Excited to have several of our engineers @offensive_con this week! Among them will be @yarden_shafir, who gives us an intro to Windows Notification Facility's (WNF) Code Integrity features in our latest blog post.
https://blog.trailofbits.com/2023/05/16/introducing-windows-notification-facilitys-wnf-code-integrity/
π£trailofbits
π@malwr
https://blog.trailofbits.com/2023/05/16/introducing-windows-notification-facilitys-wnf-code-integrity/
π£trailofbits
π@malwr
Latest Certified Ethical Hacker (CEHv12)
Free resources drive, featuring video lectures, PDF
notes, and practical labs - all at your fingertips!
https://mega.nz/folder/xacxzDxI#wPLPpfdk8m8lCmM-X0BbvQ
π£khalilApriday
π@malwr
Free resources drive, featuring video lectures, PDF
notes, and practical labs - all at your fingertips!
https://mega.nz/folder/xacxzDxI#wPLPpfdk8m8lCmM-X0BbvQ
π£khalilApriday
π@malwr
mega.nz
File folder on MEGA
Best of Wireshark Filter Cheat Sheet
Credit: https://cellstream.com/wireshark-profiles-repository/β¦
#infosec #cybersecurity #pentesting #Wireshark #informationsecurity #DataSecurity #CyberSec #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness
π£Shubham_pen
π@malwr
Credit: https://cellstream.com/wireshark-profiles-repository/β¦
#infosec #cybersecurity #pentesting #Wireshark #informationsecurity #DataSecurity #CyberSec #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness
π£Shubham_pen
π@malwr
π2
DroidFrida: Android app for executing frida scripts directly on your android device
https://github.com/ac3ss0r/DroidFrida/
π£tbbhunter
π@malwr
https://github.com/ac3ss0r/DroidFrida/
π£tbbhunter
π@malwr
GitHub
GitHub - ac3ss0r/DroidFrida: Portable frida injector for rooted android devices.
Portable frida injector for rooted android devices. - ac3ss0r/DroidFrida
𧩠Chrome Extensions - Forensics https://vikas-singh.notion.site/vikas-singh/Chrome-Extensions-Forensics-82d0154c650747a695a776d53a9114fd
π£akaclandestine
π@malwr
π£akaclandestine
π@malwr
Vikas's Notion on Notion
Chrome Extensions - Forensics
Background and Scope
Cisco Talos researchers recently discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023 using suspected leaked Babuk ransomware source code and targeting companies in the US & South Korea. https://blog.talosintelligence.com/ra-group-ransomware/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Let's start working with the debugger from IDAPython. Easy topics first: process state, debugger modules and debug names. https://youtu.be/rgyTaXkPzfM
π£allthingsida
π@malwr
π£allthingsida
π@malwr
YouTube
IDAPython: Enumerating loaded modules and debug names
In this video, we explain the concept of a process state, how to enumerate loaded modules and debug names
New blog post: Cobalt Strike and YARA - Can I have your signature? https://www.cobaltstrike.com/blog/cobalt-strike-and-yara-can-i-have-your-signature/
π£joehowwolf
π@malwr
π£joehowwolf
π@malwr
DevSecOps Fundamentals Guidebook
Source: DoD
Download Link (PDF):
https://dodcio.defense.gov/Portals/0/Documents/Library/DevSecOps%20Fundamentals%20Guidebook-DevSecOps%20Tools%20and%20Activities_DoD-CIO_20211019.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
π£CyberInnSummits
π@malwr
Source: DoD
Download Link (PDF):
https://dodcio.defense.gov/Portals/0/Documents/Library/DevSecOps%20Fundamentals%20Guidebook-DevSecOps%20Tools%20and%20Activities_DoD-CIO_20211019.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
π£CyberInnSummits
π@malwr
Checkpoint researchers have discovered & analysed a malicious firmware implant tailored for TP-Link routers, used in campaigns linked to Chinese APT group Camaro Dragon. The Horse Shell router implant provides remote shell, file transfer & SOCKS tunneling https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Secureworks researchers look into the infostealer ecosystem. The evolution of criminal marketplaces allows relatively low-skilled threat actors to access tools with advanced capabilities to attack many victims. https://www.secureworks.com/research/the-growing-threat-from-infostealers
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Zscaler's Santiago Vicente & Brett Stone-Gross present a technical analysis of the CryptNet ransomware and look at its close relationship with the Yashma ransomware. https://www.zscaler.com/blogs/security-research/technical-analysis-cryptnet-ransomware
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Symantec researchers analyse the Merdoor backdoor, used very selectively by the Lancefly threat group in attacks targeting organizations in South and Southeast Asia. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lancefly-merdoor-zxshell-custom-backdoor
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Recently we found a suspicious shellcode running in the memory of a system process. We decided to investigate how the shellcode was initially placed into the process and where on the infected system the threat was hidden.
