Callisto - Automated Binary Vulnerability Discovery Tool https://www.reddit.com/r/netsec/comments/14fvrzh/callisto_automated_binary_vulnerability_discovery/
π£Dinosn
π@malwr
π£Dinosn
π@malwr
Reddit
From the netsec community on Reddit: Callisto - Automated Binary Vulnerability Discovery Tool
Explore this post and more from the netsec community
Zscaler ThreatLabz researchers provide detailed insights into the campaigns associated with the RedEnergy stealer-as-a-ransomware malware variant they recently discovered, along with a technical analysis of its stealer & ransomware characteristics. https://www.zscaler.com/blogs/security-research/ransomware-redefined-redenergy-stealer-ransomware-attacks
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Fortinet's @cryptax analyses Fluhorse, a Flutter-based Android malware that poses as a legitimate app for an electronic toll system used in Southern Asia. https://www.fortinet.com/blog/threat-research/fortinet-reverses-flutter-based-android-malware-fluhorse
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Unit 42 researchers Kristopher Russo, Austin Dever & Amer Elsad profile the Muddled Libra threat group. The group favours targeting large outsourcing firms serving high-value cryptocurrency institutions and individuals. https://unit42.paloaltonetworks.com/muddled-libra/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
π₯1
AhnLab ASEC researchers share the tactics, techniques and procedures (TTPs) utilized by the RedEyes (also known as APT37, ScarCruft and Reaper) group during its attacks in May 2023. https://asec.ahnlab.com/en/54349/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
"Exploring Impersonation through the Named Pipe Filesystem Driver"
#infosec #pentest #redteam
https://posts.specterops.io/exploring-impersonation-through-the-named-pipe-filesystem-driver-15f324dfbaf2
π£CyberWarship
π@malwr
#infosec #pentest #redteam
https://posts.specterops.io/exploring-impersonation-through-the-named-pipe-filesystem-driver-15f324dfbaf2
π£CyberWarship
π@malwr
π1π₯1
Swing VPN Android app with 5M+ installs can DDoS any server received from config file.
I replicated original research and the app still sends server requests every 10 seconds. I reported the app to Google Play, and it was removed within 24 hours.
Research: https://lecromee.github.io/posts/swing_vpn_ddosing_sites/
π£LukasStefanko
π@malwr
I replicated original research and the app still sends server requests every 10 seconds. I reported the app to Google Play, and it was removed within 24 hours.
Research: https://lecromee.github.io/posts/swing_vpn_ddosing_sites/
π£LukasStefanko
π@malwr
π2
Check Point researchers investigated an incident attributed to Camaro Dragon (aka Mustang Panda/LuminousMoth) involving self-propagating malware capable of spreading via USB drives. They provide a technical analysis of the infection chains & components. https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
In this short video, I show how you can debug DLL files using IDA Disassembler and rundll32.exe.
I have decided to make this video because people who start with malware analysis struggle. Hope this video will be helpful to you all.
https://youtu.be/emvkCEeA1NY
#malwareanalysis
π£MalFuzzer
π@malwr
I have decided to make this video because people who start with malware analysis struggle. Hope this video will be helpful to you all.
https://youtu.be/emvkCEeA1NY
#malwareanalysis
π£MalFuzzer
π@malwr
YouTube
Malware Analyst Professional - Level 1 Online Course - Debugging DLL Files with IDA Disassembler
Malware Analyst Professional - Level 1 Online Course - https://training.trainsec.net/malware-analyst-professional-level-1
In this short video, I show how you can debug DLL files using IDA Disassembler and rundll32.exe.
I have decided to make this video becauseβ¦
In this short video, I show how you can debug DLL files using IDA Disassembler and rundll32.exe.
I have decided to make this video becauseβ¦
π1π₯1
RE tip of the day: Here is an example of using standard structures in IDA to quickly find the meaning of the MZ-PE header fields used to dynamically resolve imports. Just add IMAGE_EXPORT_DIRECTORY structure and apply it!
#infosec #cybersecurity #malware #reverseengineering
π£re_and_more
π@malwr
#infosec #cybersecurity #malware #reverseengineering
π£re_and_more
π@malwr
GitHub - meirwah/awesome-incident-response: A curated list of tools for incident response https://github.com/meirwah/awesome-incident-response
π£akaclandestine
π@malwr
π£akaclandestine
π@malwr
GitHub
GitHub - meirwah/awesome-incident-response: A curated list of tools for incident response
A curated list of tools for incident response. Contribute to meirwah/awesome-incident-response development by creating an account on GitHub.
πΊ Tips for learning RE
How to maximize your time and avoid mind traps when learning how to reverse engineer with #OALABS
https://youtu.be/JzhpTLe8Vg4
π£herrcore
π@malwr
How to maximize your time and avoid mind traps when learning how to reverse engineer with #OALABS
https://youtu.be/JzhpTLe8Vg4
π£herrcore
π@malwr
β€3
Android Root Detection Bypass using Frida (Part 1 β OWASP Uncrackable 1)
https://pentest.co.uk/labs/android-root-detection-bypass-using-frida-1/
π£androidmalware2
π@malwr
https://pentest.co.uk/labs/android-root-detection-bypass-using-frida-1/
π£androidmalware2
π@malwr
β€2
This repo of useful WinDbg scripts from @yarden_shafir is absolute gold! https://github.com/yardenshafir/WinDbg_Scripts/
π£msuiche
π@malwr
π£msuiche
π@malwr
GitHub
GitHub - yardenshafir/WinDbg_Scripts: Useful scripts for WinDbg using the debugger data model
Useful scripts for WinDbg using the debugger data model - yardenshafir/WinDbg_Scripts
I forgot to upload my #EuskalHack slides about #Diaphora 3.0. Here you have a link to the online version:
https://docs.google.com/presentation/d/1aLPjH3_4v6Zt2cwzROzMKVBqf8w7vwYfzJCRFbA-xGQ/edit?usp=drivesdk
π£matalaz
π@malwr
https://docs.google.com/presentation/d/1aLPjH3_4v6Zt2cwzROzMKVBqf8w7vwYfzJCRFbA-xGQ/edit?usp=drivesdk
π£matalaz
π@malwr
Google Docs
Modern Binary Diffing
Modern Binary Diffing Joxean Koret
β€1
Flutter Hackers
Understand and reverse engineer Flutter APK Release Mode with #Frida
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e
π£androidmalware2
π@malwr
Understand and reverse engineer Flutter APK Release Mode with #Frida
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e
π£androidmalware2
π@malwr
π1
Hacking Auto-GPT and escaping its docker container
π£albinowax
> The docker-compose.yml file present in the repo mounts itself into the docker
I mean this is just fucking stupid so...
π€1esproc
This is the biggest issue with AI in my opinion and why it's not going to take over everyone's jobs just yet. It's too much of a black box
π€UnacceptableUse
π@malwr
π£albinowax
> The docker-compose.yml file present in the repo mounts itself into the docker
I mean this is just fucking stupid so...
π€1esproc
This is the biggest issue with AI in my opinion and why it's not going to take over everyone's jobs just yet. It's too much of a black box
π€UnacceptableUse
π@malwr
positive.security
Hacking Auto-GPT and escaping its docker container | Positive Security
We leverage indirect prompt injection to trick Auto-GPT (GPT-4) into executing arbitrary code when it is asked to perform a seemingly harmless task such as text summarization on a malicious website, and discovered vulnerabilities that allow escaping its sandboxedβ¦