Android App Reverse Engineering 101
https://www.ragingrock.com/AndroidAppRE/
#CyberSecurity #malware
π£0xAsm0d3us
π@malwr
https://www.ragingrock.com/AndroidAppRE/
#CyberSecurity #malware
π£0xAsm0d3us
π@malwr
Windows Triaging with PowerShell:
Part 1: Parsing Event Logs:
https://aditya-pratap9557.medium.com/windows-triaging-with-powershell-part-1-parsing-event-logs-a6748657d150
Part 2: Artifacts Collection:
https://aditya-pratap9557.medium.com/windows-triaging-with-powershell-part-2-artifacts-collection-d28a8a9010cd
π£VessOnSecurity
π@malwr
Part 1: Parsing Event Logs:
https://aditya-pratap9557.medium.com/windows-triaging-with-powershell-part-1-parsing-event-logs-a6748657d150
Part 2: Artifacts Collection:
https://aditya-pratap9557.medium.com/windows-triaging-with-powershell-part-2-artifacts-collection-d28a8a9010cd
π£VessOnSecurity
π@malwr
Medium
Windows Triaging with Powershell β Part 1: Parsing Event Logs
This is the part 1 for Triaging a Windows system with Powershell. On a Windows machine, Event Logs play an important role in determining aβ¦
GitHub - archcloudlabs/HackSpaceCon_Malware_Analysis_Course: Free training course offered at Hack Space Con 2023 https://github.com/archcloudlabs/HackSpaceCon_Malware_Analysis_Course
π£akaclandestine
π@malwr
π£akaclandestine
π@malwr
GitHub
GitHub - archcloudlabs/HackSpaceCon_Malware_Analysis_Course: Free training course offered at Hack Space Con 2023
Free training course offered at Hack Space Con 2023 - archcloudlabs/HackSpaceCon_Malware_Analysis_Course
GitHub - mnrkbys/ma2tl: macOS forensic timeline generator using the analysis result DBs of mac_apt https://github.com/mnrkbys/ma2tl
π£akaclandestine
π@malwr
π£akaclandestine
π@malwr
GitHub
GitHub - mnrkbys/ma2tl: macOS forensic timeline generator using the analysis result DBs of mac_apt
macOS forensic timeline generator using the analysis result DBs of mac_apt - mnrkbys/ma2tl
eSentire researchers present a report on Resident, a malicious campaign targeting manufacturing, commercial & healthcare organizations. The Resident campaign is linked to Asylum Ambuscade/TA866. https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-resident-campaign
π£virusbtn
π@malwr
π£virusbtn
π@malwr
We welcome @doc_guard to VirusTotal! https://blog.virustotal.com/2023/06/virustotal-docguard.html by @karlhiramoto
π£virustotal
π@malwr
π£virustotal
π@malwr
Forwarded from CVE Notify
π¨ CVE-2023-29353
Sysinternals Process Monitor for Windows Denial of Service Vulnerability
π@cveNotify
Sysinternals Process Monitor for Windows Denial of Service Vulnerability
π@cveNotify
Exploiting Windowsβ vulnerabilities with Hyper-V: A Hackerβs swiss army knife https://reversing.info/posts/hyperdeceit/
π£reverseame
π@malwr
π£reverseame
π@malwr
Xyrem Engineering
Exploiting Windows' vulnerabilities with Hyper-V: A Hacker's swiss army knife
In this blog, we explore how to leverage the implementation of the Hyper-V virtualization technology to exploit and attack Windows systems and learn what measures should be taken to mitigate this vulnerability. Join us as we explore the world of Windows hackingβ¦
Callisto - Automated Binary Vulnerability Discovery Tool https://www.reddit.com/r/netsec/comments/14fvrzh/callisto_automated_binary_vulnerability_discovery/
π£Dinosn
π@malwr
π£Dinosn
π@malwr
Reddit
From the netsec community on Reddit: Callisto - Automated Binary Vulnerability Discovery Tool
Explore this post and more from the netsec community
Zscaler ThreatLabz researchers provide detailed insights into the campaigns associated with the RedEnergy stealer-as-a-ransomware malware variant they recently discovered, along with a technical analysis of its stealer & ransomware characteristics. https://www.zscaler.com/blogs/security-research/ransomware-redefined-redenergy-stealer-ransomware-attacks
