Want to know from which source file line a specific instruction comes? With the right debug info, IDA can show you that π https://hex-rays.com/blog/igors-tip-of-the-week-130-source-line-numbers/?utm_source=Social-Media-Post&utm_medium=Twitter&utm_campaign=Igor-Tip-130
#IgorsTipOfTheWeek #IDAtips #IDAPro
π£HexRaysSA
π@malwr
#IgorsTipOfTheWeek #IDAtips #IDAPro
π£HexRaysSA
π@malwr
Hereβs a tutorial on how to unpack Android APKs with the Medusa framework!
This is an alternative method of decoding using dynamic analysis rather than static analysis which I used in my previous video: Writing a Custom Android Decryptor in Java.
https://youtu.be/ffM5R2Wfl0A
π£lauriewired
π@malwr
This is an alternative method of decoding using dynamic analysis rather than static analysis which I used in my previous video: Writing a Custom Android Decryptor in Java.
https://youtu.be/ffM5R2Wfl0A
π£lauriewired
π@malwr
YouTube
Unpacking Android APKs with Medusa
In this video, we unpack a packed APK using the Medusa framework and dynamic analysis.
Timestamps:
00:00 Intro
00:38 Opening Sample
02:04 Recap writing custom decryptor
03:24 Medusa Framework
05:22 Finding DexClassLoader in code
06:52 Running Medusa in aβ¦
Timestamps:
00:00 Intro
00:38 Opening Sample
02:04 Recap writing custom decryptor
03:24 Medusa Framework
05:22 Finding DexClassLoader in code
06:52 Running Medusa in aβ¦
I have written a brief article explaining how compilation units matching work in #Diaphora:
https://github.com/joxeankoret/diaphora/blob/master/doc/articles/compilation_units.md
π£matalaz
π@malwr
https://github.com/joxeankoret/diaphora/blob/master/doc/articles/compilation_units.md
π£matalaz
π@malwr
I just published my implementation of call stack spoofing using hardware breakpoints π
Works for syscalls and APIs, supports x64, x86 and WoW64.
https://www.coresecurity.com/blog/hardware-call-stack
π£s4ntiago_p
π@malwr
Works for syscalls and APIs, supports x64, x86 and WoW64.
https://www.coresecurity.com/blog/hardware-call-stack
π£s4ntiago_p
π@malwr
Coresecurity
Hardware Call Stack | Core Security
Read about a unique implementation of call stack spoofing, which defenders have started to leverage valid call stacks to detect malicious behavior.
The Red Report 2023 β A comprehensive analysis of the most prevalent TTPs used in 2022, and how they were leveraged by threat actors. Based on an in-depth analysis of over 500,000 real-world malware samples collected from a wide range of sources.
https://drive.google.com/file/d/1Rp2QF4e5-zvdtPJApaiRQEGtscweb8SV/view
π£snkhan
π@malwr
https://drive.google.com/file/d/1Rp2QF4e5-zvdtPJApaiRQEGtscweb8SV/view
π£snkhan
π@malwr
π1
I have published a highly technical debunking whitepaper called:
A brief note on "Exonerating Morocco disproving the spyware"
(I'm sorry for the lack of pet photos, but that just wouldn't be professional)
https://www.researchgate.net/publication/368985450_A_brief_note_on_Exonerating_Morocco_disproving_the_spyware
π£maldr0id
π@malwr
A brief note on "Exonerating Morocco disproving the spyware"
(I'm sorry for the lack of pet photos, but that just wouldn't be professional)
https://www.researchgate.net/publication/368985450_A_brief_note_on_Exonerating_Morocco_disproving_the_spyware
π£maldr0id
π@malwr
ResearchGate
(PDF) A brief note on "Exonerating Morocco disproving the spyware"
PDF | Jonathan Scott has published an opinion piece called "Exonerating Morocco disproving the spyware" in which he is making three claims without... | Find, read and cite all the research you need on ResearchGate
Researchers from The DFIR Report present a review of 2022 in which they look at the most prevalent types of intrusions, the most common TTPs used to infiltrate networks, and provide predictions on what they expect to see in the coming year. https://thedfirreport.com/2023/03/06/2022-year-in-review/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Another tool for the upcoming Maldev Academy course! This tool is part of the entropy reduction module.
https://github.com/Maldev-Academy/EntropyReducer
π£NUL0x4C
π@malwr
https://github.com/Maldev-Academy/EntropyReducer
π£NUL0x4C
π@malwr
AhnLab's ASEC team describe a recent Lazarus attack in which the affected company used a vulnerable version of a certificate program commonly used by public Korean institutions & universities, & the softwareβs 0-day vulnerability was used for infiltration. https://asec.ahnlab.com/en/48810/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
In the latest edition of the Ransomware Roundup Fortinet reseachers cover the Sirattacker and ALC ransomware. https://www.fortinet.com/blog/threat-research/ransomware-roundup-sirattacker-acl
π£virusbtn
π@malwr
π£virusbtn
π@malwr
π1
πThreatLabz has identified significant code similarities between the #Nevada and #Nokoyawa #ransomware families including debug strings, command-line arguments and encryption algorithms. More details: https://www.zscaler.com/blogs/security-research/nevada-ransomware-yet-another-nokayawa-variant
IOCs are available here: https://github.com/threatlabz/iocs/tree/main/nokoyawa
π£Threatlabz
π@malwr
IOCs are available here: https://github.com/threatlabz/iocs/tree/main/nokoyawa
π£Threatlabz
π@malwr
Reversing a Windows Exploit Mitigation (Exploit Guard) : https://www.youtube.com/watch?v=Wxsq2Goo2tA
π£binitamshah
π@malwr
π£binitamshah
π@malwr
YouTube
Reversing a Windows Exploit Mitigation (Exploit Guard)
In this stream/video, I will reverse engineer an exploit mitigation available for use through Windows Defender Exploit Guard. The majority of mitigations are not enabled by default and must be manually turned on. The mitigations available with Exploit Guardβ¦
Threat actorsβ use of Microsoft OneNote to spread Qakbot marks a novel malware distribution strategy. Our researchers detail how they deobfuscated and unpacked it, and extracted its configurations. Read more. https://bit.ly/3mlVyPV
π£TrellixARC
π@malwr
π£TrellixARC
π@malwr
π₯2
Reverse engineering the runtime code integrity protection of Call of Duty: Black Ops 3
Blog post by @momo5502
https://momo5502.com/posts/2022-11-17-reverse-engineering-integrity-checks-in-black-ops-3/
#reverseengineering #learning #infotech #infosec
π£0xor0ne
π@malwr
Blog post by @momo5502
https://momo5502.com/posts/2022-11-17-reverse-engineering-integrity-checks-in-black-ops-3/
#reverseengineering #learning #infotech #infosec
π£0xor0ne
π@malwr
Cool blog post for learning Ghidra a little bit more in depth by adding a new ISA (credits Tracy Mosley (@TrenchantARC))
https://trenchant.io/expanding-the-dragon-adding-an-isa-to-ghidra/
#ghidra #reverseengineering #infosec #cybersecurity
π£0xor0ne
π@malwr
https://trenchant.io/expanding-the-dragon-adding-an-isa-to-ghidra/
#ghidra #reverseengineering #infosec #cybersecurity
π£0xor0ne
π@malwr