ESET researchers have discovered a new Lazarus #OperationDreamJob campaign targeting Linux users. As far as we know, this is the first public mention of this major threat actor using Linux malware as part of this operation. π§
https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack/?utm_source=twitter&utm_medium=cpc&utm_campaign=wls&utm_term=lazarus-linux-malware
#ESETresearch #ProgressProtected #Cybersecurity
π£ESET
π@malwr
https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack/?utm_source=twitter&utm_medium=cpc&utm_campaign=wls&utm_term=lazarus-linux-malware
#ESETresearch #ProgressProtected #Cybersecurity
π£ESET
π@malwr
Welivesecurity
Linux malware strengthens links between Lazarus and the 3CX supply-chain attack
Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack
I've your interested in the #TradingTechnologies compromise & detections, then follow this thread π§΅
You won't find these IOCs/rules anywhere else
Hashes
https://github.com/Neo23x0/signature-base/blob/977ebf90ef01476f8586fbfd7e433cb93189bfa1/iocs/hash-iocs.txt#L10819
Filenames
https://github.com/Neo23x0/signature-base/blob/977ebf90ef01476f8586fbfd7e433cb93189bfa1/iocs/filename-iocs.txt#L4265
YARA
https://github.com/Neo23x0/signature-base/blob/master/yara/apt_nk_tradingtech_apr23.yar
π£cyb3rops
π@malwr
You won't find these IOCs/rules anywhere else
Hashes
https://github.com/Neo23x0/signature-base/blob/977ebf90ef01476f8586fbfd7e433cb93189bfa1/iocs/hash-iocs.txt#L10819
Filenames
https://github.com/Neo23x0/signature-base/blob/977ebf90ef01476f8586fbfd7e433cb93189bfa1/iocs/filename-iocs.txt#L4265
YARA
https://github.com/Neo23x0/signature-base/blob/master/yara/apt_nk_tradingtech_apr23.yar
π£cyb3rops
π@malwr
GitHub
signature-base/iocs/hash-iocs.txt at 977ebf90ef01476f8586fbfd7e433cb93189bfa1 Β· Neo23x0/signature-base
YARA signature and IOC database for my scanners and tools - Neo23x0/signature-base
π1
Exploiting System Mechanic Driver https://voidsec.com/exploiting-system-mechanic-driver/ #Pentesting #Exploit #CyberSecurity #Infosec
π£ptracesecurity
π@malwr
π£ptracesecurity
π@malwr
dnstop β Monitor and display DNS server traffic on your network https://www.cyberciti.biz/faq/dnstop-monitor-bind-dns-server-dns-network-traffic-from-a-shell-prompt/ #Linux #Unix #FreeBSD
π£nixcraft
π@malwr
π£nixcraft
π@malwr
EclecticIQ researchers have identified a spear phishing campaign targeting Ukrainian government entities including the Foreign Intelligence Service of Ukraine (SZRU) and Security Service of Ukraine (SSU), likely conducted by APT group Gamaredon. https://blog.eclecticiq.com/exposed-web-panel-reveals-gamaredon-groups-automated-spear-phishing-campaigns
π£virusbtn
π@malwr
π£virusbtn
π@malwr
VirusTotal's trompi summarises the latest activity of the APT43 group based on the telemetry of its malware toolset, including geographical distribution, lookups, submissions, file types, detection ratios & efficacy of crowd-sourced YARA rules. https://blog.virustotal.com/2023/04/apt43-investigation-into-north-korean.html
π£virusbtn
π@malwr
π£virusbtn
π@malwr
I have finished my write-up on reversing the Cobalt Strike implementations of indirect syscalls. With thanks to @0xDISREL for suggesting I look at it and supplying a beacon and to @DuchyRE for tips about unpacking and structures.
https://github.com/dodo-sec/Malware-Analysis/blob/main/Cobalt%20Strike/Indirect%20Syscalls.md
π£dodo_sec
π@malwr
https://github.com/dodo-sec/Malware-Analysis/blob/main/Cobalt%20Strike/Indirect%20Syscalls.md
π£dodo_sec
π@malwr
GitHub
Malware-Analysis/Cobalt Strike/Indirect Syscalls.md at main Β· dodo-sec/Malware-Analysis
Contribute to dodo-sec/Malware-Analysis development by creating an account on GitHub.
#VMware released a security update to address a vulnerability in Tools. A remote attacker could likely exploit the vulnerability to take control of an affected system. More at http://cisa.gov/news-events/alerts/2023/04/21/vmware-releases-security-update-aria-operations-logs. #Cybersecurity #InfoSec
π£CISACyber
π@malwr
π£CISACyber
π@malwr
Awesome @TrustedSec #Sysmon videos by @Carlos_Perez
Part 1
https://youtu.be/kESndPO5Fig
Part 2
https://youtu.be/MlGc44dfFBg
Part 3
https://youtu.be/2JHjRR2Wt4g
Part 4
https://youtu.be/VKVSedPGDgY
Part 5
https://youtu.be/KBsEAaZFcyI
Part 6
https://youtu.be/46-alN2_vlo
Part 7
https://youtu.be/cN714yh7UF4
Part 8
https://youtu.be/y4cpuliY4dk
Part 9
https://youtu.be/Fs7x7PywdzU
π£Oddvarmoe
π@malwr
Part 1
https://youtu.be/kESndPO5Fig
Part 2
https://youtu.be/MlGc44dfFBg
Part 3
https://youtu.be/2JHjRR2Wt4g
Part 4
https://youtu.be/VKVSedPGDgY
Part 5
https://youtu.be/KBsEAaZFcyI
Part 6
https://youtu.be/46-alN2_vlo
Part 7
https://youtu.be/cN714yh7UF4
Part 8
https://youtu.be/y4cpuliY4dk
Part 9
https://youtu.be/Fs7x7PywdzU
π£Oddvarmoe
π@malwr
YouTube
Learning Sysmon - What is Sysmon? (Video 1)
In this video, Research Team Lead Carlos Perez talks about System Monitor (Sysmon) which you can get from Microsoft's Sysinternals Suite. He covers who can get the most out of Sysmon and what its limitations are so that you can decide how much effort yourβ¦
Introducing VirusTotal Code Insight: empowering threat analysis with generative AI. This tool is based on Sec-PaLM (LLM) and helps explaining behavior of suspicious scripts. Code Insight is available now for all our users! More details by @bquintero: https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html
π£virustotal
π@malwr
π£virustotal
π@malwr
The AhnLab ASEC team analyse a recent coin miner distributed to Linux SSH servers that are being improperly managed. https://asec.ahnlab.com/ko/51680/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
#yaradbg v0.0.3 is out
1β£ New yara editor: syntax highlighting, showing evaluation res inline, autocomplete, ...
