JPCERT/CC's Yuma Masubuchi provides details of an attack targeting Linux routers with the GobRAT malware. The attacker initially targets a router with WEBUI open to the public, executes scripts possibly by using vulnerabilities, & finally executes GobRAT. https://blogs.jpcert.or.jp/en/2023/05/gobrat.html
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Trend Micro's Sarah Pearl Camiling & Paul John Bardon write about a new Go-based information-stealing malware named Bandit Stealer, which targets numerous browsers and cryptocurrency wallets while evading detection. https://www.trendmicro.com/en_us/research/23/e/new-info-stealer-bandit-stealer-targets-browsers-wallets.html
π£virusbtn
π@malwr
π£virusbtn
π@malwr
π1
WinDiff - Browse and compare exports, debug symbols and debug types of PEs between Windows versions.
WinDiff is a streamlined revamp of ntdiff, wired directly to Winbindex to fetch Windows updates and PEs automatically.
App: https://windiff.vercel.app
Repo: https://github.com/ergrelet/windiff
π£ergrelet
π@malwr
WinDiff is a streamlined revamp of ntdiff, wired directly to Winbindex to fetch Windows updates and PEs automatically.
App: https://windiff.vercel.app
Repo: https://github.com/ergrelet/windiff
π£ergrelet
π@malwr
Find out the IP address through a call to Telegram⦠https://medium.com/@ibederov_en/find-out-the-ip-address-through-a-call-to-telegram-a899441b1bac #Pentesting #CyberSecurity #Infosec
π£ptracesecurity
π@malwr
π£ptracesecurity
π@malwr
π1
Let's get started with function flowcharts with IDAPython (part 1). https://youtu.be/omzxE6OoBVk
π£allthingsida
π@malwr
π£allthingsida
π@malwr
YouTube
IDAPython: Introduction to function flowcharts
This is a two parts series. In the first video, we will introduce the flowcharts concept and how to generate function and program flowcharts.
Websites to Scan Files for Viruses
1. http://Avira.com
2. http://VirusTotal.com
3. http://opentip.kaspersky.com
4. http://FortiGuard.com
5. http://Virusscan.jotti.org
π£SecurityTrybe
π@malwr
1. http://Avira.com
2. http://VirusTotal.com
3. http://opentip.kaspersky.com
4. http://FortiGuard.com
5. http://Virusscan.jotti.org
π£SecurityTrybe
π@malwr
Avira
Download Security Software for Windows, Mac, Android & iOS | Avira Antivirus
Discover a range of award-winning security, privacy & performance tools for all devices β’ Antivirus β’ VPN β’ System Speedup β’ Mobile & more. Download now
Learning Resources with Labs For Offensive Security Players. https://github.com/Zeyad-Azima/Offensive-Resources
π£Dinosn
π@malwr
π£Dinosn
π@malwr
GitHub
GitHub - Zeyad-Azima/Offensive-Resources: A Huge Learning Resources with Labs For Offensive Security Players
A Huge Learning Resources with Labs For Offensive Security Players - Zeyad-Azima/Offensive-Resources
A Video Demonstration on Cracking a GSM Capture File https://www.rtl-sdr.com/a-video-demonstration-on-cracking-a-gsm-capture-file/
π£rtlsdrblog
π@malwr
π£rtlsdrblog
π@malwr
β€2
Check Point researchers analyse the TinyNote backdoor associated with the Camaro Dragon cluster of activity. This Go-based backdoor is distributed with names related to foreign affairs matters, and likely targets Southeast and East Asian embassies. https://research.checkpoint.com/2023/malware-spotlight-camaro-dragons-tinynote-backdoor/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
LightsOut - generates an obfuscated DLL that will disable AMSI & ETW while trying to evade AV:
https://github.com/icyguider/LightsOut
π£VessOnSecurity
π@malwr
https://github.com/icyguider/LightsOut
π£VessOnSecurity
π@malwr
GitHub
GitHub - icyguider/LightsOut: Generate an obfuscated DLL that will disable AMSI & ETW
Generate an obfuscated DLL that will disable AMSI & ETW - icyguider/LightsOut
SonicWall researchers recently observed a new variant of GuLoader. They look at unpacking its shellcodes, a new anti-debug technique it deploys, and its custom Vectored Exception Handler. https://securitynews.sonicwall.com/xmlpost/guloader-demystified-unraveling-its-vectored-exception-handler-approach/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
DEV-0569 finds new ways to deliver Royal ransomware, various payloads | Microsoft Security Blog https://www.microsoft.com/en-us/security/blog/2022/11/17/dev-0569-finds-new-ways-to-deliver-royal-ransomware-various-payloads/
π£akaclandestine
π@malwr
π£akaclandestine
π@malwr
Microsoft News
DEV-0569 finds new ways to deliver Royal ransomware, various payloads
DEV-0569βs recent activity shows their reliance on malvertising and phishing in delivering malicious payloads. The groupβs changes and updates in delivery and payload led to distribution of info stealers and Royal ransomware.
