I really enjoyed these reverse engineering articles by Rick Osgood @rickoooooo that explain step by step how to achieve arbitrary code execution by radio ๐คฉ
#APRS #infosec #hacking
https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part1
๐ฃG4lile0
๐@malwr
#APRS #infosec #hacking
https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part1
๐ฃG4lile0
๐@malwr
New polymorphic techniques pushed to Revenant.
Rev now uses the python build script to generate C code at build time, compile randomly different binaries, and combine runtime polymorphic patches to give better obfuscation
Check it out!
https://github.com/0xTriboulet/Revenant
@deadvolvo
๐ฃ0xTriboulet
๐@malwr
Rev now uses the python build script to generate C code at build time, compile randomly different binaries, and combine runtime polymorphic patches to give better obfuscation
Check it out!
https://github.com/0xTriboulet/Revenant
@deadvolvo
๐ฃ0xTriboulet
๐@malwr
๐ฅ1
Nice research by Maciej Domanski (@trailofbits) on cURL command line interface fuzzing and vulnerabilties
https://blog.trailofbits.com/2023/02/14/curl-audit-fuzzing-libcurl-command-line-interface/
#fuzzing
๐ฃ0xor0ne
๐@malwr
https://blog.trailofbits.com/2023/02/14/curl-audit-fuzzing-libcurl-command-line-interface/
#fuzzing
๐ฃ0xor0ne
๐@malwr
Microsoft Incident Response (formerly DART) provides guidance and strategies on how to detect, recover, and prevent CVE-2022-21894 exploits via a UEFI bootkit called BlackLotus. #microsoftincidentresponse #microsoftIR: https://www.microsoft.com/en-us/security/blog/2023/04/11/guidance-for-investigating-attacks-using-cve-2022-21894-the-blacklotus-campaign/
๐ฃbmcder02
๐@malwr
๐ฃbmcder02
๐@malwr
Microsoft News
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
A guide to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via BlackLotus UEFI bootkit.
In depth analysis on Valorants anti cheat tech "guarded regions" worth a read if you are interested in anti cheat tech
https://reversing.info/posts/guardedregions/
๐ฃAntiCheatPD
๐@malwr
https://reversing.info/posts/guardedregions/
๐ฃAntiCheatPD
๐@malwr
Xyrem Engineering
In-depth analysis on Valorant's Guarded Regions
In this post, we will analyze how Vanguard attempts to keep away bad actors by utilizing a simple yet brutally strong method
MinHash-based Code Relationship & Investigation Toolkit (MCRIT), a framework created by the Cyber Analysis & Defense team from Fraunhofer FKIE institute to simplify the application of the MinHash algorithm in the context of code similarity.
https://github.com/fkie-cad/mcritweb
#Botconf2023
๐ฃRequiem_fr
๐@malwr
https://github.com/fkie-cad/mcritweb
#Botconf2023
๐ฃRequiem_fr
๐@malwr
๐ฅ2
Reverse Engineering Tofsee Spambot to find vaccine - Malware Lead @RaashidBhatt discloses two vaccines and a network-based kill switch. First up, it's part one, how to inject a malware vaccine into the binary file.๐
https://hubs.ly/Q01LkdrX0
#MalwareVaccine #Spambot #Tofsee
๐ฃSpamhausTech
๐@malwr
https://hubs.ly/Q01LkdrX0
#MalwareVaccine #Spambot #Tofsee
๐ฃSpamhausTech
๐@malwr
Introduction to Windows kernel drivers for red team tools development
(credits @Idov31)
Part 1: https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
Part 2: https://idov31.github.io/2022/08/04/lord-of-the-ring0-p2.html
Part 3: https://idov31.github.io/2022/10/30/lord-of-the-ring0-p3.html
#windows #kernel #redteam #malware #infosec #cybersecurity
๐ฃ0xor0ne
๐@malwr
(credits @Idov31)
Part 1: https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
Part 2: https://idov31.github.io/2022/08/04/lord-of-the-ring0-p2.html
Part 3: https://idov31.github.io/2022/10/30/lord-of-the-ring0-p3.html
#windows #kernel #redteam #malware #infosec #cybersecurity
๐ฃ0xor0ne
๐@malwr
๐ฅ1
Part 3.2 on my blog analyzing a recent #Android #malware sample. https://n0psn0ps.github.io/2023/04/13/android-malware-analysis-series-ato.apk-part-3.2/
#re #reverseengineering
๐ฃn0ps3
๐@malwr
#re #reverseengineering
๐ฃn0ps3
๐@malwr
n0ps
Android Malware Analysis Series - ATO.apk - Part 3.2
Permanent dark(er) theme for Poole
Check it out! WinDbg has just released out of preview, out of the Windows store and (what I worked on) with Time Travel Debugging support for ARM64. http://aka.ms/windbg
๐ฃTheJCAB
๐@malwr
๐ฃTheJCAB
๐@malwr
Docs
Install WinDbg - Windows drivers
Start here for an overview on the Windows debugger and installing WinDbg.
๐1
Revizor automatically detects microarchitectural leakage in CPUs, speeding up discovery of vulnerabilities that previously required persistent hacking and painstaking manual labor. This new tool helps the industry protect customers from risk: https://msft.it/6013gHEGd
๐ฃMSFTResearch
๐@malwr
๐ฃMSFTResearch
๐@malwr
Microsoft Research
Hunting speculative information leaks with Revizor - Microsoft Research
Spectre and Meltdown are two security vulnerabilities that affect the vast majority of CPUs in use today. CPUs, or central processing units, act as the brains of a computer, directing the functions of its other components. By targeting a feature of the CPUโฆ
Celebrating the 10th anniversary of releasing Noriben!
https://github.com/Rurik/Noriben
What started as a way to make filemon/regmon/procmon analysis easier for work mentoring has turned into an awesome automated tool I've used for large-scale ransomware analysis, and more.
๐ฃbbaskin
๐@malwr
https://github.com/Rurik/Noriben
What started as a way to make filemon/regmon/procmon analysis easier for work mentoring has turned into an awesome automated tool I've used for large-scale ransomware analysis, and more.
๐ฃbbaskin
๐@malwr
GitHub
GitHub - Rurik/Noriben: Noriben - Portable, Simple, Malware Analysis Sandbox
Noriben - Portable, Simple, Malware Analysis Sandbox - Rurik/Noriben
IOCs available...
Threat actors strive to cause Tax Day headaches https://rodtrent.com/j7j
#MicrosoftSentinel #MicrosoftDefender #M365D #Cybersecurity #MicrosoftSecurity #Security #MicrosoftThreatIntelligence
๐ฃrodtrent
๐@malwr
Threat actors strive to cause Tax Day headaches https://rodtrent.com/j7j
#MicrosoftSentinel #MicrosoftDefender #M365D #Cybersecurity #MicrosoftSecurity #Security #MicrosoftThreatIntelligence
๐ฃrodtrent
๐@malwr
๐1