Malware News
@malwr
12.7K subscribers
1.63K photos
7 videos
130 files
7.78K links
The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ...

Partner channel: @cveNotify

For ads: https://telega.io/c/malwr
Download Telegram
About
Blog
Apps
Platform
Join
Malware News
12.7K subscribers
Malware News
Happy Friday everyone! Want a ProcMon for macOS? Ever wish you had your own Endpoint Security client you could task? Want to peer behind the macOS EDR curtain? Have a go and let us know what you think!
https://github.com/redcanaryco/mac-monitor
๐Ÿ—ฃPartyD0lphin


๐ŸŽ–@malwr
GitHub
GitHub - redcanaryco/mac-monitor: Red Canary Mac Monitor is an advanced, stand-alone system monitoring tool tailor-made for macOSโ€ฆ
Red Canary Mac Monitor is an advanced, stand-alone system monitoring tool tailor-made for macOS security research. Beginning with Endpoint Security (ES), it collects and enriches system events, dis...
๐Ÿ‘1
445 views
Malware News
Setting Up QEMU Kernel-Mode Debugging using EXDI:
https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/setting-up-qemu-kernel-mode-debugging-using-exdi
๐Ÿ—ฃgerhart_x


๐ŸŽ–@malwr
Docs
Setting Up QEMU Kernel-Mode Debugging Using EXDI - Windows drivers
Debugging Tools for Windows supports debugging QEMU using EXDI. This topic describes how to setup QEMU kernel debugging using EXDI.
450 views
Malware News
PatchlessCLRLoader - A fork of InlineExecute-Assembly to load .NET assembly and direct the output to mailslot https://github.com/VoldeSec/PatchlessCLRLoader #redteam
๐Ÿ—ฃnetbiosX


๐ŸŽ–@malwr
GitHub
GitHub - VoldeSec/PatchlessCLRLoader: .NET assembly loader with patchless AMSI and ETW bypass
.NET assembly loader with patchless AMSI and ETW bypass - VoldeSec/PatchlessCLRLoader
510 views
Malware News
Discovering and #exploiting McAfee COM-objects by @Denis_Skvortcov

https://the-deniss.github.io/posts/2021/05/17/discovering-and-exploiting-mcafee-com-objects.html
๐Ÿ—ฃSinSinology


๐ŸŽ–@malwr
575 views
Malware News
Introduction to offensive security (guide by @0xTriboulet)

https://steve-s.gitbook.io/0xtriboulet/

#offensivesecurity
๐Ÿ—ฃ0xor0ne


๐ŸŽ–@malwr
479 views
Malware News
This is an absolutely dope mindmap for attacking AD.

https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2023_02.svg

Source: https://github.com/Orange-Cyberdefense/ocd-mindmaps
๐Ÿ—ฃJhaddix


๐ŸŽ–@malwr
๐Ÿ‘2
518 views
Malware News
A Journey of Finding #Vulnerabilities in #Drivers by @omertsarfati of @CyberArk

https://www.cyberark.com/resources/threat-research-blog/inglourious-drivers-a-journey-of-finding-vulnerabilities-in-drivers
๐Ÿ—ฃSinSinology


๐ŸŽ–@malwr
529 views
Malware News
Frida 16.0.14 is out! ๐ŸŽ‰ This one is all about stability improvements on Linux/Android, and brand new ARMv8 BTI interoperability:
https://frida.re/news/2023/04/18/frida-16-0-14-released/
๐Ÿ—ฃfridadotre


๐ŸŽ–@malwr
Frida โ€ข A world-class dynamic instrumentation toolkit
Frida 16.0.14 Released
Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX
446 views
Malware News
Here is a ETW based POC to monitor for (some) direct and indirect syscalls. Should find multiple open source implementations trying to avoid userlandhooks.

https://github.com/thefLink/Hunt-Weird-Syscalls
๐Ÿ—ฃthefLinkk


๐ŸŽ–@malwr
GitHub
GitHub - thefLink/Hunt-Weird-Syscalls: ETW based POC to identify direct and indirect syscalls
ETW based POC to identify direct and indirect syscalls - thefLink/Hunt-Weird-Syscalls
๐Ÿ‘1
457 views
Malware News
Hey, FIRSTies! After much dedicated work, the #EthicsSIG has published their #CaseStudies to the FIRST website! Check out the encompassing document here: http://ow.ly/rG2S50NNbJt
๐Ÿ—ฃFIRSTdotOrg


๐ŸŽ–@malwr
FIRST โ€” Forum of Incident Response and Security Teams
Ethics for Incident Response and Security Teams - Case Studies
427 views
Malware News
c2detect: Search for c2 servers by listener outside https://github.com/michael2to3/c2-search-netlas
๐Ÿ—ฃ_r_netsec


๐ŸŽ–@malwr
535 views
Malware News
ESET researchers have discovered a new Lazarus #OperationDreamJob campaign targeting Linux users. As far as we know, this is the first public mention of this major threat actor using Linux malware as part of this operation. ๐Ÿง
https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack/?utm_source=twitter&utm_medium=cpc&utm_campaign=wls&utm_term=lazarus-linux-malware

#ESETresearch #ProgressProtected #Cybersecurity
๐Ÿ—ฃESET


๐ŸŽ–@malwr
Welivesecurity
Linux malware strengthens links between Lazarus and the 3CX supply-chain attack
Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack
444 viewsedited  
Malware News
I've your interested in the #TradingTechnologies compromise & detections, then follow this thread ๐Ÿงต

You won't find these IOCs/rules anywhere else

Hashes
https://github.com/Neo23x0/signature-base/blob/977ebf90ef01476f8586fbfd7e433cb93189bfa1/iocs/hash-iocs.txt#L10819

Filenames
https://github.com/Neo23x0/signature-base/blob/977ebf90ef01476f8586fbfd7e433cb93189bfa1/iocs/filename-iocs.txt#L4265

YARA
https://github.com/Neo23x0/signature-base/blob/master/yara/apt_nk_tradingtech_apr23.yar
๐Ÿ—ฃcyb3rops


๐ŸŽ–@malwr
GitHub
signature-base/iocs/hash-iocs.txt at 977ebf90ef01476f8586fbfd7e433cb93189bfa1 ยท Neo23x0/signature-base
YARA signature and IOC database for my scanners and tools - Neo23x0/signature-base
๐Ÿ‘1
414 views
Malware News
Exploiting System Mechanic Driver https://voidsec.com/exploiting-system-mechanic-driver/ #Pentesting #Exploit #CyberSecurity #Infosec
๐Ÿ—ฃptracesecurity


๐ŸŽ–@malwr
456 views