Awesome Malware Techniques
A curated list of resources to analyse and study malware techniques.
https://github.com/fr0gger/Awesome_Malware_Techniques
#malware #cybersecurity #infosec
π£hack_git
π@malwr
A curated list of resources to analyse and study malware techniques.
https://github.com/fr0gger/Awesome_Malware_Techniques
#malware #cybersecurity #infosec
π£hack_git
π@malwr
Happy to share my first blog as part of @wiz_io πͺπ§
Cloud is complex and so it's attack surface. If you are interested in learning about #cloudforensics I recommend reading this!
https://www.wiz.io/blog/intro-to-forensics-in-the-cloud-a-container-was-compromised-whats-next
π£AbbyMCH
π@malwr
Cloud is complex and so it's attack surface. If you are interested in learning about #cloudforensics I recommend reading this!
https://www.wiz.io/blog/intro-to-forensics-in-the-cloud-a-container-was-compromised-whats-next
π£AbbyMCH
π@malwr
I really enjoyed these reverse engineering articles by Rick Osgood @rickoooooo that explain step by step how to achieve arbitrary code execution by radio π€©
#APRS #infosec #hacking
https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part1
π£G4lile0
π@malwr
#APRS #infosec #hacking
https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part1
π£G4lile0
π@malwr
New polymorphic techniques pushed to Revenant.
Rev now uses the python build script to generate C code at build time, compile randomly different binaries, and combine runtime polymorphic patches to give better obfuscation
Check it out!
https://github.com/0xTriboulet/Revenant
@deadvolvo
π£0xTriboulet
π@malwr
Rev now uses the python build script to generate C code at build time, compile randomly different binaries, and combine runtime polymorphic patches to give better obfuscation
Check it out!
https://github.com/0xTriboulet/Revenant
@deadvolvo
π£0xTriboulet
π@malwr
π₯1
Nice research by Maciej Domanski (@trailofbits) on cURL command line interface fuzzing and vulnerabilties
https://blog.trailofbits.com/2023/02/14/curl-audit-fuzzing-libcurl-command-line-interface/
#fuzzing
π£0xor0ne
π@malwr
https://blog.trailofbits.com/2023/02/14/curl-audit-fuzzing-libcurl-command-line-interface/
#fuzzing
π£0xor0ne
π@malwr
Microsoft Incident Response (formerly DART) provides guidance and strategies on how to detect, recover, and prevent CVE-2022-21894 exploits via a UEFI bootkit called BlackLotus. #microsoftincidentresponse #microsoftIR: https://www.microsoft.com/en-us/security/blog/2023/04/11/guidance-for-investigating-attacks-using-cve-2022-21894-the-blacklotus-campaign/
π£bmcder02
π@malwr
π£bmcder02
π@malwr
Microsoft News
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
A guide to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via BlackLotus UEFI bootkit.
In depth analysis on Valorants anti cheat tech "guarded regions" worth a read if you are interested in anti cheat tech
https://reversing.info/posts/guardedregions/
π£AntiCheatPD
π@malwr
https://reversing.info/posts/guardedregions/
π£AntiCheatPD
π@malwr
Xyrem Engineering
In-depth analysis on Valorant's Guarded Regions
In this post, we will analyze how Vanguard attempts to keep away bad actors by utilizing a simple yet brutally strong method
MinHash-based Code Relationship & Investigation Toolkit (MCRIT), a framework created by the Cyber Analysis & Defense team from Fraunhofer FKIE institute to simplify the application of the MinHash algorithm in the context of code similarity.
https://github.com/fkie-cad/mcritweb
#Botconf2023
π£Requiem_fr
π@malwr
https://github.com/fkie-cad/mcritweb
#Botconf2023
π£Requiem_fr
π@malwr
π₯2
Reverse Engineering Tofsee Spambot to find vaccine - Malware Lead @RaashidBhatt discloses two vaccines and a network-based kill switch. First up, it's part one, how to inject a malware vaccine into the binary file.π
https://hubs.ly/Q01LkdrX0
#MalwareVaccine #Spambot #Tofsee
π£SpamhausTech
π@malwr
https://hubs.ly/Q01LkdrX0
#MalwareVaccine #Spambot #Tofsee
π£SpamhausTech
π@malwr
Introduction to Windows kernel drivers for red team tools development
(credits @Idov31)
Part 1: https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
Part 2: https://idov31.github.io/2022/08/04/lord-of-the-ring0-p2.html
Part 3: https://idov31.github.io/2022/10/30/lord-of-the-ring0-p3.html
#windows #kernel #redteam #malware #infosec #cybersecurity
π£0xor0ne
π@malwr
(credits @Idov31)
Part 1: https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
Part 2: https://idov31.github.io/2022/08/04/lord-of-the-ring0-p2.html
Part 3: https://idov31.github.io/2022/10/30/lord-of-the-ring0-p3.html
#windows #kernel #redteam #malware #infosec #cybersecurity
π£0xor0ne
π@malwr
π₯1