Quick introduction on how to set up Ghidra for analysing bare metal firmwares by @attifyme
https://blog.attify.com/analyzing-bare-metal-firmware-binaries-in-ghidra/
#reverseengineering #embedded #iot #hacking #beginner
π£0xor0ne
π@malwr
https://blog.attify.com/analyzing-bare-metal-firmware-binaries-in-ghidra/
#reverseengineering #embedded #iot #hacking #beginner
π£0xor0ne
π@malwr
Hyundai infotainment system hacking.
Short series by @rgerganov
Part 1: https://xakcop.com/post/hyundai-hack/
Part 2: https://xakcop.com/post/hyundai-hack-2/
#carhacking #hyundai #infosec #cybersecurity #reverseengineering
π£0xor0ne
π@malwr
Short series by @rgerganov
Part 1: https://xakcop.com/post/hyundai-hack/
Part 2: https://xakcop.com/post/hyundai-hack-2/
#carhacking #hyundai #infosec #cybersecurity #reverseengineering
π£0xor0ne
π@malwr
Want to know from which source file line a specific instruction comes? With the right debug info, IDA can show you that π https://hex-rays.com/blog/igors-tip-of-the-week-130-source-line-numbers/?utm_source=Social-Media-Post&utm_medium=Twitter&utm_campaign=Igor-Tip-130
#IgorsTipOfTheWeek #IDAtips #IDAPro
π£HexRaysSA
π@malwr
#IgorsTipOfTheWeek #IDAtips #IDAPro
π£HexRaysSA
π@malwr
Hereβs a tutorial on how to unpack Android APKs with the Medusa framework!
This is an alternative method of decoding using dynamic analysis rather than static analysis which I used in my previous video: Writing a Custom Android Decryptor in Java.
https://youtu.be/ffM5R2Wfl0A
π£lauriewired
π@malwr
This is an alternative method of decoding using dynamic analysis rather than static analysis which I used in my previous video: Writing a Custom Android Decryptor in Java.
https://youtu.be/ffM5R2Wfl0A
π£lauriewired
π@malwr
YouTube
Unpacking Android APKs with Medusa
In this video, we unpack a packed APK using the Medusa framework and dynamic analysis.
Timestamps:
00:00 Intro
00:38 Opening Sample
02:04 Recap writing custom decryptor
03:24 Medusa Framework
05:22 Finding DexClassLoader in code
06:52 Running Medusa in aβ¦
Timestamps:
00:00 Intro
00:38 Opening Sample
02:04 Recap writing custom decryptor
03:24 Medusa Framework
05:22 Finding DexClassLoader in code
06:52 Running Medusa in aβ¦
I have written a brief article explaining how compilation units matching work in #Diaphora:
https://github.com/joxeankoret/diaphora/blob/master/doc/articles/compilation_units.md
π£matalaz
π@malwr
https://github.com/joxeankoret/diaphora/blob/master/doc/articles/compilation_units.md
π£matalaz
π@malwr
I just published my implementation of call stack spoofing using hardware breakpoints π
Works for syscalls and APIs, supports x64, x86 and WoW64.
https://www.coresecurity.com/blog/hardware-call-stack
π£s4ntiago_p
π@malwr
Works for syscalls and APIs, supports x64, x86 and WoW64.
https://www.coresecurity.com/blog/hardware-call-stack
π£s4ntiago_p
π@malwr
Coresecurity
Hardware Call Stack | Core Security
Read about a unique implementation of call stack spoofing, which defenders have started to leverage valid call stacks to detect malicious behavior.
The Red Report 2023 β A comprehensive analysis of the most prevalent TTPs used in 2022, and how they were leveraged by threat actors. Based on an in-depth analysis of over 500,000 real-world malware samples collected from a wide range of sources.
https://drive.google.com/file/d/1Rp2QF4e5-zvdtPJApaiRQEGtscweb8SV/view
π£snkhan
π@malwr
https://drive.google.com/file/d/1Rp2QF4e5-zvdtPJApaiRQEGtscweb8SV/view
π£snkhan
π@malwr
π1
I have published a highly technical debunking whitepaper called:
A brief note on "Exonerating Morocco disproving the spyware"
(I'm sorry for the lack of pet photos, but that just wouldn't be professional)
https://www.researchgate.net/publication/368985450_A_brief_note_on_Exonerating_Morocco_disproving_the_spyware
π£maldr0id
π@malwr
A brief note on "Exonerating Morocco disproving the spyware"
(I'm sorry for the lack of pet photos, but that just wouldn't be professional)
https://www.researchgate.net/publication/368985450_A_brief_note_on_Exonerating_Morocco_disproving_the_spyware
π£maldr0id
π@malwr
ResearchGate
(PDF) A brief note on "Exonerating Morocco disproving the spyware"
PDF | Jonathan Scott has published an opinion piece called "Exonerating Morocco disproving the spyware" in which he is making three claims without... | Find, read and cite all the research you need on ResearchGate
Researchers from The DFIR Report present a review of 2022 in which they look at the most prevalent types of intrusions, the most common TTPs used to infiltrate networks, and provide predictions on what they expect to see in the coming year. https://thedfirreport.com/2023/03/06/2022-year-in-review/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Another tool for the upcoming Maldev Academy course! This tool is part of the entropy reduction module.
https://github.com/Maldev-Academy/EntropyReducer
π£NUL0x4C
π@malwr
https://github.com/Maldev-Academy/EntropyReducer
π£NUL0x4C
π@malwr
AhnLab's ASEC team describe a recent Lazarus attack in which the affected company used a vulnerable version of a certificate program commonly used by public Korean institutions & universities, & the softwareβs 0-day vulnerability was used for infiltration. https://asec.ahnlab.com/en/48810/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
In the latest edition of the Ransomware Roundup Fortinet reseachers cover the Sirattacker and ALC ransomware. https://www.fortinet.com/blog/threat-research/ransomware-roundup-sirattacker-acl
π£virusbtn
π@malwr
π£virusbtn
π@malwr
π1