We named this #malware #Minas π https://kas.pr/fn5y
π£e_kaspersky
π@malwr
We named this #malware #Minas π https://kas.pr/fn5y
π£e_kaspersky
π@malwr
This is interesting reading regarding the .zip TLD. However, it's of near zero consequence to phishing attacks, read it first then I'll explain: https://medium.com/@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5
π£troyhunt
π@malwr
π£troyhunt
π@malwr
Medium
The Dangers of Googleβs .zip TLD
Can you quickly tell which of the URLs below is legitimate and which one is a malicious phish that drops evil.exe?
Ppl that run an honeypot: what hosting company are you using? What is your fav software?
Hi all,
Iβd like to run an honeypot in the hope to collect some current malware samples. If you are an honeypot admin, then I have some questions for you:
1) what software are you running? And why?
2) what is the hosting company that is hosting your honeypot/honeypots?
3) How much do you pay every month?
4) what software would you suggest for a cheap/low end VPS?
5) after how much hours/days have you collected the 1st binary sample in your honeypot?
I have done some research and I found an incredible AIO solution called T-POT. It is a collection of the most used honeypots (cowrie, dionaea etc.) but it requires 8+ GB of ram and 150GB of HDD spaceβ¦ so it will not be cheap to host this π
Thanks a lot!
π£Luca-91
I run a custom HTTP honeypot at the edge of my home network and on a cheapy VPS. I'm able to find command injection attempts in payload and headers which usually yield Mirai and Mozi samples.
Overall, I collect the request data and store it in a MySQL table for aggregating stats.
π€issued-username
T-pot, set a few malware files in the server as well
π€dumpsteraccount01
I run 3 honeypots on EC2/Lightsail instances at AWS. I am using mainly Snort/Suricata to detect attacks against the devices - not so much a 'honeypot' but I am in the process of standing up more low-interaction true honeypots on the platform. Lightsail can do fixed cost of like $5/$10/$20 etc price points, overall price with a syslog server to aggregate everything is like $30-40 per month or something, maybe a little less. Hard to tell since I am running lots of other things on AWS.
T-POT is extreme end of honeypots..not worth it for me.
Self-Promotion: https://beesting.tools/
π€panscanner
π@malwr
Hi all,
Iβd like to run an honeypot in the hope to collect some current malware samples. If you are an honeypot admin, then I have some questions for you:
1) what software are you running? And why?
2) what is the hosting company that is hosting your honeypot/honeypots?
3) How much do you pay every month?
4) what software would you suggest for a cheap/low end VPS?
5) after how much hours/days have you collected the 1st binary sample in your honeypot?
I have done some research and I found an incredible AIO solution called T-POT. It is a collection of the most used honeypots (cowrie, dionaea etc.) but it requires 8+ GB of ram and 150GB of HDD spaceβ¦ so it will not be cheap to host this π
Thanks a lot!
π£Luca-91
I run a custom HTTP honeypot at the edge of my home network and on a cheapy VPS. I'm able to find command injection attempts in payload and headers which usually yield Mirai and Mozi samples.
Overall, I collect the request data and store it in a MySQL table for aggregating stats.
π€issued-username
T-pot, set a few malware files in the server as well
π€dumpsteraccount01
I run 3 honeypots on EC2/Lightsail instances at AWS. I am using mainly Snort/Suricata to detect attacks against the devices - not so much a 'honeypot' but I am in the process of standing up more low-interaction true honeypots on the platform. Lightsail can do fixed cost of like $5/$10/$20 etc price points, overall price with a syslog server to aggregate everything is like $30-40 per month or something, maybe a little less. Hard to tell since I am running lots of other things on AWS.
T-POT is extreme end of honeypots..not worth it for me.
Self-Promotion: https://beesting.tools/
π€panscanner
π@malwr
Reddit
From the Malware community on Reddit
Explore this post and more from the Malware community
GitHub - imthenachoman/How-To-Secure-A-Linux-Server: An evolving how-to guide for securing a Linux server. https://github.com/imthenachoman/How-To-Secure-A-Linux-Server
π£akaclandestine
π@malwr
π£akaclandestine
π@malwr
GitHub
GitHub - imthenachoman/How-To-Secure-A-Linux-Server: An evolving how-to guide for securing a Linux server.
An evolving how-to guide for securing a Linux server. - imthenachoman/How-To-Secure-A-Linux-Server