McAfee's Anandeshwar Unnikrishnan analyses recent GULoader campaigns in which NSIS-based installers, delivered via email as malspam, use plugin libraries to execute the GU shellcode on the victim system. https://www.mcafee.com/blogs/other-blogs/mcafee-labs/guloader-campaigns-a-deep-dive-analysis-of-a-highly-evasive-shellcode-based-loader/
🗣virusbtn


🎖@malwr

Ransomware Risk Management
Download Link (PDF):
https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8374.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
🗣JMonteagudoE


🎖@malwr

Digital Forensics and Incident Response (DFIR) Framework for OT
Source: NIST
Download Link:
https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8428.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
🗣CyberSecOb


🎖@malwr

We’ve just published another great Plugin Focus article! Can Bölük ( @_can1357 ) introduces his NtRays plugin for automated simplification of Windows Kernel decompilation. Read more 🌐 https://hex-rays.com/blog/plugin-focus-ntrays/?utm_source=Social-Media-Post&utm_medium=Twitter&utm_campaign=Plugin-Focus-ntrays

#IDAPro #IDAPython #IDAPlugin #NtRays
🗣HexRaysSA


🎖@malwr

Medusa Ransomware technical analysis report
MedusaLocker ransomware has been active since September 2019. MedusaLocker actors typically access victims’ networks by exploiting vulnerabilities in Remote Desktop Protocol (RDP).


https://link.medium.com/G8YxzhstHzb

ℹ️ Sent from one of our channel members

🎖@malwr

Check out my writeup on #Vidar #Stealer https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-vidar-stealer 😊
@esthreat
🗣AnFam17


🎖@malwr

Sophos researchers look into a recently observed ransomware family dubbed Akira and describe how it was deployed by different actors in two incidents they assisted with. https://news.sophos.com/en-us/2023/05/09/akira-ransomware-is-bringin-88-back/
🗣virusbtn


🎖@malwr

Did you know you can tell IDA to load additional types for Windows API? See how to do that 🌐 https://hex-rays.com/blog/igors-tip-of-the-week-140-loading-pdb-types/?utm_source=Social-Media-Post&utm_medium=Twitter&utm_campaign=Igor-Tip-140

#IgorsTipOfTheWeek #IDAtips #IDAProTutorials
🗣HexRaysSA


🎖@malwr

Check Point has published its April 2023 Global Threat Index report: AgentTesla was the most prevalent malware last month, with an impact of 10% worldwide organizations, followed by Qbot with a global impact of 7%, and Formbook with a global impact of 6%. https://blog.checkpoint.com/security/april-2023s-most-wanted-malware-qbot-launches-substantial-malspam-campaign-and-mirai-makes-its-return/
🗣virusbtn


🎖@malwr

JPCERT/CC has observed attacks on cryptocurrency exchanges believed to be related to the DangerousPassword attack campaign (aka CryptoMimic or SnatchCrypto). They describe the new attack technique used recently by DangerousPassword. https://blogs.jpcert.or.jp/en/2023/05/dangerouspassword.html
🗣virusbtn


🎖@malwr

🚀 Just released an updated Windows API function cheatsheet! 📚💻 Level up your skills in #ReverseEngineering #MalwareAnalysis and more with this comprehensive resource. #WindowsAPI #CheatSheet

🔗 Check it out: https://github.com/snowcra5h/windows-api-function-cheatsheets
🗣snowcra5h


🎖@malwr