Ghidra 10.3.1 released!
π£ryanmkurtz
Fun fact, if you use Windows 10's built-in LZX compression, you can reduce the program size down from 981MB to 371MB. It's absurd.
π€Dwedit
π@malwr
π£ryanmkurtz
Fun fact, if you use Windows 10's built-in LZX compression, you can reduce the program size down from 981MB to 371MB. It's absurd.
π€Dwedit
π@malwr
GitHub
Release Ghidra 10.3.1 Β· NationalSecurityAgency/ghidra
What's New
Change History
Installation Guide
SHA-256: 0413b679436039cc136b950a6d8c24e80ce79da0a0a48993dfacee671b1c7974
Change History
Installation Guide
SHA-256: 0413b679436039cc136b950a6d8c24e80ce79da0a0a48993dfacee671b1c7974
Google Ads: An effective phishing delivery mechanism for over a decade.
π£Seaerkin2
They got me the other day through sponsored search results. Fake Amazon game link. At least I had 2fa on the account. Was an annoying hour or so while the scammers kept hammering the account.
π€routerg0d
Dang. Glad I use an ad blocker routinely now. :O
π€alvarkresh
Iβve seen drive by malware attacks served up by ad networks more than once.
π€vabello
π@malwr
π£Seaerkin2
They got me the other day through sponsored search results. Fake Amazon game link. At least I had 2fa on the account. Was an annoying hour or so while the scammers kept hammering the account.
π€routerg0d
Dang. Glad I use an ad blocker routinely now. :O
π€alvarkresh
Iβve seen drive by malware attacks served up by ad networks more than once.
π€vabello
π@malwr
Guardyourdomain
DomainGuard | Threat Visibility Platform
We guard your domain, so you have peace of mind. Threat Visibility Platform.
Chinese Threat Actor Used Modified Cobalt Strike Variant to Attack Taiwanese Critical Infrastructure
π£wolfcod
π@malwr
π£wolfcod
π@malwr
Eclecticiq
Chinese Threat Actor Used Modified Cobalt Strike Variant to Attack Taiwanese Critical Infrastructure
EclecticIQ researchers identified a malicious web server very likely operated by a Chinese threat actor used to target Taiwanese government entities.
Reverse Engineering Terminator aka Zemana AntiMalware Driver to achieve LPE - VoidSec
π£Void_Sec
π@malwr
π£Void_Sec
π@malwr
VoidSec
Reverse Engineering Terminator aka Zemana AntiMalware/AntiLogger Driver - VoidSec
Reverse engineering Spybot's Terminator tool (Zemana Antimalware driver) to achieve LPE as SYSTEM and unrestricted raw SCSI disk read/write.
Can we use large language models (LLMs) with IDA? Let's cover ChatGPT, Bard, the Gepetto plugin and the upcoming ask_ida plugin! https://youtu.be/bK80Bt9uRvo
π£allthingsida
π@malwr
π£allthingsida
π@malwr
YouTube
LLMs, ChatGPT, Bard, Gepetto and ask_ida!
In this video we show how you can use tools like ChatGPT or Bard to increase our reverse engineering productivity.
We then mention the Gepetto IDA plugin (by JusticeRage) that uses the OpenAI API to explain functions and rename local variables in the pseudoβ¦
We then mention the Gepetto IDA plugin (by JusticeRage) that uses the OpenAI API to explain functions and rename local variables in the pseudoβ¦
Team Cymru's S2 Research Team present a short update report providing insight into the operation of Vidar, demonstrating the evolution of its management infrastructure and evidence of steps taken by the threat actors to potentially cover their tracks. https://www.team-cymru.com/post/darth-vidar-the-aesir-strike-back
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Forensia - Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase http://www.kitploit.com/2023/06/forensia-anti-forensics-tool-for-red.html
π£Dinosn
π@malwr
π£Dinosn
π@malwr
KitPloit - PenTest & Hacking Tools
Forensia - Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase
List of awesome reverse engineering resources
https://github.com/wtsxDev/reverse-engineering
π£Dinosn
π@malwr
https://github.com/wtsxDev/reverse-engineering
π£Dinosn
π@malwr
GitHub
GitHub - wtsxDev/reverse-engineering: List of awesome reverse engineering resources
List of awesome reverse engineering resources. Contribute to wtsxDev/reverse-engineering development by creating an account on GitHub.
