Why do we do #MalwareAnalysis?
@ForensicITGuy explains with practical examples.
https://www.youtube.com/watch?v=16kSEoDvV5c
#CyberSecurity #CTI #infosec #DFIR #ThreatIntel #BlueTeam #SANS #Malware #CTISummit
🗣DailyCTI
🎖@malwr
@ForensicITGuy explains with practical examples.
https://www.youtube.com/watch?v=16kSEoDvV5c
#CyberSecurity #CTI #infosec #DFIR #ThreatIntel #BlueTeam #SANS #Malware #CTISummit
🗣DailyCTI
🎖@malwr
❤2
Ever had trouble signing your drivers with leaked expired EV certificates? I made a fix for that: https://github.com/namazso/MagicSigner
🗣namazso
🎖@malwr
🗣namazso
🎖@malwr
GitHub
GitHub - namazso/MagicSigner: Signtool for expired certificates
Signtool for expired certificates. Contribute to namazso/MagicSigner development by creating an account on GitHub.
GULoader Campaigns: A Deep Dive Analysis of a highly evasive Shellcode based loader https://www.mcafee.com/blogs/other-blogs/mcafee-labs/guloader-campaigns-a-deep-dive-analysis-of-a-highly-evasive-shellcode-based-loader/
🗣reverseame
🎖@malwr
🗣reverseame
🎖@malwr
McAfee Blog
GULoader Campaigns: A Deep Dive Analysis of a highly evasive Shellcode based loader | McAfee Blog
Authored by: Anandeshwar Unnikrishnan Stage 1: GULoader Shellcode Deployment In recent GULoader campaigns, we are seeing a rise in NSIS-based installers
Malware development trick - part 32. Syscalls - part 1. Simple C++ example. https://cocomelonc.github.io/malware/2023/06/07/syscalls-1.html #Pentesting #Malware #CyberSecurity #Infosec
🗣ptracesecurity
🎖@malwr
🗣ptracesecurity
🎖@malwr
🔥1
Fantastic Rootkits: And Where to Find Them (Part 1) https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-1
🗣reverseame
🎖@malwr
🗣reverseame
🎖@malwr
Cyberark
Fantastic Rootkits: And Where to Find Them (Part 1)
Introduction In this blog series, we will cover the topic of rootkits — how they are built and the basics of kernel driver analysis — specifically on the Windows platform. In this first part, we...
🔥1
SharpWSUS. CSharp tool for lateral movement through WSUS
https://github.com/nettitude/SharpWSUS
🗣DirectoryRanger
🎖@malwr
https://github.com/nettitude/SharpWSUS
🗣DirectoryRanger
🎖@malwr
GitHub
GitHub - nettitude/SharpWSUS
Contribute to nettitude/SharpWSUS development by creating an account on GitHub.
🔥1
Unlimited Advanced Hunting for Microsoft 365 Defender with Azure Data Explorer #DFIR
Part 1 https://koosg.medium.com/unlimited-advanced-hunting-for-microsoft-365-defender-with-azure-data-explorer-646b08307b75
Part 2 https://koosg.medium.com/unlimited-advanced-hunting-for-microsoft-365-defender-with-azure-data-explorer-4fc30574cf29
🗣DirectoryRanger
🎖@malwr
Part 1 https://koosg.medium.com/unlimited-advanced-hunting-for-microsoft-365-defender-with-azure-data-explorer-646b08307b75
Part 2 https://koosg.medium.com/unlimited-advanced-hunting-for-microsoft-365-defender-with-azure-data-explorer-4fc30574cf29
🗣DirectoryRanger
🎖@malwr
Medium
Unlimited Advanced Hunting for Microsoft 365 Defender with Azure Data Explorer
— Part I
YARA 4.3.2 has been released. Fixes a bug reported by Huawei that makes YARA crash while scanning arbitrary files with certain hex patterns.
https://github.com/VirusTotal/yara
🗣plusvic
🎖@malwr
https://github.com/VirusTotal/yara
🗣plusvic
🎖@malwr
GitHub
GitHub - VirusTotal/yara: The pattern matching swiss knife
The pattern matching swiss knife. Contribute to VirusTotal/yara development by creating an account on GitHub.
Trend Micro researchers present the first of a three-part technical research series taking an in-depth look at the continuing evolution of the highly evasive batch obfuscation engine BatCloak. https://www.trendmicro.com/en_us/research/23/f/analyzing-the-fud-malware-obfuscation-engine-batcloak.html
🗣virusbtn
🎖@malwr
🗣virusbtn
🎖@malwr
🔥1
My friend @dfirence created an awesome app called Mitre Assistant where you can visualize all the techniques used by a threat actor and more! Check this out! 👇#infosec
https://ma-insights.vercel.app/
🗣fr0gger_
🎖@malwr
https://ma-insights.vercel.app/
🗣fr0gger_
🎖@malwr
The slides of our talk at Recon 2023 "Dissecting the Modern Android Data Encryption Scheme" are now available online.
Thanks @reconmtl for organizing this great event.
https://github.com/quarkslab/conf-presentations/blob/master/Recon23/Recon23-Android-FBE-mrossibellom-dmelotti.pdf
🗣max_r_b
🎖@malwr
Thanks @reconmtl for organizing this great event.
https://github.com/quarkslab/conf-presentations/blob/master/Recon23/Recon23-Android-FBE-mrossibellom-dmelotti.pdf
🗣max_r_b
🎖@malwr
"windows-api-function-cheatsheets: A reference of Windows API function calls, including functions for file operations, process..."
#infosec #pentest #redteam
https://github.com/snowcra5h/windows-api-function-cheatsheets
🗣CyberWarship
🎖@malwr
#infosec #pentest #redteam
https://github.com/snowcra5h/windows-api-function-cheatsheets
🗣CyberWarship
🎖@malwr
"BLACKHAT_Asia2023: Black Hat Asia 2023 PDF Public"
#infosec #pentest #redteam
https://github.com/Mr-xn/BLACKHAT_Asia2023
🗣CyberWarship
🎖@malwr
#infosec #pentest #redteam
https://github.com/Mr-xn/BLACKHAT_Asia2023
🗣CyberWarship
🎖@malwr
Manually 'reconstruct' a packed PE file from a crash dump in IDA. https://youtu.be/A0qC2Um6gsA
🗣allthingsida
🎖@malwr
🗣allthingsida
🎖@malwr
YouTube
Manually reconstructing a PE file from a crash dump in IDA
In this episode, we start with a Windows user mode crash dump file. Our goal is to grab the main executable's segments, clean the segments, find/create the imports table, find the entry point and the original entry point, apply signatures, and other discussions.…