A Video Demonstration on Cracking a GSM Capture File https://www.rtl-sdr.com/a-video-demonstration-on-cracking-a-gsm-capture-file/
π£rtlsdrblog
π@malwr
π£rtlsdrblog
π@malwr
β€2
Check Point researchers analyse the TinyNote backdoor associated with the Camaro Dragon cluster of activity. This Go-based backdoor is distributed with names related to foreign affairs matters, and likely targets Southeast and East Asian embassies. https://research.checkpoint.com/2023/malware-spotlight-camaro-dragons-tinynote-backdoor/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
LightsOut - generates an obfuscated DLL that will disable AMSI & ETW while trying to evade AV:
https://github.com/icyguider/LightsOut
π£VessOnSecurity
π@malwr
https://github.com/icyguider/LightsOut
π£VessOnSecurity
π@malwr
GitHub
GitHub - icyguider/LightsOut: Generate an obfuscated DLL that will disable AMSI & ETW
Generate an obfuscated DLL that will disable AMSI & ETW - icyguider/LightsOut
SonicWall researchers recently observed a new variant of GuLoader. They look at unpacking its shellcodes, a new anti-debug technique it deploys, and its custom Vectored Exception Handler. https://securitynews.sonicwall.com/xmlpost/guloader-demystified-unraveling-its-vectored-exception-handler-approach/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
DEV-0569 finds new ways to deliver Royal ransomware, various payloads | Microsoft Security Blog https://www.microsoft.com/en-us/security/blog/2022/11/17/dev-0569-finds-new-ways-to-deliver-royal-ransomware-various-payloads/
π£akaclandestine
π@malwr
π£akaclandestine
π@malwr
Microsoft News
DEV-0569 finds new ways to deliver Royal ransomware, various payloads
DEV-0569βs recent activity shows their reliance on malvertising and phishing in delivering malicious payloads. The groupβs changes and updates in delivery and payload led to distribution of info stealers and Royal ransomware.
fq: jq for binary formats - tool, language and decoders for working with binary and text formats
βοΈ 6243
Author: @mwader
#golang
https://github.com/wader/fq
π£GolangRepos
π@malwr
βοΈ 6243
Author: @mwader
#golang
https://github.com/wader/fq
π£GolangRepos
π@malwr
GitHub
GitHub - wader/fq: jq for binary formats - tool, language and decoders for working with binary and text formats
jq for binary formats - tool, language and decoders for working with binary and text formats - wader/fq
The first release candidate for dnSpyEx 6.4.0 has been released featuring many improvements and bug fixes!
Changelog and download can be found here:
https://github.com/dnSpyEx/dnSpy/releases/tag/v6.4.0-rc1
π£elektrokilldev
π@malwr
Changelog and download can be found here:
https://github.com/dnSpyEx/dnSpy/releases/tag/v6.4.0-rc1
π£elektrokilldev
π@malwr
GitHub
Release v6.4.0-rc1 Β· dnSpyEx/dnSpy
This is the first release candidate for the next version of dnSpyEx. As with any release candidate, if you encounter any issues please report them, especially if they were not present in the prior ...
π1
Excellent series on Windows rootkit development for red teaming
Credits @Idov31
Part 1: https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
Part 2: https://idov31.github.io/2022/08/04/lord-of-the-ring0-p2.html
Part 3: https://idov31.github.io/2022/10/30/lord-of-the-ring0-p3.html
Part 4: https://idov31.github.io/2023/02/24/lord-of-the-ring0-p4.html
#windows #driver #kernel #rootkit #redteam
π£0xor0ne
π@malwr
Credits @Idov31
Part 1: https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
Part 2: https://idov31.github.io/2022/08/04/lord-of-the-ring0-p2.html
Part 3: https://idov31.github.io/2022/10/30/lord-of-the-ring0-p3.html
Part 4: https://idov31.github.io/2023/02/24/lord-of-the-ring0-p4.html
#windows #driver #kernel #rootkit #redteam
π£0xor0ne
π@malwr
π₯1
The Windows Process Journey β conhost.exe (Console Window Host)
https://medium.com/@boutnaru/the-windows-process-journey-conhost-exe-console-window-host-f03f8db35574
#Windows #Microsoft #conhost #cmd #CLI #SBOM #DFIR #Learning #Forensics #IT #Tech #security #infosec #DevOps #DevSecOps #Console #TheWindowsProcessJourney
π£boutnaru
π@malwr
https://medium.com/@boutnaru/the-windows-process-journey-conhost-exe-console-window-host-f03f8db35574
#Windows #Microsoft #conhost #cmd #CLI #SBOM #DFIR #Learning #Forensics #IT #Tech #security #infosec #DevOps #DevSecOps #Console #TheWindowsProcessJourney
π£boutnaru
π@malwr
Medium
The Windows Process Journeyβββconhost.exe (Console Window Host)
βconhost.exeβ is an executable aka the βConsole Window Hostβ, which is located at β%windir%\System32\conhost.exeβ. The goal ofβ¦
Seeing more malware using binary padding for evasion and obfuscation?
