Microsoft Threat Intelligence researchers share information on the Volt Typhoon state-sponsored actor, its campaign targeting critical infrastructure providers, & its tactics for achieving and maintaining unauthorized access to target networks. https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/
🗣virusbtn


🎖@malwr

ESET's Lukas Stefanko describes a new Android RAT based on AhMyth. AhRat's specific malicious behaviour, which involves extracting microphone recordings & stealing files with specific extensions, potentially indicates involvement in an espionage campaign. https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/
🗣virusbtn


🎖@malwr

Windows File Explorer will support 7z, rar, and other compressed formats using open source libarchive library. Opening files soon, compressing files will come later. #MSBuild
🗣unixterminal


🎖@malwr

The DFIR Report's researchers look into an incident that started with the execution of IcedID malware contained within an Excel document delivered to the victim as part of a malspam campaign. https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/
🗣virusbtn


🎖@malwr

I’m excited to kick the morning off by announcing the release of 🍎 Living Off the Orchard: macOS Binaries (LOOBins)!

https://loobins.io

You can find more details about the LOOBins project in my “Introducing LOOBins” Medium post here:
https://infosecb.medium.com/introducing-loobins-9e732b9e06a6?source=friends_link&sk=e4d46e0ef07add52b5c77fd3a9dd3387
🗣infosecb


🎖@malwr

Fortinet researchers identified several simultaneous attacks targeting a government entity in the UAE. While most were classified as known threats, one remained unidentified - a custom targeted PowerShell-based backdoor with email-based C2 protocol. https://www.fortinet.com/blog/threat-research/operation-total-exchange-backdoor-discovered
🗣virusbtn


🎖@malwr

How to geolocate mobile phones based on IP addresses?

http://nixintel.info/osint/geolocating-mobile-phones-with-an-ip/

@nixintel
@MwOsint

#OSINT #investigation #CTI #infosec #cybersecurity #DFIR #ThreatIntel #intelligence #reconnaissance
🗣DailyOsint


🎖@malwr

Scan Container Images for Vulnerabilities with Docker Scout https://buff.ly/3OsMuVI #devops #opensource #automation
🗣osodevops


🎖@malwr

Tool Release: Code Credential Scanner (ccs) https://research.nccgroup.com/2023/05/23/tool-release-code-credential-scanner-ccs/
🗣Dinosn


🎖@malwr

CrowdStrike Falcon Platform Achieves Certification in AV-Comparatives’ First Anti-Tampering Test
🗣BradW-CS

Tamper Resistant != Tamper Proof
👤Vengeful-Melon

Right. And yet it's still trivial?
Exit: W10 only
👤Doctorexx


🎖@malwr

🔓 Part 1 of our #OALABS Patreon tutorial series on the PEB unlocked for everyone…

Understanding The PEB for Reverse Engineers

https://youtu.be/uyisPPTupmA
🗣herrcore


🎖@malwr

Check Point's Alexey Bukhteyev & Arie Olshtein provide insights into GuLoader's evolution. GuLoader is a prominent shellcode-based downloader, active for more than 3 years, that has been used in a large number of attacks to deliver a wide range of malware. https://research.checkpoint.com/2023/cloud-based-malware-delivery-the-evolution-of-guloader/
🗣virusbtn


🎖@malwr

I made a video of how to solve Hex-Ray's CTF using path driven symbolic execution by using Binary Ninja and the plugin SENinja. :) https://youtu.be/lay3PtTtubM
🗣yates82


🎖@malwr

✅✅✅ Forward posts to the other groups ✅✅✅