #mikrotik #routeros #reverseengineering #infosec #cybsersecurity
π£0xor0ne
π@malwr
Blog post: https://margin.re/2022/06/pulling-mikrotik-into-the-limelight/
Slides (RECon): https://github.com/MarginResearch/resources/blob/83e402a86370f7c3acf8bb3ad982c1fee89c9b53/documents/Pulling_MikroTik_into_the_Limelight.pdf
#iot #embedded #mikrotik #routeros #reverseengineering #infosec #cybsersecurity
π£0xor0ne
π@malwr
The VB Conference is a great place to share your research with the security community. Submit your proposals for papers by 5 April for a chance to be part of one of the longest running security conferences in the world. #'vb2023 https://www.virusbulletin.com/conference/vb2023/call-papers/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
BlackBerry has posted a report on a new APT-C-36 (also known as Blind Eagle) campaign, where the threat actor impersonated a Colombian government tax agency to target key industries in Colombia. https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Quick introduction for reverse engineering beginners to Cutter (Rizin GUI) by @Jacob_Pimental
https://www.goggleheadedhacker.com/post/intro-to-cutter
#cutter #reverseengineering #beginner #infosec
π£0xor0ne
π@malwr
https://www.goggleheadedhacker.com/post/intro-to-cutter
#cutter #reverseengineering #beginner #infosec
π£0xor0ne
π@malwr
RIG Exploit Kit (In-Depth Analysis) : https://www.prodaft.com/m/reports/RIG___TLP_CLEAR-1.pdf (pdf)
π£binitamshah
π@malwr
π£binitamshah
π@malwr
QiAnXin researchers write about the Kaiji botnet and its connection with the Ares group, which owns multiple botnets and provides rental services for DDoS attacks. https://ti.qianxin.com/blog/articles/Kaiji-Botnet-Resurfaces-Unmasking-Ares-Hacking-Group-EN/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
An ubiquitous format: DOS MZ Executable.
- the header of LINK.EXE, from IBM PC-DOS 1.0 in 1981
- the DOS stub that is still present in 32b/64b PE files nowadays.
π£angealbertini
π@malwr
- the header of LINK.EXE, from IBM PC-DOS 1.0 in 1981
- the DOS stub that is still present in 32b/64b PE files nowadays.
π£angealbertini
π@malwr
Let's create Malware in Python : https://www.youtube.com/watch?v=UtMMjXOlRQc
Ref :
1) https://papers.vx-underground.org/papers/Other/VXUG%20Zines/2022-12-04%20-%20About%20malware%20writing%20and%20how%20to%20start.html
2) Writing a simple wiper malware : https://0x00sec.org/t/python-and-malware-writing-a-simple-wiper-malware/31652
π£binitamshah
π@malwr
Ref :
1) https://papers.vx-underground.org/papers/Other/VXUG%20Zines/2022-12-04%20-%20About%20malware%20writing%20and%20how%20to%20start.html
2) Writing a simple wiper malware : https://0x00sec.org/t/python-and-malware-writing-a-simple-wiper-malware/31652
π£binitamshah
π@malwr
YouTube
i created malware with Python (it's SCARY easy!!)
Create your Python Malware lab: https://ntck.co/linode (you get a $100 Credit good for 60 days as a new user!)
We are going to write our very own malware in Python!! Itβs actually scary easy to do and it will give you a peek behind the curtain of how badβ¦
We are going to write our very own malware in Python!! Itβs actually scary easy to do and it will give you a peek behind the curtain of how badβ¦
Learning Assembly : https://www.youtube.com/playlist?list=PLHJns8WZXCdvESvdr1BRjo4RHiR1Ylhw9 credits @jstrosch (18 video's)
π£binitamshah
π@malwr
π£binitamshah
π@malwr
Make your iOS kernel exploration on @HexRaysSA's IDA easier using PPLorer
a plugin to resolve PPL calls to the underlying function.
https://github.com/cellebrite-labs/PPLorer
π£omerporze
π@malwr
a plugin to resolve PPL calls to the underlying function.
https://github.com/cellebrite-labs/PPLorer
π£omerporze
π@malwr
GitHub
GitHub - cellebrite-labs/PPLorer: IDA plugin that resolves PPL calls to the actual underlying PPL function.
IDA plugin that resolves PPL calls to the actual underlying PPL function. - cellebrite-labs/PPLorer
Frebniis : New Malware Abuses Microsoft IIS Feature to Establish Backdoor : https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/frebniis-malware-iis
π£binitamshah
π@malwr
π£binitamshah
π@malwr
π CVE-2022-24942 Heap-based buffer overflow in Silicon Labs Gecko SDK (found via automated binary analysisπ₯οΈ)
π£attilaszia
Skimming the discovery section I saw a mention of a taint tracking module, curious about what other high-level concepts the zero-day analysis tool uses (if it's possible for you to share, I get that you have IP to protect).
Are there any e.g. whitepapers about how the system as a whole works? I'm somewhat knowledgeable about fuzzing and various approaches to that (basic coverage-guided mutation stuff, search-based, grammar-based, etc), curious if that general theory is what the dynamic analysis is based on or if there are other types of dynamic analysis I should go read up on.
π€captain_zavec
PRIS looks interesting however I wouldn't be comfortable uploading firmware blobs to the cloud for analysis by PRIS
π€WindyDaysAreWindy
Just read your article about log4j incident really cool. Keep the good work!
π€waitwatidonteven
π@malwr
π£attilaszia
Skimming the discovery section I saw a mention of a taint tracking module, curious about what other high-level concepts the zero-day analysis tool uses (if it's possible for you to share, I get that you have IP to protect).
Are there any e.g. whitepapers about how the system as a whole works? I'm somewhat knowledgeable about fuzzing and various approaches to that (basic coverage-guided mutation stuff, search-based, grammar-based, etc), curious if that general theory is what the dynamic analysis is based on or if there are other types of dynamic analysis I should go read up on.
π€captain_zavec
PRIS looks interesting however I wouldn't be comfortable uploading firmware blobs to the cloud for analysis by PRIS
π€WindyDaysAreWindy
Just read your article about log4j incident really cool. Keep the good work!
π€waitwatidonteven
π@malwr