Freeze.rs: Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
GitHub
GitHub - optiv/Freeze.rs: Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls writtenโฆ
Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST - optiv/Freeze.rs
Getting Started with Windows Malware Development
๐ฃdigicat
Thanks for sharing. Very interesting talk on malware development.
๐คhandroid2049
๐@malwr
๐ฃdigicat
Thanks for sharing. Very interesting talk on malware development.
๐คhandroid2049
๐@malwr
YouTube
OnlyMalware - Getting Started with Windows Malware Development - by rad98
Getting Started with Windows Malware Development - a talk given by rad98
OnlyMalware Discord server: https://discord.gg/jugYNtvNvp
rad98 twitter: https://twitter.com/rad9800
OnlyMalware Discord server: https://discord.gg/jugYNtvNvp
rad98 twitter: https://twitter.com/rad9800
Uncovering CVE-2022-37985: A Unique Information Disclosure Vulnerability in Windows Graphics Component - discovered a native network channel that could be utilized to exfiltrate the leaked memory data - we set the Filename field to start with โ\??\UNC\172.16.96.***@8888\โ, which directs to a WebDAV
๐ฃdigicat
Signature opportunity for the Yara will be UNC named paths in docx with EMP signatures
๐คdigicat
๐@malwr
๐ฃdigicat
Signature opportunity for the Yara will be UNC named paths in docx with EMP signatures
๐คdigicat
๐@malwr
Trellix
Uncovering CVE-2022-37985: A Unique Information Disclosure Vulnerability in Windows Graphics Component
Get a comprehensive understanding of CVE-2022-37985, a unique information disclosure vulnerability in Windows Graphics Component. Our blog post covers the technical details of the vulnerability, how it can be exploited, and advice on mitigating the risks.
Leveraging Microsoft eXtended Flow Guard (XFG) to help with reverse engineering
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
M417Z
Leveraging XFG to help with reverse engineering
Microsoft eXtended Flow Guard (XFG) is a control-flow integrity (CFI) technique that extends CFG with function call signatures. It was presented by Microsoft in 2019, and itโs an interesting mitigation, but this blog post isnโt going to discuss its securityโฆ
APT-Hunter: APT-Hunter is Threat Hunting tool for Windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
GitHub
GitHub - ahmedkhlief/APT-Hunter: APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset toโฆ
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover su...
NATO and Article 5 in Cyberspace:NATO designated cyberspace as a domain of warfare & recognized that an adversarial cyber campaign could trigger the Allianceโs collective defense mechanism under Article 5. Given the complexities of cyberattacks it's unknown whether & what kind attacks get a response
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
CTI researcher @BushidoToken looks at a financially motivated Kenyan threat actor. GreenMwizi set up 12 fake Booking[.]com Twitter accounts targeting users who make public complaints, the aim being to socially engineer them into sending funds via Remitly. https://blog.bushidotoken.net/2023/05/greenmwizi-kenyan-scamming-campaign.html
๐ฃvirusbtn
๐@malwr
๐ฃvirusbtn
๐@malwr
ESET has released its Q4 2022 ยญ- Q1 2023 APT Activity Report, which summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated & analysed by ESET's researchers during that period. https://www.welivesecurity.com/2023/05/09/eset-apt-activity-report-q42022-q12023/
๐ฃvirusbtn
๐@malwr
๐ฃvirusbtn
๐@malwr
As a #Reverse #Engineering enthusiast, I recently wrote a configuration extractor using Python to decrypt data encrypted by Qbot malware. With this code, I can easily extract the strings from the decrypted data and analyze the malware's configuration
https://github.com/FarghlyMal/QBotConfig-Extractor/blob/main/Config%20Extractor.py
๐ฃFarghlyMal
๐@malwr
https://github.com/FarghlyMal/QBotConfig-Extractor/blob/main/Config%20Extractor.py
๐ฃFarghlyMal
๐@malwr
โค1
Firewall Testing Checklist
#cybersecurity #infosec #cyberattack
https://en.iguru.gr/firewall-einai-kai-giati-prepei-chrisimopoieite/
๐ฃAnastasis_King
๐@malwr
#cybersecurity #infosec #cyberattack
https://en.iguru.gr/firewall-einai-kai-giati-prepei-chrisimopoieite/
๐ฃAnastasis_King
๐@malwr
(recommended reading) Hunting Russian Intelligence โSnakeโ Malware:
HTML: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a
PDF: https://www.cisa.gov/sites/default/files/2023-05/aa23-129a_snake_malware_1.pdf
#cybersecurity #infosec #cyberespionage #threathunting #threatintel #cybersecurity #threatintelligence
๐ฃblackstormsecbr
๐@malwr
HTML: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a
PDF: https://www.cisa.gov/sites/default/files/2023-05/aa23-129a_snake_malware_1.pdf
#cybersecurity #infosec #cyberespionage #threathunting #threatintel #cybersecurity #threatintelligence
๐ฃblackstormsecbr
๐@malwr
iknowjason/Awesome-CloudSec-Labs: Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.
๐ฃjnazario
๐@malwr
๐ฃjnazario
๐@malwr
GitHub
GitHub - iknowjason/Awesome-CloudSec-Labs: Awesome free cloud native security learning labs. Includes CTF, self-hosted workshopsโฆ
Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs. - GitHub - iknowjason/Awesome-CloudSec-Labs: Awesome free clou...
AgentTesla - Full Loader Analysis - Resolving API Hashes Using Conditional Breakpoints
๐ฃjnazario
๐@malwr
๐ฃjnazario
๐@malwr
Embee Research
AgentTesla Malware Analysis - How To Resolve API Hashes With Conditional Breakpoints
Analysis of a Multi-Stage Loader for AgentTesla. Covering Ghidra, Dnspy, X32dbg, API Hashing and more!
McAfee's Anandeshwar Unnikrishnan analyses recent GULoader campaigns in which NSIS-based installers, delivered via email as malspam, use plugin libraries to execute the GU shellcode on the victim system. https://www.mcafee.com/blogs/other-blogs/mcafee-labs/guloader-campaigns-a-deep-dive-analysis-of-a-highly-evasive-shellcode-based-loader/
๐ฃvirusbtn
๐@malwr
๐ฃvirusbtn
๐@malwr