fq: jq for binary formats - tool, language and decoders for working with binary and text formats
βοΈ 6243
Author: @mwader
#golang
https://github.com/wader/fq
π£GolangRepos
π@malwr
βοΈ 6243
Author: @mwader
#golang
https://github.com/wader/fq
π£GolangRepos
π@malwr
GitHub
GitHub - wader/fq: jq for binary formats - tool, language and decoders for working with binary and text formats
jq for binary formats - tool, language and decoders for working with binary and text formats - wader/fq
The first release candidate for dnSpyEx 6.4.0 has been released featuring many improvements and bug fixes!
Changelog and download can be found here:
https://github.com/dnSpyEx/dnSpy/releases/tag/v6.4.0-rc1
π£elektrokilldev
π@malwr
Changelog and download can be found here:
https://github.com/dnSpyEx/dnSpy/releases/tag/v6.4.0-rc1
π£elektrokilldev
π@malwr
GitHub
Release v6.4.0-rc1 Β· dnSpyEx/dnSpy
This is the first release candidate for the next version of dnSpyEx. As with any release candidate, if you encounter any issues please report them, especially if they were not present in the prior ...
π1
Excellent series on Windows rootkit development for red teaming
Credits @Idov31
Part 1: https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
Part 2: https://idov31.github.io/2022/08/04/lord-of-the-ring0-p2.html
Part 3: https://idov31.github.io/2022/10/30/lord-of-the-ring0-p3.html
Part 4: https://idov31.github.io/2023/02/24/lord-of-the-ring0-p4.html
#windows #driver #kernel #rootkit #redteam
π£0xor0ne
π@malwr
Credits @Idov31
Part 1: https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
Part 2: https://idov31.github.io/2022/08/04/lord-of-the-ring0-p2.html
Part 3: https://idov31.github.io/2022/10/30/lord-of-the-ring0-p3.html
Part 4: https://idov31.github.io/2023/02/24/lord-of-the-ring0-p4.html
#windows #driver #kernel #rootkit #redteam
π£0xor0ne
π@malwr
π₯1
The Windows Process Journey β conhost.exe (Console Window Host)
https://medium.com/@boutnaru/the-windows-process-journey-conhost-exe-console-window-host-f03f8db35574
#Windows #Microsoft #conhost #cmd #CLI #SBOM #DFIR #Learning #Forensics #IT #Tech #security #infosec #DevOps #DevSecOps #Console #TheWindowsProcessJourney
π£boutnaru
π@malwr
https://medium.com/@boutnaru/the-windows-process-journey-conhost-exe-console-window-host-f03f8db35574
#Windows #Microsoft #conhost #cmd #CLI #SBOM #DFIR #Learning #Forensics #IT #Tech #security #infosec #DevOps #DevSecOps #Console #TheWindowsProcessJourney
π£boutnaru
π@malwr
Medium
The Windows Process Journeyβββconhost.exe (Console Window Host)
βconhost.exeβ is an executable aka the βConsole Window Hostβ, which is located at β%windir%\System32\conhost.exeβ. The goal ofβ¦
Seeing more malware using binary padding for evasion and obfuscation?
Intezer security researcher @MhicRoibin explains how and why threat actors are inflating malware files with junk data, plus what you can do about it: https://hubs.li/Q01RRkPP0
π£IntezerLabs
π@malwr
Intezer security researcher @MhicRoibin explains how and why threat actors are inflating malware files with junk data, plus what you can do about it: https://hubs.li/Q01RRkPP0
π£IntezerLabs
π@malwr
Zscaler's Mallikarjun Piddannavar presents a technical analysis of a new info stealer called Bandit Stealer, which has been marketed and sold as a service on underground criminal forums since April 2023. https://www.zscaler.com/blogs/security-research/technical-analysis-bandit-stealer
π£virusbtn
π@malwr
π£virusbtn
π@malwr