New polymorphic techniques pushed to Revenant.
Rev now uses the python build script to generate C code at build time, compile randomly different binaries, and combine runtime polymorphic patches to give better obfuscation
Check it out!
https://github.com/0xTriboulet/Revenant
@deadvolvo
π£0xTriboulet
π@malwr
Rev now uses the python build script to generate C code at build time, compile randomly different binaries, and combine runtime polymorphic patches to give better obfuscation
Check it out!
https://github.com/0xTriboulet/Revenant
@deadvolvo
π£0xTriboulet
π@malwr
π₯1
Nice research by Maciej Domanski (@trailofbits) on cURL command line interface fuzzing and vulnerabilties
https://blog.trailofbits.com/2023/02/14/curl-audit-fuzzing-libcurl-command-line-interface/
#fuzzing
π£0xor0ne
π@malwr
https://blog.trailofbits.com/2023/02/14/curl-audit-fuzzing-libcurl-command-line-interface/
#fuzzing
π£0xor0ne
π@malwr
Microsoft Incident Response (formerly DART) provides guidance and strategies on how to detect, recover, and prevent CVE-2022-21894 exploits via a UEFI bootkit called BlackLotus. #microsoftincidentresponse #microsoftIR: https://www.microsoft.com/en-us/security/blog/2023/04/11/guidance-for-investigating-attacks-using-cve-2022-21894-the-blacklotus-campaign/
π£bmcder02
π@malwr
π£bmcder02
π@malwr
Microsoft News
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
A guide to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via BlackLotus UEFI bootkit.
In depth analysis on Valorants anti cheat tech "guarded regions" worth a read if you are interested in anti cheat tech
https://reversing.info/posts/guardedregions/
π£AntiCheatPD
π@malwr
https://reversing.info/posts/guardedregions/
π£AntiCheatPD
π@malwr
Xyrem Engineering
In-depth analysis on Valorant's Guarded Regions
In this post, we will analyze how Vanguard attempts to keep away bad actors by utilizing a simple yet brutally strong method
MinHash-based Code Relationship & Investigation Toolkit (MCRIT), a framework created by the Cyber Analysis & Defense team from Fraunhofer FKIE institute to simplify the application of the MinHash algorithm in the context of code similarity.
https://github.com/fkie-cad/mcritweb
#Botconf2023
π£Requiem_fr
π@malwr
https://github.com/fkie-cad/mcritweb
#Botconf2023
π£Requiem_fr
π@malwr
π₯2
Reverse Engineering Tofsee Spambot to find vaccine - Malware Lead @RaashidBhatt discloses two vaccines and a network-based kill switch. First up, it's part one, how to inject a malware vaccine into the binary file.π
https://hubs.ly/Q01LkdrX0
#MalwareVaccine #Spambot #Tofsee
π£SpamhausTech
π@malwr
https://hubs.ly/Q01LkdrX0
#MalwareVaccine #Spambot #Tofsee
π£SpamhausTech
π@malwr
Introduction to Windows kernel drivers for red team tools development
(credits @Idov31)
Part 1: https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
Part 2: https://idov31.github.io/2022/08/04/lord-of-the-ring0-p2.html
Part 3: https://idov31.github.io/2022/10/30/lord-of-the-ring0-p3.html
#windows #kernel #redteam #malware #infosec #cybersecurity
π£0xor0ne
π@malwr
(credits @Idov31)
Part 1: https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
Part 2: https://idov31.github.io/2022/08/04/lord-of-the-ring0-p2.html
Part 3: https://idov31.github.io/2022/10/30/lord-of-the-ring0-p3.html
#windows #kernel #redteam #malware #infosec #cybersecurity
π£0xor0ne
π@malwr
π₯1
Part 3.2 on my blog analyzing a recent #Android #malware sample. https://n0psn0ps.github.io/2023/04/13/android-malware-analysis-series-ato.apk-part-3.2/
#re #reverseengineering
π£n0ps3
π@malwr
#re #reverseengineering
π£n0ps3
π@malwr
n0ps
Android Malware Analysis Series - ATO.apk - Part 3.2
Permanent dark(er) theme for Poole
Check it out! WinDbg has just released out of preview, out of the Windows store and (what I worked on) with Time Travel Debugging support for ARM64. http://aka.ms/windbg
π£TheJCAB
π@malwr
π£TheJCAB
π@malwr
Docs
Install WinDbg - Windows drivers
Start here for an overview on the Windows debugger and installing WinDbg.
π1
Revizor automatically detects microarchitectural leakage in CPUs, speeding up discovery of vulnerabilities that previously required persistent hacking and painstaking manual labor. This new tool helps the industry protect customers from risk: https://msft.it/6013gHEGd
π£MSFTResearch
π@malwr
π£MSFTResearch
π@malwr
Microsoft Research
Hunting speculative information leaks with Revizor - Microsoft Research
Spectre and Meltdown are two security vulnerabilities that affect the vast majority of CPUs in use today. CPUs, or central processing units, act as the brains of a computer, directing the functions of its other components. By targeting a feature of the CPUβ¦
Celebrating the 10th anniversary of releasing Noriben!
https://github.com/Rurik/Noriben
What started as a way to make filemon/regmon/procmon analysis easier for work mentoring has turned into an awesome automated tool I've used for large-scale ransomware analysis, and more.
π£bbaskin
π@malwr
https://github.com/Rurik/Noriben
What started as a way to make filemon/regmon/procmon analysis easier for work mentoring has turned into an awesome automated tool I've used for large-scale ransomware analysis, and more.
π£bbaskin
π@malwr
GitHub
GitHub - Rurik/Noriben: Noriben - Portable, Simple, Malware Analysis Sandbox
Noriben - Portable, Simple, Malware Analysis Sandbox - Rurik/Noriben
IOCs available...
Threat actors strive to cause Tax Day headaches https://rodtrent.com/j7j
#MicrosoftSentinel #MicrosoftDefender #M365D #Cybersecurity #MicrosoftSecurity #Security #MicrosoftThreatIntelligence
π£rodtrent
π@malwr
Threat actors strive to cause Tax Day headaches https://rodtrent.com/j7j
#MicrosoftSentinel #MicrosoftDefender #M365D #Cybersecurity #MicrosoftSecurity #Security #MicrosoftThreatIntelligence
π£rodtrent
π@malwr
π1
LIEF v0.13.0 is out:
https://lief-project.github.io/blog/2023-04-09-lief-0-13-0/
π£LIEF_project
π@malwr
https://lief-project.github.io/blog/2023-04-09-lief-0-13-0/
π£LIEF_project
π@malwr
Elevating your user-mode debugger into a Protected Process level, by ClΓ©ment Labro (@itm4n):
https://itm4n.github.io/debugging-protected-processes/
π£SEKTOR7net
π@malwr
https://itm4n.github.io/debugging-protected-processes/
π£SEKTOR7net
π@malwr
itm4nβs blog
Debugging Protected Processes
Whenever I need to debug a protected process, I usually disable the protection in the Kernel so that I can attach a User-mode debugger. This has always served me well until it sort of backfired.
π1