Announcing Fibratus 1.10.0 - a modern Windows kernel tracing and threat detection engine
π£rabbitstack
π@malwr
π£rabbitstack
π@malwr
GitHub
Release v1.10.0 Β· rabbitstack/fibratus
Release Notes
New features
filter language grammar for sequence rules and decommission of sequence policy types Read more
bound fields and sequence aliases Read more
file path manipulation filter ...
New features
filter language grammar for sequence rules and decommission of sequence policy types Read more
bound fields and sequence aliases Read more
file path manipulation filter ...
π οΈ .NET malware decompiling challenges: Obfuscations of strings/constants can be tedious. Automate w/ IDA Pro's Python π interface for MSIL binary patching, even for simple cases: https://threatcat.ch/blog/undo-dotnet-constant-obfuscation-in-ida-pro/
#CyberSecurity #MalwareAnalysis #IDAPro #DotNET
π£threatcat_ch
π@malwr
#CyberSecurity #MalwareAnalysis #IDAPro #DotNET
π£threatcat_ch
π@malwr
YARA is for detection, analysis, IR, TI & more. Its an automation vehicle, a conduit to help you test, store your insights & *applied* to data. Its accessible & fun & can make your hard work & analyses more durable and lasting at scale.
http://yararul.es/
#100daysofYARA
π£stvemillertime
π@malwr
http://yararul.es/
#100daysofYARA
π£stvemillertime
π@malwr
GitHub
GitHub - 100DaysofYARA/2023: Rules Shared by the Community from 100 Days of YARA 2023
Rules Shared by the Community from 100 Days of YARA 2023 - GitHub - 100DaysofYARA/2023: Rules Shared by the Community from 100 Days of YARA 2023
π¦Reverse Engineering a Native Desktop Application (Tauri App)
- And solving the CTF Challenge
https://infosecwriteups.com/reverse-engineering-a-native-desktop-application-tauri-app-5a2d92772da5
#infosec #reverseengineering #tauri #rustlang #rust
π£AstraKernel
π@malwr
- And solving the CTF Challenge
https://infosecwriteups.com/reverse-engineering-a-native-desktop-application-tauri-app-5a2d92772da5
#infosec #reverseengineering #tauri #rustlang #rust
π£AstraKernel
π@malwr
A lot of things to learn in this series by greenluigi1 on car Infotainment system hacking
Part 1: https://programmingwithstyle.com/posts/howihackedmycar/
Part 2: https://programmingwithstyle.com/posts/howihackedmycarpart2/
Part 3: https://programmingwithstyle.com/posts/howihackedmycarpart3/
#hacking
π£0xor0ne
π@malwr
Part 1: https://programmingwithstyle.com/posts/howihackedmycar/
Part 2: https://programmingwithstyle.com/posts/howihackedmycarpart2/
Part 3: https://programmingwithstyle.com/posts/howihackedmycarpart3/
#hacking
π£0xor0ne
π@malwr
π₯1
Sandbox for automated Linux malware analysis. https://github.com/danieluhricek/LiSa
π£Tinolle
π@malwr
π£Tinolle
π@malwr
GitHub
GitHub - danielpoliakov/lisa: Sandbox for automated Linux malware analysis.
Sandbox for automated Linux malware analysis. Contribute to danielpoliakov/lisa development by creating an account on GitHub.
β€1
IDAPython: Disassembly items, bytes and strings by @0xeb #idapro
https://www.youtube.com/watch?v=TeXbwEWsI_Y
π£_qaz_qaz
π@malwr
https://www.youtube.com/watch?v=TeXbwEWsI_Y
π£_qaz_qaz
π@malwr
YouTube
IDAPython: Disassembly items, bytes and strings
In this episode we cover the concept of disassembly items (code, data, unk), and flags then work with bytes and strings.
We also, indirectly, answer the question: "How to tell if one instruction jumps into the middle of another instruction?"
We also, indirectly, answer the question: "How to tell if one instruction jumps into the middle of another instruction?"
Analysis of Linux malware OrBit by @Stormshield
https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware/
Original analysis blogpost by @IntezerLabs
https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/
#cybersecurity
π£0xor0ne
π@malwr
https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware/
Original analysis blogpost by @IntezerLabs
https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/
#cybersecurity
π£0xor0ne
π@malwr
Great article on DLL Hijacking and some of the issues one can face when creating DLL's for this purpose: https://www.netspi.com/blog/technical/adversary-simulation/adaptive-dll-hijacking/
π£Octoberfest73
π@malwr
π£Octoberfest73
π@malwr
NetSPI
Adaptive DLL Hijacking
DLL hijacking has been a centerpiece of our operations for many years. During that time weβve explored the deep caveats which make this technique difficult to actually use in the real world. Our implementations have expanded to include export table cloningβ¦
Bypassing self-protection mechanism in Avast AV
https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
π£SEKTOR7net
π@malwr
https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
π£SEKTOR7net
π@malwr
the-deniss.github.io
Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass
In this post Iβll show Avast self-defense bypass: how I discovered a new undocumented way to intercept all system calls without a hypervisor and PatchGuard triggered BSOD, and, finally, based on the knowledge gained, implemented a bypass
Wireshark Cheat Sheet: All the Commands, Filters & Syntax
π£flacao9
You can decrypt SSL traffic if you have a certificate associated with the traffic.
We use this when analyzing suspected malicious traffic.
π€Farstone
π@malwr
π£flacao9
You can decrypt SSL traffic if you have a certificate associated with the traffic.
We use this when analyzing suspected malicious traffic.
π€Farstone
π@malwr
StationX
Wireshark Cheat Sheet
To supplement the courses in our Cyber Security School, here is a list of the βcommon commands in Wireshark.