Analysis of Linux malware OrBit by @Stormshield
https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware/
Original analysis blogpost by @IntezerLabs
https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/
#cybersecurity
π£0xor0ne
π@malwr
https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware/
Original analysis blogpost by @IntezerLabs
https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/
#cybersecurity
π£0xor0ne
π@malwr
Great article on DLL Hijacking and some of the issues one can face when creating DLL's for this purpose: https://www.netspi.com/blog/technical/adversary-simulation/adaptive-dll-hijacking/
π£Octoberfest73
π@malwr
π£Octoberfest73
π@malwr
NetSPI
Adaptive DLL Hijacking
DLL hijacking has been a centerpiece of our operations for many years. During that time weβve explored the deep caveats which make this technique difficult to actually use in the real world. Our implementations have expanded to include export table cloningβ¦
Bypassing self-protection mechanism in Avast AV
https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
π£SEKTOR7net
π@malwr
https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
π£SEKTOR7net
π@malwr
the-deniss.github.io
Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass
In this post Iβll show Avast self-defense bypass: how I discovered a new undocumented way to intercept all system calls without a hypervisor and PatchGuard triggered BSOD, and, finally, based on the knowledge gained, implemented a bypass
Wireshark Cheat Sheet: All the Commands, Filters & Syntax
π£flacao9
You can decrypt SSL traffic if you have a certificate associated with the traffic.
We use this when analyzing suspected malicious traffic.
π€Farstone
π@malwr
π£flacao9
You can decrypt SSL traffic if you have a certificate associated with the traffic.
We use this when analyzing suspected malicious traffic.
π€Farstone
π@malwr
StationX
Wireshark Cheat Sheet
To supplement the courses in our Cyber Security School, here is a list of the βcommon commands in Wireshark.
Awesome Malware Techniques
A curated list of resources to analyse and study malware techniques.
https://github.com/fr0gger/Awesome_Malware_Techniques
#malware #cybersecurity #infosec
π£hack_git
π@malwr
A curated list of resources to analyse and study malware techniques.
https://github.com/fr0gger/Awesome_Malware_Techniques
#malware #cybersecurity #infosec
π£hack_git
π@malwr
Happy to share my first blog as part of @wiz_io πͺπ§
Cloud is complex and so it's attack surface. If you are interested in learning about #cloudforensics I recommend reading this!
https://www.wiz.io/blog/intro-to-forensics-in-the-cloud-a-container-was-compromised-whats-next
π£AbbyMCH
π@malwr
Cloud is complex and so it's attack surface. If you are interested in learning about #cloudforensics I recommend reading this!
https://www.wiz.io/blog/intro-to-forensics-in-the-cloud-a-container-was-compromised-whats-next
π£AbbyMCH
π@malwr
I really enjoyed these reverse engineering articles by Rick Osgood @rickoooooo that explain step by step how to achieve arbitrary code execution by radio π€©
#APRS #infosec #hacking
https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part1
π£G4lile0
π@malwr
#APRS #infosec #hacking
https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part1
π£G4lile0
π@malwr
New polymorphic techniques pushed to Revenant.
Rev now uses the python build script to generate C code at build time, compile randomly different binaries, and combine runtime polymorphic patches to give better obfuscation
Check it out!
https://github.com/0xTriboulet/Revenant
@deadvolvo
π£0xTriboulet
π@malwr
Rev now uses the python build script to generate C code at build time, compile randomly different binaries, and combine runtime polymorphic patches to give better obfuscation
Check it out!
https://github.com/0xTriboulet/Revenant
@deadvolvo
π£0xTriboulet
π@malwr
π₯1
Nice research by Maciej Domanski (@trailofbits) on cURL command line interface fuzzing and vulnerabilties
https://blog.trailofbits.com/2023/02/14/curl-audit-fuzzing-libcurl-command-line-interface/
#fuzzing
π£0xor0ne
π@malwr
https://blog.trailofbits.com/2023/02/14/curl-audit-fuzzing-libcurl-command-line-interface/
#fuzzing
π£0xor0ne
π@malwr
Microsoft Incident Response (formerly DART) provides guidance and strategies on how to detect, recover, and prevent CVE-2022-21894 exploits via a UEFI bootkit called BlackLotus. #microsoftincidentresponse #microsoftIR: https://www.microsoft.com/en-us/security/blog/2023/04/11/guidance-for-investigating-attacks-using-cve-2022-21894-the-blacklotus-campaign/
π£bmcder02
π@malwr
π£bmcder02
π@malwr
Microsoft News
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
A guide to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via BlackLotus UEFI bootkit.
In depth analysis on Valorants anti cheat tech "guarded regions" worth a read if you are interested in anti cheat tech
https://reversing.info/posts/guardedregions/
π£AntiCheatPD
π@malwr
https://reversing.info/posts/guardedregions/
π£AntiCheatPD
π@malwr
Xyrem Engineering
In-depth analysis on Valorant's Guarded Regions
In this post, we will analyze how Vanguard attempts to keep away bad actors by utilizing a simple yet brutally strong method
MinHash-based Code Relationship & Investigation Toolkit (MCRIT), a framework created by the Cyber Analysis & Defense team from Fraunhofer FKIE institute to simplify the application of the MinHash algorithm in the context of code similarity.
https://github.com/fkie-cad/mcritweb
#Botconf2023
π£Requiem_fr
π@malwr
https://github.com/fkie-cad/mcritweb
#Botconf2023
π£Requiem_fr
π@malwr
π₯2