Cado Security researchers look into an attack pattern that could be attributed to the threat actor Diicot (formerly βMexalsβ), targeting SSH servers exposed to the internet with password authentication enabled. https://www.cadosecurity.com/tracking-diicot-an-emerging-romanian-threat-actor/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
AhnLab ASEC researchers analyse some cases of the document files used by Kimsuky during May to distribute malicious code. Malicious CHM files were used, with various topics including coins, taxation & contracts. https://asec.ahnlab.com/ko/53426/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Android App Reverse Engineering 101
https://www.ragingrock.com/AndroidAppRE/
#CyberSecurity #malware
π£0xAsm0d3us
π@malwr
https://www.ragingrock.com/AndroidAppRE/
#CyberSecurity #malware
π£0xAsm0d3us
π@malwr
Windows Triaging with PowerShell:
Part 1: Parsing Event Logs:
https://aditya-pratap9557.medium.com/windows-triaging-with-powershell-part-1-parsing-event-logs-a6748657d150
Part 2: Artifacts Collection:
https://aditya-pratap9557.medium.com/windows-triaging-with-powershell-part-2-artifacts-collection-d28a8a9010cd
π£VessOnSecurity
π@malwr
Part 1: Parsing Event Logs:
https://aditya-pratap9557.medium.com/windows-triaging-with-powershell-part-1-parsing-event-logs-a6748657d150
Part 2: Artifacts Collection:
https://aditya-pratap9557.medium.com/windows-triaging-with-powershell-part-2-artifacts-collection-d28a8a9010cd
π£VessOnSecurity
π@malwr
Medium
Windows Triaging with Powershell β Part 1: Parsing Event Logs
This is the part 1 for Triaging a Windows system with Powershell. On a Windows machine, Event Logs play an important role in determining aβ¦
GitHub - archcloudlabs/HackSpaceCon_Malware_Analysis_Course: Free training course offered at Hack Space Con 2023 https://github.com/archcloudlabs/HackSpaceCon_Malware_Analysis_Course
π£akaclandestine
π@malwr
π£akaclandestine
π@malwr
GitHub
GitHub - archcloudlabs/HackSpaceCon_Malware_Analysis_Course: Free training course offered at Hack Space Con 2023
Free training course offered at Hack Space Con 2023 - archcloudlabs/HackSpaceCon_Malware_Analysis_Course
GitHub - mnrkbys/ma2tl: macOS forensic timeline generator using the analysis result DBs of mac_apt https://github.com/mnrkbys/ma2tl
π£akaclandestine
π@malwr
π£akaclandestine
π@malwr
GitHub
GitHub - mnrkbys/ma2tl: macOS forensic timeline generator using the analysis result DBs of mac_apt
macOS forensic timeline generator using the analysis result DBs of mac_apt - mnrkbys/ma2tl
eSentire researchers present a report on Resident, a malicious campaign targeting manufacturing, commercial & healthcare organizations. The Resident campaign is linked to Asylum Ambuscade/TA866. https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-resident-campaign
π£virusbtn
π@malwr
π£virusbtn
π@malwr
We welcome @doc_guard to VirusTotal! https://blog.virustotal.com/2023/06/virustotal-docguard.html by @karlhiramoto
π£virustotal
π@malwr
π£virustotal
π@malwr
Forwarded from CVE Notify
π¨ CVE-2023-29353
Sysinternals Process Monitor for Windows Denial of Service Vulnerability
π@cveNotify
Sysinternals Process Monitor for Windows Denial of Service Vulnerability
π@cveNotify
Exploiting Windowsβ vulnerabilities with Hyper-V: A Hackerβs swiss army knife https://reversing.info/posts/hyperdeceit/
π£reverseame
π@malwr
π£reverseame
π@malwr
Xyrem Engineering
Exploiting Windows' vulnerabilities with Hyper-V: A Hacker's swiss army knife
In this blog, we explore how to leverage the implementation of the Hyper-V virtualization technology to exploit and attack Windows systems and learn what measures should be taken to mitigate this vulnerability. Join us as we explore the world of Windows hackingβ¦
Callisto - Automated Binary Vulnerability Discovery Tool https://www.reddit.com/r/netsec/comments/14fvrzh/callisto_automated_binary_vulnerability_discovery/
π£Dinosn
π@malwr
π£Dinosn
π@malwr
Reddit
From the netsec community on Reddit: Callisto - Automated Binary Vulnerability Discovery Tool
Explore this post and more from the netsec community
Zscaler ThreatLabz researchers provide detailed insights into the campaigns associated with the RedEnergy stealer-as-a-ransomware malware variant they recently discovered, along with a technical analysis of its stealer & ransomware characteristics. https://www.zscaler.com/blogs/security-research/ransomware-redefined-redenergy-stealer-ransomware-attacks
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Fortinet's @cryptax analyses Fluhorse, a Flutter-based Android malware that poses as a legitimate app for an electronic toll system used in Southern Asia. https://www.fortinet.com/blog/threat-research/fortinet-reverses-flutter-based-android-malware-fluhorse
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Unit 42 researchers Kristopher Russo, Austin Dever & Amer Elsad profile the Muddled Libra threat group. The group favours targeting large outsourcing firms serving high-value cryptocurrency institutions and individuals. https://unit42.paloaltonetworks.com/muddled-libra/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
π₯1
AhnLab ASEC researchers share the tactics, techniques and procedures (TTPs) utilized by the RedEyes (also known as APT37, ScarCruft and Reaper) group during its attacks in May 2023. https://asec.ahnlab.com/en/54349/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
"Exploring Impersonation through the Named Pipe Filesystem Driver"
#infosec #pentest #redteam
https://posts.specterops.io/exploring-impersonation-through-the-named-pipe-filesystem-driver-15f324dfbaf2
π£CyberWarship
π@malwr
#infosec #pentest #redteam
https://posts.specterops.io/exploring-impersonation-through-the-named-pipe-filesystem-driver-15f324dfbaf2
π£CyberWarship
π@malwr
π1π₯1
Swing VPN Android app with 5M+ installs can DDoS any server received from config file.
I replicated original research and the app still sends server requests every 10 seconds. I reported the app to Google Play, and it was removed within 24 hours.
Research: https://lecromee.github.io/posts/swing_vpn_ddosing_sites/
π£LukasStefanko
π@malwr
I replicated original research and the app still sends server requests every 10 seconds. I reported the app to Google Play, and it was removed within 24 hours.
Research: https://lecromee.github.io/posts/swing_vpn_ddosing_sites/
π£LukasStefanko
π@malwr
π2
Check Point researchers investigated an incident attributed to Camaro Dragon (aka Mustang Panda/LuminousMoth) involving self-propagating malware capable of spreading via USB drives. They provide a technical analysis of the infection chains & components. https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/
π£virusbtn
π@malwr
π£virusbtn
π@malwr