Quick introduction for reverse engineering beginners to Cutter (Rizin GUI) by @Jacob_Pimental
https://www.goggleheadedhacker.com/post/intro-to-cutter
#cutter #reverseengineering #beginner #infosec
π£0xor0ne
π@malwr
https://www.goggleheadedhacker.com/post/intro-to-cutter
#cutter #reverseengineering #beginner #infosec
π£0xor0ne
π@malwr
RIG Exploit Kit (In-Depth Analysis) : https://www.prodaft.com/m/reports/RIG___TLP_CLEAR-1.pdf (pdf)
π£binitamshah
π@malwr
π£binitamshah
π@malwr
QiAnXin researchers write about the Kaiji botnet and its connection with the Ares group, which owns multiple botnets and provides rental services for DDoS attacks. https://ti.qianxin.com/blog/articles/Kaiji-Botnet-Resurfaces-Unmasking-Ares-Hacking-Group-EN/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
An ubiquitous format: DOS MZ Executable.
- the header of LINK.EXE, from IBM PC-DOS 1.0 in 1981
- the DOS stub that is still present in 32b/64b PE files nowadays.
π£angealbertini
π@malwr
- the header of LINK.EXE, from IBM PC-DOS 1.0 in 1981
- the DOS stub that is still present in 32b/64b PE files nowadays.
π£angealbertini
π@malwr
Let's create Malware in Python : https://www.youtube.com/watch?v=UtMMjXOlRQc
Ref :
1) https://papers.vx-underground.org/papers/Other/VXUG%20Zines/2022-12-04%20-%20About%20malware%20writing%20and%20how%20to%20start.html
2) Writing a simple wiper malware : https://0x00sec.org/t/python-and-malware-writing-a-simple-wiper-malware/31652
π£binitamshah
π@malwr
Ref :
1) https://papers.vx-underground.org/papers/Other/VXUG%20Zines/2022-12-04%20-%20About%20malware%20writing%20and%20how%20to%20start.html
2) Writing a simple wiper malware : https://0x00sec.org/t/python-and-malware-writing-a-simple-wiper-malware/31652
π£binitamshah
π@malwr
YouTube
i created malware with Python (it's SCARY easy!!)
Create your Python Malware lab: https://ntck.co/linode (you get a $100 Credit good for 60 days as a new user!)
We are going to write our very own malware in Python!! Itβs actually scary easy to do and it will give you a peek behind the curtain of how badβ¦
We are going to write our very own malware in Python!! Itβs actually scary easy to do and it will give you a peek behind the curtain of how badβ¦
Learning Assembly : https://www.youtube.com/playlist?list=PLHJns8WZXCdvESvdr1BRjo4RHiR1Ylhw9 credits @jstrosch (18 video's)
π£binitamshah
π@malwr
π£binitamshah
π@malwr
Make your iOS kernel exploration on @HexRaysSA's IDA easier using PPLorer
a plugin to resolve PPL calls to the underlying function.
https://github.com/cellebrite-labs/PPLorer
π£omerporze
π@malwr
a plugin to resolve PPL calls to the underlying function.
https://github.com/cellebrite-labs/PPLorer
π£omerporze
π@malwr
GitHub
GitHub - cellebrite-labs/PPLorer: IDA plugin that resolves PPL calls to the actual underlying PPL function.
IDA plugin that resolves PPL calls to the actual underlying PPL function. - cellebrite-labs/PPLorer
Frebniis : New Malware Abuses Microsoft IIS Feature to Establish Backdoor : https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/frebniis-malware-iis
π£binitamshah
π@malwr
π£binitamshah
π@malwr
π CVE-2022-24942 Heap-based buffer overflow in Silicon Labs Gecko SDK (found via automated binary analysisπ₯οΈ)
π£attilaszia
Skimming the discovery section I saw a mention of a taint tracking module, curious about what other high-level concepts the zero-day analysis tool uses (if it's possible for you to share, I get that you have IP to protect).
Are there any e.g. whitepapers about how the system as a whole works? I'm somewhat knowledgeable about fuzzing and various approaches to that (basic coverage-guided mutation stuff, search-based, grammar-based, etc), curious if that general theory is what the dynamic analysis is based on or if there are other types of dynamic analysis I should go read up on.
π€captain_zavec
PRIS looks interesting however I wouldn't be comfortable uploading firmware blobs to the cloud for analysis by PRIS
π€WindyDaysAreWindy
Just read your article about log4j incident really cool. Keep the good work!
π€waitwatidonteven
π@malwr
π£attilaszia
Skimming the discovery section I saw a mention of a taint tracking module, curious about what other high-level concepts the zero-day analysis tool uses (if it's possible for you to share, I get that you have IP to protect).
Are there any e.g. whitepapers about how the system as a whole works? I'm somewhat knowledgeable about fuzzing and various approaches to that (basic coverage-guided mutation stuff, search-based, grammar-based, etc), curious if that general theory is what the dynamic analysis is based on or if there are other types of dynamic analysis I should go read up on.
π€captain_zavec
PRIS looks interesting however I wouldn't be comfortable uploading firmware blobs to the cloud for analysis by PRIS
π€WindyDaysAreWindy
Just read your article about log4j incident really cool. Keep the good work!
π€waitwatidonteven
π@malwr
How I created a botnet and evaded AV and endpoint detection with one repo
π£bilbo_begones
Great tool to add too and methods, been thinking of making my own but it's like making a puzzle I'm reverse
π€drugged_programmer
π@malwr
π£bilbo_begones
Great tool to add too and methods, been thinking of making my own but it's like making a puzzle I'm reverse
π€drugged_programmer
π@malwr
GitHub
RoseSecurity - Overview
RoseSecurity has 24 repositories available. Follow their code on GitHub.
New SSLKillSwitch, working both jailbroken & non-jailbroken, with many extra features
https://github.com/NyaMisty/ssl-kill-switch3
π£MiscMisty
π@malwr
https://github.com/NyaMisty/ssl-kill-switch3
π£MiscMisty
π@malwr
GitHub
GitHub - NyaMisty/ssl-kill-switch3: Next Generation SSLKillSwitch with much more support!
Next Generation SSLKillSwitch with much more support! - NyaMisty/ssl-kill-switch3
Nice reading from 2020 on backdoored counterfeit Cisco equipment.
Credits @FSecure
https://labs.withsecure.com/content/dam/labs/docs/2020-07-the-fake-cisco.pdf
#backdoor #infosec #malware #cybersecurity
π£0xor0ne
π@malwr
Credits @FSecure
https://labs.withsecure.com/content/dam/labs/docs/2020-07-the-fake-cisco.pdf
#backdoor #infosec #malware #cybersecurity
π£0xor0ne
π@malwr