In the latest edition of the Ransomware Roundup Fortinet reseachers cover the Sirattacker and ALC ransomware. https://www.fortinet.com/blog/threat-research/ransomware-roundup-sirattacker-acl
π£virusbtn
π@malwr
π£virusbtn
π@malwr
π1
πThreatLabz has identified significant code similarities between the #Nevada and #Nokoyawa #ransomware families including debug strings, command-line arguments and encryption algorithms. More details: https://www.zscaler.com/blogs/security-research/nevada-ransomware-yet-another-nokayawa-variant
IOCs are available here: https://github.com/threatlabz/iocs/tree/main/nokoyawa
π£Threatlabz
π@malwr
IOCs are available here: https://github.com/threatlabz/iocs/tree/main/nokoyawa
π£Threatlabz
π@malwr
Reversing a Windows Exploit Mitigation (Exploit Guard) : https://www.youtube.com/watch?v=Wxsq2Goo2tA
π£binitamshah
π@malwr
π£binitamshah
π@malwr
YouTube
Reversing a Windows Exploit Mitigation (Exploit Guard)
In this stream/video, I will reverse engineer an exploit mitigation available for use through Windows Defender Exploit Guard. The majority of mitigations are not enabled by default and must be manually turned on. The mitigations available with Exploit Guardβ¦
Threat actorsβ use of Microsoft OneNote to spread Qakbot marks a novel malware distribution strategy. Our researchers detail how they deobfuscated and unpacked it, and extracted its configurations. Read more. https://bit.ly/3mlVyPV
π£TrellixARC
π@malwr
π£TrellixARC
π@malwr
π₯2
Reverse engineering the runtime code integrity protection of Call of Duty: Black Ops 3
Blog post by @momo5502
https://momo5502.com/posts/2022-11-17-reverse-engineering-integrity-checks-in-black-ops-3/
#reverseengineering #learning #infotech #infosec
π£0xor0ne
π@malwr
Blog post by @momo5502
https://momo5502.com/posts/2022-11-17-reverse-engineering-integrity-checks-in-black-ops-3/
#reverseengineering #learning #infotech #infosec
π£0xor0ne
π@malwr
Cool blog post for learning Ghidra a little bit more in depth by adding a new ISA (credits Tracy Mosley (@TrenchantARC))
https://trenchant.io/expanding-the-dragon-adding-an-isa-to-ghidra/
#ghidra #reverseengineering #infosec #cybersecurity
π£0xor0ne
π@malwr
https://trenchant.io/expanding-the-dragon-adding-an-isa-to-ghidra/
#ghidra #reverseengineering #infosec #cybersecurity
π£0xor0ne
π@malwr
Mandiant, in partnership with the SonicWall PSIRT team, has identified a suspected Chinese campaign running malware on SonicWall devices. The malware has functionality to steal user credentials, provide shell access, and persist through firmware upgrades. https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Fortinet researchers analyse ScrubCrypt and other malware delivered by the 8220 Gang threat actor on an exploitable Oracle Weblogic Server. https://www.fortinet.com/blog/threat-research/old-cyber-gang-uses-new-crypter-scrubcrypt
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Businesses in IT, healthcare, and manufacturing industries suffered the most ransomware attacks in the fourth quarter of 2022. https://research.trendmicro.com/3ZdZTU2
π£TrendMicroRSRCH
π@malwr
π£TrendMicroRSRCH
π@malwr
We've updated the vx-underground malware sample collection. We've added 54,258 samples.
Special thanks to petikvx
Check it out here: https://www.vx-underground.org/malware.html
π£vxunderground
π@malwr
Special thanks to petikvx
Check it out here: https://www.vx-underground.org/malware.html
π£vxunderground
π@malwr
Malware News pinned Β«πππPlease forward posts to the other groups πππΒ»
Writing a Debugger From Scratch - DbgRs Part 2 - Register State and Stepping https://www.timdbg.com/posts/writing-a-debugger-from-scratch-part-2/ #Pentesting #Debugging #CyberSecurity #Infosec
π£ptracesecurity
π@malwr
π£ptracesecurity
π@malwr
π₯1
AhnLab ASEC researchers look into attacks against poorly managed MS-SQL servers. The threat actors used not only Cobalt Strike but also the Netcat tool in their attacks, along with other malware for privilege escalation, information theft & proxy tools. https://asec.ahnlab.com/en/49249/
π£virusbtn
π@malwr
π£virusbtn
π@malwr