2β£ You can upload pass-protected zip containing malware directly (pass must be" infected")
Not sure who uses it but ping if you do, enjoy :)
https://yaradbg.dev/
π£DissectMalware
π@malwr
1β£ New yara editor: syntax highlighting, showing evaluation res inline, autocomplete, ...
2β£ You can upload pass-protected zip containing malware directly (pass must be" infected")
Not sure who uses it but ping if you do, enjoy :)
https://yaradbg.dev/
π£DissectMalware
π@malwr
π3
Trend Micro's Don Ovid Ladores analyses recent updates to information stealer ViperSoftX. The new campaign uses DLL sideloading for its arrival & execution technique, a more sophisticated encryption method of byte remapping, & a monthly change in C2 server https://www.trendmicro.com/en_us/research/23/d/vipersoftx-updates-encryption-steals-data.html
π£virusbtn
π@malwr
π£virusbtn
π@malwr
The latest podcast from Check Point looks into Operation Silent Watch: several human rights activists in Azerbaijan received the same phishing email that delivered them spyware capable of causing significant harm to their personal and professional lives. https://research.checkpoint.com/2023/operation-silent-watch/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
So far I've written 559 pages to help the security community:
1. https://exploitreversing.com/2021/12/03/malware-analysis-series-mas-article-1/
2. https://exploitreversing.com/2022/02/03/malware-analysis-series-mas-article-2/
3. https://exploitreversing.com/2022/05/05/malware-analysis-series-mas-article-3/
4. https://exploitreversing.com/2022/05/12/malware-analysis-series-mas-article-4/
5. https://exploitreversing.com/2022/09/14/malware-analysis-series-mas-article-5/
6. https://exploitreversing.com/2022/11/24/malware-analysis-series-mas-article-6/
7. https://exploitreversing.com/2023/01/05/malware-analysis-series-mas-article-7/
8. https://exploitreversing.com/2023/04/11/exploiting-reversing-er-series/
π£ale_sp_brazil
π@malwr
1. https://exploitreversing.com/2021/12/03/malware-analysis-series-mas-article-1/
2. https://exploitreversing.com/2022/02/03/malware-analysis-series-mas-article-2/
3. https://exploitreversing.com/2022/05/05/malware-analysis-series-mas-article-3/
4. https://exploitreversing.com/2022/05/12/malware-analysis-series-mas-article-4/
5. https://exploitreversing.com/2022/09/14/malware-analysis-series-mas-article-5/
6. https://exploitreversing.com/2022/11/24/malware-analysis-series-mas-article-6/
7. https://exploitreversing.com/2023/01/05/malware-analysis-series-mas-article-7/
8. https://exploitreversing.com/2023/04/11/exploiting-reversing-er-series/
π£ale_sp_brazil
π@malwr
Exploit Reversing
Malware Analysis Series (MAS) β Article 1
The first article of MAS (Malware Analysis Series) is available for reading from: (link): Soon I have enough time, so Iβll publish an HTML version of it. Have an excellent day. Alexandre Borgβ¦
π₯2π₯°2
Check Point researchers reveal new findings about Educated Manticore - an activity cluster with a strong overlap with Phosphorus - which has improved its toolset, utilizing rarely seen techniques such as .NET executables constructed as Mixed Mode Assembly. https://research.checkpoint.com/2023/educated-manticore-iran-aligned-threat-actor-targeting-israel-via-improved-arsenal-of-tools/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
found this Stanford course for web security; with exam papers, assignments, labs & everything:
https://web.stanford.edu/class/cs253/
a true goldmine π«‘
π£Farah_Hawaa
π@malwr
https://web.stanford.edu/class/cs253/
a true goldmine π«‘
π£Farah_Hawaa
π@malwr
web.stanford.edu
CS253 - Web Security
Principles of web security. The fundamentals and state-of-the-art in web security. Attacks and countermeasures. Topics include: the browser security model, web app vulnerabilities, injection, denial-of-service, TLS attacks, privacy, fingerprinting, same-originβ¦
π1
Offensive Security Checklists
API testing
Binary Exploitation testing
Firewall testing
Insecure deserialization
Web and OT pentest
and more.
https://github.com/CyberSecurityUP/Offensivesecurity-Checklists
#pentest #cybersecurity
π£cyb_detective
π@malwr
API testing
Binary Exploitation testing
Firewall testing
Insecure deserialization
Web and OT pentest
and more.
https://github.com/CyberSecurityUP/Offensivesecurity-Checklists
#pentest #cybersecurity
π£cyb_detective
π@malwr