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Fortinet's @cryptax analyses Fluhorse, a Flutter-based Android malware that poses as a legitimate app for an electronic toll system used in Southern Asia. https://www.fortinet.com/blog/threat-research/fortinet-reverses-flutter-based-android-malware-fluhorse
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Unit 42 researchers Kristopher Russo, Austin Dever & Amer Elsad profile the Muddled Libra threat group. The group favours targeting large outsourcing firms serving high-value cryptocurrency institutions and individuals. https://unit42.paloaltonetworks.com/muddled-libra/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
π₯1
AhnLab ASEC researchers share the tactics, techniques and procedures (TTPs) utilized by the RedEyes (also known as APT37, ScarCruft and Reaper) group during its attacks in May 2023. https://asec.ahnlab.com/en/54349/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
"Exploring Impersonation through the Named Pipe Filesystem Driver"
#infosec #pentest #redteam
https://posts.specterops.io/exploring-impersonation-through-the-named-pipe-filesystem-driver-15f324dfbaf2
π£CyberWarship
π@malwr
#infosec #pentest #redteam
https://posts.specterops.io/exploring-impersonation-through-the-named-pipe-filesystem-driver-15f324dfbaf2
π£CyberWarship
π@malwr
π1π₯1
Swing VPN Android app with 5M+ installs can DDoS any server received from config file.
I replicated original research and the app still sends server requests every 10 seconds. I reported the app to Google Play, and it was removed within 24 hours.
Research: https://lecromee.github.io/posts/swing_vpn_ddosing_sites/
π£LukasStefanko
π@malwr
I replicated original research and the app still sends server requests every 10 seconds. I reported the app to Google Play, and it was removed within 24 hours.
Research: https://lecromee.github.io/posts/swing_vpn_ddosing_sites/
π£LukasStefanko
π@malwr
π2
Check Point researchers investigated an incident attributed to Camaro Dragon (aka Mustang Panda/LuminousMoth) involving self-propagating malware capable of spreading via USB drives. They provide a technical analysis of the infection chains & components. https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
In this short video, I show how you can debug DLL files using IDA Disassembler and rundll32.exe.
I have decided to make this video because people who start with malware analysis struggle. Hope this video will be helpful to you all.
https://youtu.be/emvkCEeA1NY
#malwareanalysis
π£MalFuzzer
π@malwr
I have decided to make this video because people who start with malware analysis struggle. Hope this video will be helpful to you all.
https://youtu.be/emvkCEeA1NY
#malwareanalysis
π£MalFuzzer
π@malwr
YouTube
Malware Analyst Professional - Level 1 Online Course - Debugging DLL Files with IDA Disassembler
Malware Analyst Professional - Level 1 Online Course - https://training.trainsec.net/malware-analyst-professional-level-1
In this short video, I show how you can debug DLL files using IDA Disassembler and rundll32.exe.
I have decided to make this video becauseβ¦
In this short video, I show how you can debug DLL files using IDA Disassembler and rundll32.exe.
I have decided to make this video becauseβ¦
π1π₯1
RE tip of the day: Here is an example of using standard structures in IDA to quickly find the meaning of the MZ-PE header fields used to dynamically resolve imports. Just add IMAGE_EXPORT_DIRECTORY structure and apply it!
#infosec #cybersecurity #malware #reverseengineering
π£re_and_more
π@malwr
#infosec #cybersecurity #malware #reverseengineering
π£re_and_more
π@malwr