IDA PRO 8.3 finally has the Goomba plugin built-in! De-obfuscate simple MBAs out-of-the-box! @HexRaysSA https://github.com/HexRaysSA/goomba😍
🗣enovella_


🎖@malwr

[Blog] No Alloc, No Problem: Leveraging Program Entry Points for Process Injection

An analysis of AddressOfEntryPoint and the 'new' ThreadQuerySetWin32StartAddress (ThreadQuery) process injection techniques

https://bohops.com/2023/06/09/no-alloc-no-problem-leveraging-program-entry-points-for-process-injection/
🗣bohops


🎖@malwr

Since using legit drivers to kill processes seems to be a thing 🤷‍♀️

Here's my crappy script to identify potential process killer drivers on LOLDrivers

https://github.com/xalicex/LOLDrivers_finder
🗣AliceCliment


🎖@malwr

Check Point researchers observed a wave of highly targeted espionage attacks in Libya that utilize a new custom modular backdoor. Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions. https://research.checkpoint.com/2023/stealth-soldier-backdoor-used-in-targeted-espionage-attacks-in-north-africa/
🗣virusbtn


🎖@malwr

Applying #yara rules on Time Travel Debugging (#ttd) traces : Welcome yara-ttd !!! #SSTIC

https://github.com/airbus-cert/yara-ttd
🗣citronneur


🎖@malwr

ESET's @matthieu_faou describes new findings relating to crimeware group Asylum Ambuscade. The group targets bank customers & cryptocurrency traders in various regions but also carries out espionage against government entities in Europe & Central Asia. https://www.welivesecurity.com/2023/06/08/asylum-ambuscade-crimeware-or-cyberespionage/
🗣virusbtn


🎖@malwr

"Best online tools for #Telegram investigations"

An article with small list of the most important search engines, directories, online services, and bots for finding any information in Telegram.

https://medium.com/@TheInvestigatorBlog/best-online-tools-for-telegram-investigations-9746b17c90d8

Thanks for tip @osintbear
🗣cyb_detective


🎖@malwr

Why do we do #MalwareAnalysis?

@ForensicITGuy explains with practical examples.

https://www.youtube.com/watch?v=16kSEoDvV5c

#CyberSecurity #CTI #infosec #DFIR #ThreatIntel #BlueTeam #SANS #Malware #CTISummit
🗣DailyCTI


🎖@malwr

Ever had trouble signing your drivers with leaked expired EV certificates? I made a fix for that: https://github.com/namazso/MagicSigner
🗣namazso


🎖@malwr

GULoader Campaigns: A Deep Dive Analysis of a highly evasive Shellcode based loader https://www.mcafee.com/blogs/other-blogs/mcafee-labs/guloader-campaigns-a-deep-dive-analysis-of-a-highly-evasive-shellcode-based-loader/
🗣reverseame


🎖@malwr

It's an okay language.
https://tishina.in/execution/golang-winmaldev-basics
🗣zimnyaatishina


🎖@malwr

Fantastic Rootkits: And Where to Find Them (Part 1) https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-1
🗣reverseame


🎖@malwr

SharpWSUS. CSharp tool for lateral movement through WSUS
https://github.com/nettitude/SharpWSUS
🗣DirectoryRanger


🎖@malwr

Unlimited Advanced Hunting for Microsoft 365 Defender with Azure Data Explorer #DFIR
Part 1 https://koosg.medium.com/unlimited-advanced-hunting-for-microsoft-365-defender-with-azure-data-explorer-646b08307b75
Part 2 https://koosg.medium.com/unlimited-advanced-hunting-for-microsoft-365-defender-with-azure-data-explorer-4fc30574cf29
🗣DirectoryRanger


🎖@malwr

YARA 4.3.2 has been released. Fixes a bug reported by Huawei that makes YARA crash while scanning arbitrary files with certain hex patterns.
https://github.com/VirusTotal/yara
🗣plusvic


🎖@malwr

Trend Micro researchers present the first of a three-part technical research series taking an in-depth look at the continuing evolution of the highly evasive batch obfuscation engine BatCloak. https://www.trendmicro.com/en_us/research/23/f/analyzing-the-fud-malware-obfuscation-engine-batcloak.html
🗣virusbtn


🎖@malwr