Windows Memory Dump Analysis With Volatility #DFIR
https://digitalinvestigator.blogspot.com/2022/07/windows-memory-dump-analysis-with.html
🗣DirectoryRanger
🎖@malwr
https://digitalinvestigator.blogspot.com/2022/07/windows-memory-dump-analysis-with.html
🗣DirectoryRanger
🎖@malwr
Digital Investigator
Windows Memory Dump Analysis With Volatility
These volatility modules parse these structures and substructures within them and presents the examiner a beautiful tabular view for analysis
A new open source tool to check the integrity of an iPhone without jailbreaking it. Great work from @ddurvaux Aaron Kaplan and Emilien.
#DFIR #FIRSTCON23
https://github.com/EC-DIGIT-CSIRC/sysdiagnose
🗣adulau
🎖@malwr
#DFIR #FIRSTCON23
https://github.com/EC-DIGIT-CSIRC/sysdiagnose
🗣adulau
🎖@malwr
GitHub
GitHub - EC-DIGIT-CSIRC/sysdiagnose: Forensic toolkit for iOS sysdiagnose feature
Forensic toolkit for iOS sysdiagnose feature. Contribute to EC-DIGIT-CSIRC/sysdiagnose development by creating an account on GitHub.
👍1
Rust Binary Analysis, Feature By Feature https://research.checkpoint.com/2023/rust-binary-analysis-feature-by-feature/ #Pentesting #CyberSecurity #Infosec
🗣ptracesecurity
🎖@malwr
🗣ptracesecurity
🎖@malwr
Vulnerability Analysis with Ghidra Scripting https://medium.com/@cy1337/vulnerability-analysis-with-ghidra-scripting-ccf416cfa56d
🗣reverseame
🎖@malwr
🗣reverseame
🎖@malwr
Medium
Vulnerability Analysis with Ghidra Scripting
As some of you may have seen, I posted a challenge to use Ghidra to identify a vulnerability in a WarGames themed game. There has been a…
Basic introduction to patch diffing in Ghidra by @qkaiser
(Cisco RV110W)
Part 1: https://quentinkaiser.be/exploitdev/2020/09/23/ghetto-patch-diffing-cisco/
Part 2: https://quentinkaiser.be/exploitdev/2020/10/01/patch-diffing-cisco-rv110/
#reverseengineering #patch #infosec #cybersecurity
🗣0xor0ne
🎖@malwr
(Cisco RV110W)
Part 1: https://quentinkaiser.be/exploitdev/2020/09/23/ghetto-patch-diffing-cisco/
Part 2: https://quentinkaiser.be/exploitdev/2020/10/01/patch-diffing-cisco-rv110/
#reverseengineering #patch #infosec #cybersecurity
🗣0xor0ne
🎖@malwr
IDA PRO 8.3 finally has the Goomba plugin built-in! De-obfuscate simple MBAs out-of-the-box! @HexRaysSA https://github.com/HexRaysSA/goomba😍
🗣enovella_
🎖@malwr
🗣enovella_
🎖@malwr
🔥1
[Blog] No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
An analysis of AddressOfEntryPoint and the 'new' ThreadQuerySetWin32StartAddress (ThreadQuery) process injection techniques
https://bohops.com/2023/06/09/no-alloc-no-problem-leveraging-program-entry-points-for-process-injection/
🗣bohops
🎖@malwr
An analysis of AddressOfEntryPoint and the 'new' ThreadQuerySetWin32StartAddress (ThreadQuery) process injection techniques
https://bohops.com/2023/06/09/no-alloc-no-problem-leveraging-program-entry-points-for-process-injection/
🗣bohops
🎖@malwr
bohops
No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
Introduction Process Injection is a popular technique used by Red Teams and threat actors for defense evasion, privilege escalation, and other interesting use cases. At the time of this publishing,…
Since using legit drivers to kill processes seems to be a thing 🤷♀️
Here's my crappy script to identify potential process killer drivers on LOLDrivers
https://github.com/xalicex/LOLDrivers_finder
🗣AliceCliment
🎖@malwr
Here's my crappy script to identify potential process killer drivers on LOLDrivers
https://github.com/xalicex/LOLDrivers_finder
🗣AliceCliment
🎖@malwr
GitHub
GitHub - xalicex/LOLDrivers_finder
Contribute to xalicex/LOLDrivers_finder development by creating an account on GitHub.
Check Point researchers observed a wave of highly targeted espionage attacks in Libya that utilize a new custom modular backdoor. Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions. https://research.checkpoint.com/2023/stealth-soldier-backdoor-used-in-targeted-espionage-attacks-in-north-africa/
🗣virusbtn
🎖@malwr
🗣virusbtn
🎖@malwr
Applying #yara rules on Time Travel Debugging (#ttd) traces : Welcome yara-ttd !!! #SSTIC
https://github.com/airbus-cert/yara-ttd
🗣citronneur
🎖@malwr
https://github.com/airbus-cert/yara-ttd
🗣citronneur
🎖@malwr
GitHub
GitHub - airbus-cert/yara-ttd: Use YARA rules on Time Travel Debugging traces
Use YARA rules on Time Travel Debugging traces. Contribute to airbus-cert/yara-ttd development by creating an account on GitHub.
ESET's @matthieu_faou describes new findings relating to crimeware group Asylum Ambuscade. The group targets bank customers & cryptocurrency traders in various regions but also carries out espionage against government entities in Europe & Central Asia. https://www.welivesecurity.com/2023/06/08/asylum-ambuscade-crimeware-or-cyberespionage/
🗣virusbtn
🎖@malwr
🗣virusbtn
🎖@malwr
"Best online tools for #Telegram investigations"
An article with small list of the most important search engines, directories, online services, and bots for finding any information in Telegram.
https://medium.com/@TheInvestigatorBlog/best-online-tools-for-telegram-investigations-9746b17c90d8
Thanks for tip @osintbear
🗣cyb_detective
🎖@malwr
An article with small list of the most important search engines, directories, online services, and bots for finding any information in Telegram.
https://medium.com/@TheInvestigatorBlog/best-online-tools-for-telegram-investigations-9746b17c90d8
Thanks for tip @osintbear
🗣cyb_detective
🎖@malwr
Why do we do #MalwareAnalysis?
@ForensicITGuy explains with practical examples.
https://www.youtube.com/watch?v=16kSEoDvV5c
#CyberSecurity #CTI #infosec #DFIR #ThreatIntel #BlueTeam #SANS #Malware #CTISummit
🗣DailyCTI
🎖@malwr
@ForensicITGuy explains with practical examples.
https://www.youtube.com/watch?v=16kSEoDvV5c
#CyberSecurity #CTI #infosec #DFIR #ThreatIntel #BlueTeam #SANS #Malware #CTISummit
🗣DailyCTI
🎖@malwr
❤2
Ever had trouble signing your drivers with leaked expired EV certificates? I made a fix for that: https://github.com/namazso/MagicSigner
🗣namazso
🎖@malwr
🗣namazso
🎖@malwr
GitHub
GitHub - namazso/MagicSigner: Signtool for expired certificates
Signtool for expired certificates. Contribute to namazso/MagicSigner development by creating an account on GitHub.