Introducing VirusTotal Code Insight: empowering threat analysis with generative AI. This tool is based on Sec-PaLM (LLM) and helps explaining behavior of suspicious scripts. Code Insight is available now for all our users! More details by @bquintero: https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html
π£virustotal
π@malwr
π£virustotal
π@malwr
The AhnLab ASEC team analyse a recent coin miner distributed to Linux SSH servers that are being improperly managed. https://asec.ahnlab.com/ko/51680/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
#yaradbg v0.0.3 is out
1β£ New yara editor: syntax highlighting, showing evaluation res inline, autocomplete, ...
2β£ You can upload pass-protected zip containing malware directly (pass must be" infected")
Not sure who uses it but ping if you do, enjoy :)
https://yaradbg.dev/
π£DissectMalware
π@malwr
1β£ New yara editor: syntax highlighting, showing evaluation res inline, autocomplete, ...
2β£ You can upload pass-protected zip containing malware directly (pass must be" infected")
Not sure who uses it but ping if you do, enjoy :)
https://yaradbg.dev/
π£DissectMalware
π@malwr
π3
Trend Micro's Don Ovid Ladores analyses recent updates to information stealer ViperSoftX. The new campaign uses DLL sideloading for its arrival & execution technique, a more sophisticated encryption method of byte remapping, & a monthly change in C2 server https://www.trendmicro.com/en_us/research/23/d/vipersoftx-updates-encryption-steals-data.html
π£virusbtn
π@malwr
π£virusbtn
π@malwr
The latest podcast from Check Point looks into Operation Silent Watch: several human rights activists in Azerbaijan received the same phishing email that delivered them spyware capable of causing significant harm to their personal and professional lives. https://research.checkpoint.com/2023/operation-silent-watch/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
So far I've written 559 pages to help the security community:
1. https://exploitreversing.com/2021/12/03/malware-analysis-series-mas-article-1/
2. https://exploitreversing.com/2022/02/03/malware-analysis-series-mas-article-2/
3. https://exploitreversing.com/2022/05/05/malware-analysis-series-mas-article-3/
4. https://exploitreversing.com/2022/05/12/malware-analysis-series-mas-article-4/
5. https://exploitreversing.com/2022/09/14/malware-analysis-series-mas-article-5/
6. https://exploitreversing.com/2022/11/24/malware-analysis-series-mas-article-6/
7. https://exploitreversing.com/2023/01/05/malware-analysis-series-mas-article-7/
8. https://exploitreversing.com/2023/04/11/exploiting-reversing-er-series/
π£ale_sp_brazil
π@malwr
1. https://exploitreversing.com/2021/12/03/malware-analysis-series-mas-article-1/
2. https://exploitreversing.com/2022/02/03/malware-analysis-series-mas-article-2/
3. https://exploitreversing.com/2022/05/05/malware-analysis-series-mas-article-3/
4. https://exploitreversing.com/2022/05/12/malware-analysis-series-mas-article-4/
5. https://exploitreversing.com/2022/09/14/malware-analysis-series-mas-article-5/
6. https://exploitreversing.com/2022/11/24/malware-analysis-series-mas-article-6/
7. https://exploitreversing.com/2023/01/05/malware-analysis-series-mas-article-7/
8. https://exploitreversing.com/2023/04/11/exploiting-reversing-er-series/
π£ale_sp_brazil
π@malwr
Exploit Reversing
Malware Analysis Series (MAS) β Article 1
The first article of MAS (Malware Analysis Series) is available for reading from: (link): Soon I have enough time, so Iβll publish an HTML version of it. Have an excellent day. Alexandre Borgβ¦
π₯2π₯°2
Check Point researchers reveal new findings about Educated Manticore - an activity cluster with a strong overlap with Phosphorus - which has improved its toolset, utilizing rarely seen techniques such as .NET executables constructed as Mixed Mode Assembly. https://research.checkpoint.com/2023/educated-manticore-iran-aligned-threat-actor-targeting-israel-via-improved-arsenal-of-tools/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
found this Stanford course for web security; with exam papers, assignments, labs & everything:
https://web.stanford.edu/class/cs253/
a true goldmine π«‘
π£Farah_Hawaa
π@malwr
https://web.stanford.edu/class/cs253/
a true goldmine π«‘
π£Farah_Hawaa
π@malwr
web.stanford.edu
CS253 - Web Security
Principles of web security. The fundamentals and state-of-the-art in web security. Attacks and countermeasures. Topics include: the browser security model, web app vulnerabilities, injection, denial-of-service, TLS attacks, privacy, fingerprinting, same-originβ¦
π1
Offensive Security Checklists
API testing
Binary Exploitation testing
Firewall testing
Insecure deserialization
Web and OT pentest
and more.
https://github.com/CyberSecurityUP/Offensivesecurity-Checklists
#pentest #cybersecurity
π£cyb_detective
π@malwr
API testing
Binary Exploitation testing
Firewall testing
Insecure deserialization
Web and OT pentest
and more.
https://github.com/CyberSecurityUP/Offensivesecurity-Checklists
#pentest #cybersecurity
π£cyb_detective
π@malwr
AhnLab researchers look into recent Tonto Team attack cases. The threat group targets mainly Asian countries and has been distributing Bisonal malware. https://asec.ahnlab.com/en/51746/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Jamf's Ferdous Saljooki (@malwarezoo) & Jaron Bradley (@jbradley89) write about the RustBucket malware used by the BlueNoroff APT group to target macOS users. https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
https://github.com/TheD1rkMtr/BlockOpenHandle
Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote memory scanners
π£D1rkMtr
π@malwr
Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote memory scanners
π£D1rkMtr
π@malwr
π₯1
This is an outstanding detection engineering and #threathunting blog about detecting multiple lateral-movement techniques through behavioral events (Sysmon plus Windows event logs), rather than relying on brittle detections of specific tool artifacts
https://bherunda.medium.com/procedural-detections-to-uncover-psexec-style-lateral-movement-5e83932eeb7e
π£rpargman
π@malwr
https://bherunda.medium.com/procedural-detections-to-uncover-psexec-style-lateral-movement-5e83932eeb7e
π£rpargman
π@malwr
Medium
Procedural Detections to Uncover PsExec Style Lateral Movement
In this post, I propose several procedural detections that can help uncover the multitude of tools and frameworks that mimic PsExec style lateral movement behavior. As weβll be operating at theβ¦
A new #IDAPro Tutorial is out! This time we cover the Graph View. Watch it now π https://youtu.be/R1GKm-7WfCU
#IDAProTutorials #IDAPro #hexrays #LearningIDA
π£HexRaysSA
π@malwr
#IDAProTutorials #IDAPro #hexrays #LearningIDA
π£HexRaysSA
π@malwr
β€1
We've updated our Mobile Hacking cheatsheets!
https://github.com/randorisec/MobileHackingCheatSheet
#android #ios #cheatsheet #mobilesecurity #apps
π£RandoriSec
π@malwr
https://github.com/randorisec/MobileHackingCheatSheet
#android #ios #cheatsheet #mobilesecurity #apps
π£RandoriSec
π@malwr
π₯1
ProcMon 3.93 supports configurable minifilter altitudes. This is great for teams that have to support minifilters! Thanks @markrussinovich!
π£GabrielLandau
π@malwr
π£GabrielLandau
π@malwr