librick/ic1101: Reverse engineering of a 2021 Honda Civic headunit
π£tnavda
I've been curious if the LKAS stuff is contained within one of the APKs, or if that software is located elsewhere. There is a hard-coded 45MPH minimum to activate LKAS, but that always seemed pretty arbitrary to me, and I wonder if one could modify that and see what happens.
π€ebol4anthr4x
π@malwr
π£tnavda
I've been curious if the LKAS stuff is contained within one of the APKs, or if that software is located elsewhere. There is a hard-coded 45MPH minimum to activate LKAS, but that always seemed pretty arbitrary to me, and I wonder if one could modify that and see what happens.
π€ebol4anthr4x
π@malwr
GitHub
GitHub - librick/ic1101: Reverse engineering and hacking 10th generation Honda Civic headunits
Reverse engineering and hacking 10th generation Honda Civic headunits - librick/ic1101
Ransomware Notes
This is a collection of various #ransomware notes from the past to the present.
https://github.com/threatlabz/ransomware_notes
#cybersecurity #infosec
https://t.me/hackgit/8819
π£hack_git
π@malwr
This is a collection of various #ransomware notes from the past to the present.
https://github.com/threatlabz/ransomware_notes
#cybersecurity #infosec
https://t.me/hackgit/8819
π£hack_git
π@malwr
Microsoft Threat Intelligence researchers share information on the Volt Typhoon state-sponsored actor, its campaign targeting critical infrastructure providers, & its tactics for achieving and maintaining unauthorized access to target networks. https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
ESET's Lukas Stefanko describes a new Android RAT based on AhMyth. AhRat's specific malicious behaviour, which involves extracting microphone recordings & stealing files with specific extensions, potentially indicates involvement in an espionage campaign. https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
The DFIR Report's researchers look into an incident that started with the execution of IcedID malware contained within an Excel document delivered to the victim as part of a malspam campaign. https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Iβm excited to kick the morning off by announcing the release of π Living Off the Orchard: macOS Binaries (LOOBins)!
https://loobins.io
You can find more details about the LOOBins project in my βIntroducing LOOBinsβ Medium post here:
https://infosecb.medium.com/introducing-loobins-9e732b9e06a6?source=friends_link&sk=e4d46e0ef07add52b5c77fd3a9dd3387
π£infosecb
π@malwr
https://loobins.io
You can find more details about the LOOBins project in my βIntroducing LOOBinsβ Medium post here:
https://infosecb.medium.com/introducing-loobins-9e732b9e06a6?source=friends_link&sk=e4d46e0ef07add52b5c77fd3a9dd3387
π£infosecb
π@malwr
LOOBins
Living Off the Orchard: macOS Binaries.
Fortinet researchers identified several simultaneous attacks targeting a government entity in the UAE. While most were classified as known threats, one remained unidentified - a custom targeted PowerShell-based backdoor with email-based C2 protocol. https://www.fortinet.com/blog/threat-research/operation-total-exchange-backdoor-discovered
π£virusbtn
π@malwr
π£virusbtn
π@malwr
How to geolocate mobile phones based on IP addresses?
http://nixintel.info/osint/geolocating-mobile-phones-with-an-ip/
@nixintel
@MwOsint
#OSINT #investigation #CTI #infosec #cybersecurity #DFIR #ThreatIntel #intelligence #reconnaissance
π£DailyOsint
π@malwr
http://nixintel.info/osint/geolocating-mobile-phones-with-an-ip/
@nixintel
@MwOsint
#OSINT #investigation #CTI #infosec #cybersecurity #DFIR #ThreatIntel #intelligence #reconnaissance
π£DailyOsint
π@malwr
Scan Container Images for Vulnerabilities with Docker Scout https://buff.ly/3OsMuVI #devops #opensource #automation
π£osodevops
π@malwr
π£osodevops
π@malwr
The New Stack
Scan Container Images for Vulnerabilities with Docker Scout
What sets Docker Scout apart from some of the other offerings is that it not only will display CVEs but also the composition of the image.
Tool Release: Code Credential Scanner (ccs) https://research.nccgroup.com/2023/05/23/tool-release-code-credential-scanner-ccs/
π£Dinosn
π@malwr
π£Dinosn
π@malwr
CrowdStrike Falcon Platform Achieves Certification in AV-Comparativesβ First Anti-Tampering Test
π£BradW-CS
Tamper Resistant != Tamper Proof
π€Vengeful-Melon
Right. And yet it's still trivial?
Exit: W10 only
π€Doctorexx
π@malwr
π£BradW-CS
Tamper Resistant != Tamper Proof
π€Vengeful-Melon
Right. And yet it's still trivial?
Exit: W10 only
π€Doctorexx
π@malwr
crowdstrike.com
CrowdStrike Achieves Certification in AV-Comparativesβ First Anti-Tampering Test
Learn how CrowdStrike Falcon Enterprise successfully defended against all tampering attacks to win certification in AV-Comparatives first Anti-Tampering test.
DNS Identity - This report provides a view of authentication and verification of domain name owners in the context of domain name registration. It identifies the security challenges, good practices, security controls and associated risks in the domain name registration ecosystem.
π£digicat
π@malwr
π£digicat
π@malwr
www.enisa.europa.eu
DNS Identity | ENISA
ENISA is the EU agency dedicated to enhancing cybersecurity in Europe. They offer guidance, tools, and resources to safeguard citizens and businesses from cyber threats.
π Part 1 of our #OALABS Patreon tutorial series on the PEB unlocked for everyoneβ¦
Understanding The PEB for Reverse Engineers
https://youtu.be/uyisPPTupmA
π£herrcore
π@malwr
Understanding The PEB for Reverse Engineers
https://youtu.be/uyisPPTupmA
π£herrcore
π@malwr
π₯1
Check Point's Alexey Bukhteyev & Arie Olshtein provide insights into GuLoader's evolution. GuLoader is a prominent shellcode-based downloader, active for more than 3 years, that has been used in a large number of attacks to deliver a wide range of malware. https://research.checkpoint.com/2023/cloud-based-malware-delivery-the-evolution-of-guloader/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Nice quick introduction to persistence techniques in Windows by Ari Novick (@CyberArk)
https://www.cyberark.com/resources/threat-research-blog/persistence-techniques-that-persist
#cybersecurity
π£0xor0ne
π@malwr
https://www.cyberark.com/resources/threat-research-blog/persistence-techniques-that-persist
#cybersecurity
π£0xor0ne
π@malwr
I made a video of how to solve Hex-Ray's CTF using path driven symbolic execution by using Binary Ninja and the plugin SENinja. :) https://youtu.be/lay3PtTtubM
π£yates82
π@malwr
π£yates82
π@malwr
YouTube
Solving the Hex-Rays CTF using path driven symbolic execution.
Here I demonstrate how to solve the CTF using a binary ninja plugin called SENinja. Note that this version of the plugin shown in the video is part of a non-merged pull request of the plugin's master branch.