Intezer security researcher @MhicRoibin explains how and why threat actors are inflating malware files with junk data, plus what you can do about it: https://hubs.li/Q01RRkPP0
π£IntezerLabs
π@malwr
Intezer security researcher @MhicRoibin explains how and why threat actors are inflating malware files with junk data, plus what you can do about it: https://hubs.li/Q01RRkPP0
π£IntezerLabs
π@malwr
Zscaler's Mallikarjun Piddannavar presents a technical analysis of a new info stealer called Bandit Stealer, which has been marketed and sold as a service on underground criminal forums since April 2023. https://www.zscaler.com/blogs/security-research/technical-analysis-bandit-stealer
π£virusbtn
π@malwr
π£virusbtn
π@malwr
CatSniffer is an original multiprotocol,& multiband board made for sniffing, communicating,& attacking IoT devices. That integrates the new chips CC1352, SX1262,& SAMD21E17 (Sub 1GHz & 2.4GHz).
https://github.com/ElectronicCats/CatSniffer
#SoftwareDefinedRAdio #SDR
#LoRa #LoRaWAN
#BLE #ZigBee
π£giammaiot2
π@malwr
https://github.com/ElectronicCats/CatSniffer
#SoftwareDefinedRAdio #SDR
#LoRa #LoRaWAN
#BLE #ZigBee
π£giammaiot2
π@malwr
In a new blog post Trend Micro researchers discuss the latest TargetCompany ransomware variant, Xollam, and the new initial access technique it uses. https://www.trendmicro.com/en_us/research/23/f/xollam-the-latest-face-of-targetcompany.html
π£virusbtn
π@malwr
π£virusbtn
π@malwr
A collection of bookmarks for penetration testers, bug bounty hunters, malware developers, reverse engineers and anyone who is just interested in infosec topics.
https://github.com/kargisimos/offensive-bookmarks
π£Dinosn
π@malwr
https://github.com/kargisimos/offensive-bookmarks
π£Dinosn
π@malwr
GitHub
GitHub - kargisimos/offensive-bookmarks: A collection of bookmarks for penetration testers, bug bounty hunters, malware developersβ¦
A collection of bookmarks for penetration testers, bug bounty hunters, malware developers, reverse engineers and anyone who is just interested in infosec topics. - kargisimos/offensive-bookmarks
[BLOG]
Bypassing Defender with ThreatCheck & Ghidra
https://offensivedefence.co.uk/posts/threatcheck-ghidra/
π£_RastaMouse
π@malwr
Bypassing Defender with ThreatCheck & Ghidra
https://offensivedefence.co.uk/posts/threatcheck-ghidra/
π£_RastaMouse
π@malwr
offensivedefence.co.uk
Bypassing Defender with ThreatCheck & Ghidra
Intro It should come as no surprise when payloads generated in their default state get swallowed up by Defender, as Microsoft have both the means and motivation to proactively produce signatures for open and closed source/commericial tooling. One tactic toβ¦
π1π₯1
strings2 - Extract strings from binary files and process memory https://github.com/glmcdona/strings2
π£reverseame
π@malwr
π£reverseame
π@malwr
GitHub
GitHub - glmcdona/strings2: strings2: An improved strings extraction tool.
strings2: An improved strings extraction tool. Contribute to glmcdona/strings2 development by creating an account on GitHub.
π₯1
For those who are encountering Golang malware (which are likely to be more and more of you as they language gains in popularity): the Ghidra scripts I made to help analyse Golang binaries in Ghidra are now public, along with a corporate blog diving into the details. The code itself is (if I may say so myself) very well documented. As such, if you push you Java hate aside, it's a knowledge base in and on its own.
Blog: https://www.trellix.com/en-us/about/newsroom/stories/research/feeding-gophers-to-ghidra.html
GitHub: https://github.com/advanced-threat-research/GhidraScripts
βΉοΈ Sent from one of our channel members
π@malwr
Blog: https://www.trellix.com/en-us/about/newsroom/stories/research/feeding-gophers-to-ghidra.html
GitHub: https://github.com/advanced-threat-research/GhidraScripts
βΉοΈ Sent from one of our channel members
π@malwr
Trellix
Feeding Gophers to Ghidra
Analysing Golang based malware samples is often time consuming. These scripts, based on Dorka Palotay's work, greatly improve Ghidra's handling of Golang based malware samples, making the analysis less cumbersome!
π₯5
RedLine Technical Analysis Report
https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152
βΉοΈ Sent from one of our channel members
π@malwr
https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152
βΉοΈ Sent from one of our channel members
π@malwr
π₯4