The Red Report 2023 β A comprehensive analysis of the most prevalent TTPs used in 2022, and how they were leveraged by threat actors. Based on an in-depth analysis of over 500,000 real-world malware samples collected from a wide range of sources.
https://drive.google.com/file/d/1Rp2QF4e5-zvdtPJApaiRQEGtscweb8SV/view
π£snkhan
π@malwr
https://drive.google.com/file/d/1Rp2QF4e5-zvdtPJApaiRQEGtscweb8SV/view
π£snkhan
π@malwr
π1
I have published a highly technical debunking whitepaper called:
A brief note on "Exonerating Morocco disproving the spyware"
(I'm sorry for the lack of pet photos, but that just wouldn't be professional)
https://www.researchgate.net/publication/368985450_A_brief_note_on_Exonerating_Morocco_disproving_the_spyware
π£maldr0id
π@malwr
A brief note on "Exonerating Morocco disproving the spyware"
(I'm sorry for the lack of pet photos, but that just wouldn't be professional)
https://www.researchgate.net/publication/368985450_A_brief_note_on_Exonerating_Morocco_disproving_the_spyware
π£maldr0id
π@malwr
ResearchGate
(PDF) A brief note on "Exonerating Morocco disproving the spyware"
PDF | Jonathan Scott has published an opinion piece called "Exonerating Morocco disproving the spyware" in which he is making three claims without... | Find, read and cite all the research you need on ResearchGate
Researchers from The DFIR Report present a review of 2022 in which they look at the most prevalent types of intrusions, the most common TTPs used to infiltrate networks, and provide predictions on what they expect to see in the coming year. https://thedfirreport.com/2023/03/06/2022-year-in-review/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Another tool for the upcoming Maldev Academy course! This tool is part of the entropy reduction module.
https://github.com/Maldev-Academy/EntropyReducer
π£NUL0x4C
π@malwr
https://github.com/Maldev-Academy/EntropyReducer
π£NUL0x4C
π@malwr
AhnLab's ASEC team describe a recent Lazarus attack in which the affected company used a vulnerable version of a certificate program commonly used by public Korean institutions & universities, & the softwareβs 0-day vulnerability was used for infiltration. https://asec.ahnlab.com/en/48810/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
In the latest edition of the Ransomware Roundup Fortinet reseachers cover the Sirattacker and ALC ransomware. https://www.fortinet.com/blog/threat-research/ransomware-roundup-sirattacker-acl
π£virusbtn
π@malwr
π£virusbtn
π@malwr
π1
πThreatLabz has identified significant code similarities between the #Nevada and #Nokoyawa #ransomware families including debug strings, command-line arguments and encryption algorithms. More details: https://www.zscaler.com/blogs/security-research/nevada-ransomware-yet-another-nokayawa-variant
IOCs are available here: https://github.com/threatlabz/iocs/tree/main/nokoyawa
π£Threatlabz
π@malwr
IOCs are available here: https://github.com/threatlabz/iocs/tree/main/nokoyawa
π£Threatlabz
π@malwr
Reversing a Windows Exploit Mitigation (Exploit Guard) : https://www.youtube.com/watch?v=Wxsq2Goo2tA
π£binitamshah
π@malwr
π£binitamshah
π@malwr
YouTube
Reversing a Windows Exploit Mitigation (Exploit Guard)
In this stream/video, I will reverse engineer an exploit mitigation available for use through Windows Defender Exploit Guard. The majority of mitigations are not enabled by default and must be manually turned on. The mitigations available with Exploit Guardβ¦
Threat actorsβ use of Microsoft OneNote to spread Qakbot marks a novel malware distribution strategy. Our researchers detail how they deobfuscated and unpacked it, and extracted its configurations. Read more. https://bit.ly/3mlVyPV
π£TrellixARC
π@malwr
π£TrellixARC
π@malwr
π₯2
Reverse engineering the runtime code integrity protection of Call of Duty: Black Ops 3
Blog post by @momo5502
https://momo5502.com/posts/2022-11-17-reverse-engineering-integrity-checks-in-black-ops-3/
#reverseengineering #learning #infotech #infosec
π£0xor0ne
π@malwr
Blog post by @momo5502
https://momo5502.com/posts/2022-11-17-reverse-engineering-integrity-checks-in-black-ops-3/
#reverseengineering #learning #infotech #infosec
π£0xor0ne
π@malwr
Cool blog post for learning Ghidra a little bit more in depth by adding a new ISA (credits Tracy Mosley (@TrenchantARC))
https://trenchant.io/expanding-the-dragon-adding-an-isa-to-ghidra/
#ghidra #reverseengineering #infosec #cybersecurity
π£0xor0ne
π@malwr
https://trenchant.io/expanding-the-dragon-adding-an-isa-to-ghidra/
#ghidra #reverseengineering #infosec #cybersecurity
π£0xor0ne
π@malwr
Mandiant, in partnership with the SonicWall PSIRT team, has identified a suspected Chinese campaign running malware on SonicWall devices. The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades. https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Fortinet researchers analyse ScrubCrypt and other malware delivered by the 8220 Gang threat actor on an exploitable Oracle Weblogic Server. https://www.fortinet.com/blog/threat-research/old-cyber-gang-uses-new-crypter-scrubcrypt
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Businesses in IT, healthcare, and manufacturing industries suffered the most ransomware attacks in the fourth quarter of 2022. https://research.trendmicro.com/3ZdZTU2
π£TrendMicroRSRCH
π@malwr
π£TrendMicroRSRCH
π@malwr
We've updated the vx-underground malware sample collection. We've added 54,258 samples.
Special thanks to petikvx
Check it out here: https://www.vx-underground.org/malware.html
π£vxunderground
π@malwr
Special thanks to petikvx
Check it out here: https://www.vx-underground.org/malware.html
π£vxunderground
π@malwr