Excellent blog post on reverse engineering and pwning a Google Home Mini smart speaker.
A must read for anyone interested in embedded device security and vulnerability research.
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
#iot #embedded #infosec #cybersecurity
π£0xor0ne
π@malwr
A must read for anyone interested in embedded device security and vulnerability research.
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
#iot #embedded #infosec #cybersecurity
π£0xor0ne
π@malwr
"Run in Sandbox: a quick way to run/extract files in Windows Sandbox from a right-click":
https://github.com/damienvanrobaeys/Run-in-Sandbox
π£VessOnSecurity
π@malwr
https://github.com/damienvanrobaeys/Run-in-Sandbox
π£VessOnSecurity
π@malwr
GitHub
GitHub - damienvanrobaeys/Run-in-Sandbox: Run PS1, VBS, CMD, EXE, MSI, Intunewin, MSIX, or extract ISO, ZIP in Windows Sandboxβ¦
Run PS1, VBS, CMD, EXE, MSI, Intunewin, MSIX, or extract ISO, ZIP in Windows Sandbox very quickly just from a right-click - damienvanrobaeys/Run-in-Sandbox
π2
Cado Security researchers look into an attack pattern that could be attributed to the threat actor Diicot (formerly βMexalsβ), targeting SSH servers exposed to the internet with password authentication enabled. https://www.cadosecurity.com/tracking-diicot-an-emerging-romanian-threat-actor/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
AhnLab ASEC researchers analyse some cases of the document files used by Kimsuky during May to distribute malicious code. Malicious CHM files were used, with various topics including coins, taxation & contracts. https://asec.ahnlab.com/ko/53426/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Android App Reverse Engineering 101
https://www.ragingrock.com/AndroidAppRE/
#CyberSecurity #malware
π£0xAsm0d3us
π@malwr
https://www.ragingrock.com/AndroidAppRE/
#CyberSecurity #malware
π£0xAsm0d3us
π@malwr
Windows Triaging with PowerShell:
Part 1: Parsing Event Logs:
https://aditya-pratap9557.medium.com/windows-triaging-with-powershell-part-1-parsing-event-logs-a6748657d150
Part 2: Artifacts Collection:
https://aditya-pratap9557.medium.com/windows-triaging-with-powershell-part-2-artifacts-collection-d28a8a9010cd
π£VessOnSecurity
π@malwr
Part 1: Parsing Event Logs:
https://aditya-pratap9557.medium.com/windows-triaging-with-powershell-part-1-parsing-event-logs-a6748657d150
Part 2: Artifacts Collection:
https://aditya-pratap9557.medium.com/windows-triaging-with-powershell-part-2-artifacts-collection-d28a8a9010cd
π£VessOnSecurity
π@malwr
Medium
Windows Triaging with Powershell β Part 1: Parsing Event Logs
This is the part 1 for Triaging a Windows system with Powershell. On a Windows machine, Event Logs play an important role in determining aβ¦
GitHub - archcloudlabs/HackSpaceCon_Malware_Analysis_Course: Free training course offered at Hack Space Con 2023 https://github.com/archcloudlabs/HackSpaceCon_Malware_Analysis_Course
π£akaclandestine
π@malwr
π£akaclandestine
π@malwr
GitHub
GitHub - archcloudlabs/HackSpaceCon_Malware_Analysis_Course: Free training course offered at Hack Space Con 2023
Free training course offered at Hack Space Con 2023 - archcloudlabs/HackSpaceCon_Malware_Analysis_Course
GitHub - mnrkbys/ma2tl: macOS forensic timeline generator using the analysis result DBs of mac_apt https://github.com/mnrkbys/ma2tl
π£akaclandestine
π@malwr
π£akaclandestine
π@malwr
GitHub
GitHub - mnrkbys/ma2tl: macOS forensic timeline generator using the analysis result DBs of mac_apt
macOS forensic timeline generator using the analysis result DBs of mac_apt - mnrkbys/ma2tl
eSentire researchers present a report on Resident, a malicious campaign targeting manufacturing, commercial & healthcare organizations. The Resident campaign is linked to Asylum Ambuscade/TA866. https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-resident-campaign
π£virusbtn
π@malwr
π£virusbtn
π@malwr
We welcome @doc_guard to VirusTotal! https://blog.virustotal.com/2023/06/virustotal-docguard.html by @karlhiramoto
π£virustotal
π@malwr
π£virustotal
π@malwr