Basic introduction to patch diffing in Ghidra by @qkaiser
(Cisco RV110W)
Part 1: https://quentinkaiser.be/exploitdev/2020/09/23/ghetto-patch-diffing-cisco/
Part 2: https://quentinkaiser.be/exploitdev/2020/10/01/patch-diffing-cisco-rv110/
#reverseengineering #patch #infosec #cybersecurity
🗣0xor0ne
🎖@malwr
(Cisco RV110W)
Part 1: https://quentinkaiser.be/exploitdev/2020/09/23/ghetto-patch-diffing-cisco/
Part 2: https://quentinkaiser.be/exploitdev/2020/10/01/patch-diffing-cisco-rv110/
#reverseengineering #patch #infosec #cybersecurity
🗣0xor0ne
🎖@malwr
IDA PRO 8.3 finally has the Goomba plugin built-in! De-obfuscate simple MBAs out-of-the-box! @HexRaysSA https://github.com/HexRaysSA/goomba😍
🗣enovella_
🎖@malwr
🗣enovella_
🎖@malwr
🔥1
[Blog] No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
An analysis of AddressOfEntryPoint and the 'new' ThreadQuerySetWin32StartAddress (ThreadQuery) process injection techniques
https://bohops.com/2023/06/09/no-alloc-no-problem-leveraging-program-entry-points-for-process-injection/
🗣bohops
🎖@malwr
An analysis of AddressOfEntryPoint and the 'new' ThreadQuerySetWin32StartAddress (ThreadQuery) process injection techniques
https://bohops.com/2023/06/09/no-alloc-no-problem-leveraging-program-entry-points-for-process-injection/
🗣bohops
🎖@malwr
bohops
No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
Introduction Process Injection is a popular technique used by Red Teams and threat actors for defense evasion, privilege escalation, and other interesting use cases. At the time of this publishing,…
Since using legit drivers to kill processes seems to be a thing 🤷♀️
Here's my crappy script to identify potential process killer drivers on LOLDrivers
https://github.com/xalicex/LOLDrivers_finder
🗣AliceCliment
🎖@malwr
Here's my crappy script to identify potential process killer drivers on LOLDrivers
https://github.com/xalicex/LOLDrivers_finder
🗣AliceCliment
🎖@malwr
GitHub
GitHub - xalicex/LOLDrivers_finder
Contribute to xalicex/LOLDrivers_finder development by creating an account on GitHub.
Check Point researchers observed a wave of highly targeted espionage attacks in Libya that utilize a new custom modular backdoor. Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions. https://research.checkpoint.com/2023/stealth-soldier-backdoor-used-in-targeted-espionage-attacks-in-north-africa/
🗣virusbtn
🎖@malwr
🗣virusbtn
🎖@malwr
Applying #yara rules on Time Travel Debugging (#ttd) traces : Welcome yara-ttd !!! #SSTIC
https://github.com/airbus-cert/yara-ttd
🗣citronneur
🎖@malwr
https://github.com/airbus-cert/yara-ttd
🗣citronneur
🎖@malwr
GitHub
GitHub - airbus-cert/yara-ttd: Use YARA rules on Time Travel Debugging traces
Use YARA rules on Time Travel Debugging traces. Contribute to airbus-cert/yara-ttd development by creating an account on GitHub.
ESET's @matthieu_faou describes new findings relating to crimeware group Asylum Ambuscade. The group targets bank customers & cryptocurrency traders in various regions but also carries out espionage against government entities in Europe & Central Asia. https://www.welivesecurity.com/2023/06/08/asylum-ambuscade-crimeware-or-cyberespionage/
🗣virusbtn
🎖@malwr
🗣virusbtn
🎖@malwr
"Best online tools for #Telegram investigations"
An article with small list of the most important search engines, directories, online services, and bots for finding any information in Telegram.
https://medium.com/@TheInvestigatorBlog/best-online-tools-for-telegram-investigations-9746b17c90d8
Thanks for tip @osintbear
🗣cyb_detective
🎖@malwr
An article with small list of the most important search engines, directories, online services, and bots for finding any information in Telegram.
https://medium.com/@TheInvestigatorBlog/best-online-tools-for-telegram-investigations-9746b17c90d8
Thanks for tip @osintbear
🗣cyb_detective
🎖@malwr
Why do we do #MalwareAnalysis?
@ForensicITGuy explains with practical examples.
https://www.youtube.com/watch?v=16kSEoDvV5c
#CyberSecurity #CTI #infosec #DFIR #ThreatIntel #BlueTeam #SANS #Malware #CTISummit
🗣DailyCTI
🎖@malwr
@ForensicITGuy explains with practical examples.
https://www.youtube.com/watch?v=16kSEoDvV5c
#CyberSecurity #CTI #infosec #DFIR #ThreatIntel #BlueTeam #SANS #Malware #CTISummit
🗣DailyCTI
🎖@malwr
❤2
Ever had trouble signing your drivers with leaked expired EV certificates? I made a fix for that: https://github.com/namazso/MagicSigner
🗣namazso
🎖@malwr
🗣namazso
🎖@malwr
GitHub
GitHub - namazso/MagicSigner: Signtool for expired certificates
Signtool for expired certificates. Contribute to namazso/MagicSigner development by creating an account on GitHub.
GULoader Campaigns: A Deep Dive Analysis of a highly evasive Shellcode based loader https://www.mcafee.com/blogs/other-blogs/mcafee-labs/guloader-campaigns-a-deep-dive-analysis-of-a-highly-evasive-shellcode-based-loader/
🗣reverseame
🎖@malwr
🗣reverseame
🎖@malwr
McAfee Blog
GULoader Campaigns: A Deep Dive Analysis of a highly evasive Shellcode based loader | McAfee Blog
Authored by: Anandeshwar Unnikrishnan Stage 1: GULoader Shellcode Deployment In recent GULoader campaigns, we are seeing a rise in NSIS-based installers
Malware development trick - part 32. Syscalls - part 1. Simple C++ example. https://cocomelonc.github.io/malware/2023/06/07/syscalls-1.html #Pentesting #Malware #CyberSecurity #Infosec
🗣ptracesecurity
🎖@malwr
🗣ptracesecurity
🎖@malwr
🔥1
Fantastic Rootkits: And Where to Find Them (Part 1) https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-1
🗣reverseame
🎖@malwr
🗣reverseame
🎖@malwr
Cyberark
Fantastic Rootkits: And Where to Find Them (Part 1)
Introduction In this blog series, we will cover the topic of rootkits — how they are built and the basics of kernel driver analysis — specifically on the Windows platform. In this first part, we...
🔥1
SharpWSUS. CSharp tool for lateral movement through WSUS
https://github.com/nettitude/SharpWSUS
🗣DirectoryRanger
🎖@malwr
https://github.com/nettitude/SharpWSUS
🗣DirectoryRanger
🎖@malwr
GitHub
GitHub - nettitude/SharpWSUS
Contribute to nettitude/SharpWSUS development by creating an account on GitHub.
🔥1