Frida 16.0.19 is out! 🎊 We're excited to share that @bezjaje and @hsorbo solved two high-impact reliability issues 🔥
https://frida.re/news/2023/04/27/frida-16-0-19-released/
🗣fridadotre
🎖@malwr
https://frida.re/news/2023/04/27/frida-16-0-19-released/
🗣fridadotre
🎖@malwr
Frida • A world-class dynamic instrumentation toolkit
Frida 16.0.19 Released
Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX
Check Point researchers discuss various infection chains and lures used by APT37 in their recent attacks & the resulting payloads of ROKRAT and Amadey. The lures used are largely focused on South Korean foreign and domestic affairs. https://research.checkpoint.com/2023/chain-reaction-rokrats-missing-link/
🗣virusbtn
🎖@malwr
🗣virusbtn
🎖@malwr
❤1🔥1
Debugging with IDA: Understanding how user mode API hooks work and how to detect them in IDA.
https://youtu.be/spsRgAKv6SE
🗣allthingsida
🎖@malwr
https://youtu.be/spsRgAKv6SE
🗣allthingsida
🎖@malwr
YouTube
Debugging with IDA: Understanding and detecting API hooks
In this episode, we will do a brief introduction into API hooks (how they work), then we will show how to use IDA to detect the hooks in a live process or a crash dump file.
SentinelOne's Phil Stokes (@philofishal) takes a close look at how macOS Atomic Stealer works and describes a previously unreported second variant. https://www.sentinelone.com/blog/atomic-stealer-threat-actor-spawns-second-variant-of-macos-malware-sold-on-telegram/
🗣virusbtn
🎖@malwr
🗣virusbtn
🎖@malwr
My colleague Elias Bachaalany (@0xeb) has kept an excellent channel about IDA Pro (@allthingsida) with videos about its advanced features. No doubts, it's worth subscribing and following it.
https://www.youtube.com/@allthingsida
#idapro #reverseengineering
🗣ale_sp_brazil
🎖@malwr
https://www.youtube.com/@allthingsida
#idapro #reverseengineering
🗣ale_sp_brazil
🎖@malwr
Binary Ninja 3.4 released. They are getting scary good at C++ decompilation. Can't wait for @vector35 to get scary-good at Go, Rust, and other compiled languages https://binary.ninja/2023/05/03/3.4-finally-freed.html
🗣OpenMalware
🎖@malwr
🗣OpenMalware
🎖@malwr
Binary Ninja
Binary Ninja - 3.4: Finally Freed
Binary Ninja is a modern reverse engineering platform with a scriptable and extensible decompiler.
Zero Trust Architecture (NIST Special Publication 800-207)
Download Link in PDF:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
🗣CyberSecOb
🎖@malwr
Download Link in PDF:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
🗣CyberSecOb
🎖@malwr
Security Researcher @BushidoToken shares an overview of the Raspberry Robin (DEV-0856/Storm-0856) USB malware campaign providing access to ransomware operators. https://blog.bushidotoken.net/2023/05/raspberry-robin-global-usb-malware.html
🗣virusbtn
🎖@malwr
🗣virusbtn
🎖@malwr
Added EA information dumping tool.
https://github.com/daem0nc0re/TangledWinExec/commit/9beabf2ea1bb465aa65421f97e76028d103cddb1
🗣daem0nc0re
🎖@malwr
https://github.com/daem0nc0re/TangledWinExec/commit/9beabf2ea1bb465aa65421f97e76028d103cddb1
🗣daem0nc0re
🎖@malwr
dracon: Security scanning orchestration and results enrichment framework - The purpose of this project is to provide a scalable and flexible framework to execute arbitrary security scanning tools on code and infrastructure while processing the results in a versatile way.
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
GitHub
GitHub - ocurity/dracon: Security scanning & static analysis tool - forked and rewritten from @thought-machine/dracon
Security scanning & static analysis tool - forked and rewritten from @thought-machine/dracon - ocurity/dracon
Clean Rooms, Nuclear Missiles, and SideCopy, Oh My! - file is named “DRDO-K4-Missile-Clean-room.zip”.
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
Fortinet Blog
Clean Rooms, Nuclear Missiles, and SideCopy, Oh My! | FortiGuard Labs
The FortiGuard Labs team highlights threat actors conducting a targeted campaign that takes the time to create a lure relevant enough for the target to pursue.…
攻撃キャンペーンDangerousPasswordに関連する攻撃動向 - Attack trends related to the attack campaign DangerousPassword - continues to carry out attacks against cryptocurrency exchange operators in Japan. This attack group may contact the target from LinkedIn, so be careful when using SNS.
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
JPCERT/CC Eyes
攻撃キャンペーンDangerousPasswordに関連する攻撃動向 - JPCERT/CC Eyes
JPCERT/CCは、2019年6月から継続して攻撃キャンペーンDangerou...
NEW BLOG: How works Microsoft Defender Threat Intelligence / Defender TI – and what is the difference between free and paid
Included in the blog is the Sentinel TI feed integration and UI experience in Defender 365 which is recently announced.
https://jeffreyappel.nl/how-works-microsoft-defender-threat-intelligence-defender-ti-and-what-is-the-difference-between-free-and-paid/
🗣JeffreyAppel7
🎖@malwr
Included in the blog is the Sentinel TI feed integration and UI experience in Defender 365 which is recently announced.
https://jeffreyappel.nl/how-works-microsoft-defender-threat-intelligence-defender-ti-and-what-is-the-difference-between-free-and-paid/
🗣JeffreyAppel7
🎖@malwr
Jeffrey Appel - Microsoft Security blog
How works Microsoft Defender Threat Intelligence / Defender TI - and what is the difference between free and paid
Microsoft Defender Threat Intelligence (MDTI), previously known as RiskIQ brings threat Intelligence data together from multiple sources. With Microsoft Defender Threat Intelligence (MDTI), customers will have direct access to real-time data and signals to…