The latest blog post from http://Sekoia.io's TDR researchers aims at understanding & contextualising cyber malicious activities associated with Iran-nexus intrusions sets over the 2022-2023 period. https://blog.sekoia.io/iran-cyber-threat-overview/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Abusing undocumented features to spoof PE section headers by @x86matthew https://secret.club/2023/06/05/spoof-pe-sections.html
π£the_secret_club
π@malwr
π£the_secret_club
π@malwr
secret club
Abusing undocumented features to spoof PE section headers
Introduction Some time ago, I accidentally came across some interesting behaviour in PE files while debugging an unrelated project. I noticed that setting the SectionAlignment value in the NT header to a value lower than the page size (4096) resulted in significantβ¦
IBM Security X-Force researchers show how ITG10 is likely targeting South Korean government entities, universities, think tanks and dissidents with phishing emails in order to deliver RokRAT via LNK files. https://securityintelligence.com/posts/itg10-targeting-south-korean-entities/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Practical Windows Forensics Training https://github.com/bluecapesecurity/PWF #Pentesting #Windows #CyberSecurity #Infosec
π£ptracesecurity
π@malwr
π£ptracesecurity
π@malwr
Stealth Soldier Backdoor Used in Targeted Espionage Attacks in North Africa https://research.checkpoint.com/2023/stealth-soldier-backdoor-used-in-targeted-espionage-attacks-in-north-africa/
π£Dinosn
π@malwr
π£Dinosn
π@malwr
Check Point Research
Stealth Soldier Backdoor Used in Targeted Espionage Attacks in North Africa - Check Point Research
Key findings Introduction Check Point Research identified an ongoing operation against targets in North Africa involving a previously undisclosed multi-stage backdoor called Stealth Soldier. The malware Command and Control (C&C) network is part of a largerβ¦
https://cocomelonc.github.io/malware/2023/06/07/syscalls-1.html my intro to syscalls. I love introductory posts =^..^= #cybersec #cybersecurity #informationsecurity #malware #malwaredev #malwareanalysis #redteam #blueteam #purpleteam #hacking #ethicalhacking #windows #winapi #win32api #programming #cpp #assembly #asm
π£cocomelonckz
π@malwr
π£cocomelonckz
π@malwr
cocomelonc
Malware development trick - part 32. Syscalls - part 1. Simple C++ example.
ο·½
Digital Forensics Tools Cheat Sheet
π·Full HD Image: https://github.com/Ignitetechnologies/Mindmap/tree/main/Forensics
#infosec #cybersecurity #cybersecuritytips #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosecurity #cyberattacks #cybersecurityawareness #bugbounty #bugbountytips
π£hackinarticles
π@malwr
π·Full HD Image: https://github.com/Ignitetechnologies/Mindmap/tree/main/Forensics
#infosec #cybersecurity #cybersecuritytips #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosecurity #cyberattacks #cybersecurityawareness #bugbounty #bugbountytips
π£hackinarticles
π@malwr
Windows Memory Dump Analysis With Volatility #DFIR
https://digitalinvestigator.blogspot.com/2022/07/windows-memory-dump-analysis-with.html
π£DirectoryRanger
π@malwr
https://digitalinvestigator.blogspot.com/2022/07/windows-memory-dump-analysis-with.html
π£DirectoryRanger
π@malwr
Digital Investigator
Windows Memory Dump Analysis With Volatility
These volatility modules parse these structures and substructures within them and presents the examiner a beautiful tabular view for analysis
A new open source tool to check the integrity of an iPhone without jailbreaking it. Great work from @ddurvaux Aaron Kaplan and Emilien.
#DFIR #FIRSTCON23
https://github.com/EC-DIGIT-CSIRC/sysdiagnose
π£adulau
π@malwr
#DFIR #FIRSTCON23
https://github.com/EC-DIGIT-CSIRC/sysdiagnose
π£adulau
π@malwr
GitHub
GitHub - EC-DIGIT-CSIRC/sysdiagnose: Forensic toolkit for iOS sysdiagnose feature
Forensic toolkit for iOS sysdiagnose feature. Contribute to EC-DIGIT-CSIRC/sysdiagnose development by creating an account on GitHub.
π1
Rust Binary Analysis, Feature By Feature https://research.checkpoint.com/2023/rust-binary-analysis-feature-by-feature/ #Pentesting #CyberSecurity #Infosec
π£ptracesecurity
π@malwr
π£ptracesecurity
π@malwr
Vulnerability Analysis with Ghidra Scripting https://medium.com/@cy1337/vulnerability-analysis-with-ghidra-scripting-ccf416cfa56d
π£reverseame
π@malwr
π£reverseame
π@malwr
Medium
Vulnerability Analysis with Ghidra Scripting
As some of you may have seen, I posted a challenge to use Ghidra to identify a vulnerability in a WarGames themed game. There has been aβ¦
Basic introduction to patch diffing in Ghidra by @qkaiser
(Cisco RV110W)
Part 1: https://quentinkaiser.be/exploitdev/2020/09/23/ghetto-patch-diffing-cisco/
Part 2: https://quentinkaiser.be/exploitdev/2020/10/01/patch-diffing-cisco-rv110/
#reverseengineering #patch #infosec #cybersecurity
π£0xor0ne
π@malwr
(Cisco RV110W)
Part 1: https://quentinkaiser.be/exploitdev/2020/09/23/ghetto-patch-diffing-cisco/
Part 2: https://quentinkaiser.be/exploitdev/2020/10/01/patch-diffing-cisco-rv110/
#reverseengineering #patch #infosec #cybersecurity
π£0xor0ne
π@malwr
Let's work with function flow charts in IDAPython. https://youtu.be/y9WEtTmZibY
π£allthingsida
π@malwr
π£allthingsida
π@malwr
YouTube
IDAPython: Working with function flow charts and basic blocks
In this video, we build upon the introductory video on function flowcharts and delve deeper into the topic. Our focus is on the qflow_chart_t class, where we demonstrate how to enumerate basic blocks along with their predecessors and successors. Lastly, weβ¦
IDA PRO 8.3 finally has the Goomba plugin built-in! De-obfuscate simple MBAs out-of-the-box! @HexRaysSA https://github.com/HexRaysSA/goombaπ
π£enovella_
π@malwr
π£enovella_
π@malwr
π₯1
[Blog] No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
An analysis of AddressOfEntryPoint and the 'new' ThreadQuerySetWin32StartAddress (ThreadQuery) process injection techniques
https://bohops.com/2023/06/09/no-alloc-no-problem-leveraging-program-entry-points-for-process-injection/
π£bohops
π@malwr
An analysis of AddressOfEntryPoint and the 'new' ThreadQuerySetWin32StartAddress (ThreadQuery) process injection techniques
https://bohops.com/2023/06/09/no-alloc-no-problem-leveraging-program-entry-points-for-process-injection/
π£bohops
π@malwr
bohops
No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
Introduction Process Injection is a popular technique used by Red Teams and threat actors for defense evasion, privilege escalation, and other interesting use cases. At the time of this publishing,β¦