Sandbox for automated Linux malware analysis. https://github.com/danieluhricek/LiSa
π£Tinolle
π@malwr
π£Tinolle
π@malwr
GitHub
GitHub - danielpoliakov/lisa: Sandbox for automated Linux malware analysis.
Sandbox for automated Linux malware analysis. Contribute to danielpoliakov/lisa development by creating an account on GitHub.
β€1
IDAPython: Disassembly items, bytes and strings by @0xeb #idapro
https://www.youtube.com/watch?v=TeXbwEWsI_Y
π£_qaz_qaz
π@malwr
https://www.youtube.com/watch?v=TeXbwEWsI_Y
π£_qaz_qaz
π@malwr
YouTube
IDAPython: Disassembly items, bytes and strings
In this episode we cover the concept of disassembly items (code, data, unk), and flags then work with bytes and strings.
We also, indirectly, answer the question: "How to tell if one instruction jumps into the middle of another instruction?"
We also, indirectly, answer the question: "How to tell if one instruction jumps into the middle of another instruction?"
Analysis of Linux malware OrBit by @Stormshield
https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware/
Original analysis blogpost by @IntezerLabs
https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/
#cybersecurity
π£0xor0ne
π@malwr
https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware/
Original analysis blogpost by @IntezerLabs
https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/
#cybersecurity
π£0xor0ne
π@malwr
Great article on DLL Hijacking and some of the issues one can face when creating DLL's for this purpose: https://www.netspi.com/blog/technical/adversary-simulation/adaptive-dll-hijacking/
π£Octoberfest73
π@malwr
π£Octoberfest73
π@malwr
NetSPI
Adaptive DLL Hijacking
DLL hijacking has been a centerpiece of our operations for many years. During that time weβve explored the deep caveats which make this technique difficult to actually use in the real world. Our implementations have expanded to include export table cloningβ¦
Bypassing self-protection mechanism in Avast AV
https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
π£SEKTOR7net
π@malwr
https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
π£SEKTOR7net
π@malwr
the-deniss.github.io
Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass
In this post Iβll show Avast self-defense bypass: how I discovered a new undocumented way to intercept all system calls without a hypervisor and PatchGuard triggered BSOD, and, finally, based on the knowledge gained, implemented a bypass
Wireshark Cheat Sheet: All the Commands, Filters & Syntax
π£flacao9
You can decrypt SSL traffic if you have a certificate associated with the traffic.
We use this when analyzing suspected malicious traffic.
π€Farstone
π@malwr
π£flacao9
You can decrypt SSL traffic if you have a certificate associated with the traffic.
We use this when analyzing suspected malicious traffic.
π€Farstone
π@malwr
StationX
Wireshark Cheat Sheet
To supplement the courses in our Cyber Security School, here is a list of the βcommon commands in Wireshark.
Awesome Malware Techniques
A curated list of resources to analyse and study malware techniques.
https://github.com/fr0gger/Awesome_Malware_Techniques
#malware #cybersecurity #infosec
π£hack_git
π@malwr
A curated list of resources to analyse and study malware techniques.
https://github.com/fr0gger/Awesome_Malware_Techniques
#malware #cybersecurity #infosec
π£hack_git
π@malwr
Happy to share my first blog as part of @wiz_io πͺπ§
Cloud is complex and so it's attack surface. If you are interested in learning about #cloudforensics I recommend reading this!
https://www.wiz.io/blog/intro-to-forensics-in-the-cloud-a-container-was-compromised-whats-next
π£AbbyMCH
π@malwr
Cloud is complex and so it's attack surface. If you are interested in learning about #cloudforensics I recommend reading this!
https://www.wiz.io/blog/intro-to-forensics-in-the-cloud-a-container-was-compromised-whats-next
π£AbbyMCH
π@malwr
I really enjoyed these reverse engineering articles by Rick Osgood @rickoooooo that explain step by step how to achieve arbitrary code execution by radio π€©
#APRS #infosec #hacking
https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part1
π£G4lile0
π@malwr
#APRS #infosec #hacking
https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part1
π£G4lile0
π@malwr
New polymorphic techniques pushed to Revenant.
Rev now uses the python build script to generate C code at build time, compile randomly different binaries, and combine runtime polymorphic patches to give better obfuscation
Check it out!
https://github.com/0xTriboulet/Revenant
@deadvolvo
π£0xTriboulet
π@malwr
Rev now uses the python build script to generate C code at build time, compile randomly different binaries, and combine runtime polymorphic patches to give better obfuscation
Check it out!
https://github.com/0xTriboulet/Revenant
@deadvolvo
π£0xTriboulet
π@malwr
π₯1