Fortinet's @cryptax analyses Fluhorse, a Flutter-based Android malware that poses as a legitimate app for an electronic toll system used in Southern Asia. https://www.fortinet.com/blog/threat-research/fortinet-reverses-flutter-based-android-malware-fluhorse
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Unit 42 researchers Kristopher Russo, Austin Dever & Amer Elsad profile the Muddled Libra threat group. The group favours targeting large outsourcing firms serving high-value cryptocurrency institutions and individuals. https://unit42.paloaltonetworks.com/muddled-libra/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
π₯1
AhnLab ASEC researchers share the tactics, techniques and procedures (TTPs) utilized by the RedEyes (also known as APT37, ScarCruft and Reaper) group during its attacks in May 2023. https://asec.ahnlab.com/en/54349/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
"Exploring Impersonation through the Named Pipe Filesystem Driver"
#infosec #pentest #redteam
https://posts.specterops.io/exploring-impersonation-through-the-named-pipe-filesystem-driver-15f324dfbaf2
π£CyberWarship
π@malwr
#infosec #pentest #redteam
https://posts.specterops.io/exploring-impersonation-through-the-named-pipe-filesystem-driver-15f324dfbaf2
π£CyberWarship
π@malwr
π1π₯1
Swing VPN Android app with 5M+ installs can DDoS any server received from config file.
I replicated original research and the app still sends server requests every 10 seconds. I reported the app to Google Play, and it was removed within 24 hours.
Research: https://lecromee.github.io/posts/swing_vpn_ddosing_sites/
π£LukasStefanko
π@malwr
I replicated original research and the app still sends server requests every 10 seconds. I reported the app to Google Play, and it was removed within 24 hours.
Research: https://lecromee.github.io/posts/swing_vpn_ddosing_sites/
π£LukasStefanko
π@malwr
π2
Check Point researchers investigated an incident attributed to Camaro Dragon (aka Mustang Panda/LuminousMoth) involving self-propagating malware capable of spreading via USB drives. They provide a technical analysis of the infection chains & components. https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
In this short video, I show how you can debug DLL files using IDA Disassembler and rundll32.exe.
I have decided to make this video because people who start with malware analysis struggle. Hope this video will be helpful to you all.
https://youtu.be/emvkCEeA1NY
#malwareanalysis
π£MalFuzzer
π@malwr
I have decided to make this video because people who start with malware analysis struggle. Hope this video will be helpful to you all.
https://youtu.be/emvkCEeA1NY
#malwareanalysis
π£MalFuzzer
π@malwr
YouTube
Malware Analyst Professional - Level 1 Online Course - Debugging DLL Files with IDA Disassembler
Malware Analyst Professional - Level 1 Online Course - https://training.trainsec.net/malware-analyst-professional-level-1
In this short video, I show how you can debug DLL files using IDA Disassembler and rundll32.exe.
I have decided to make this video becauseβ¦
In this short video, I show how you can debug DLL files using IDA Disassembler and rundll32.exe.
I have decided to make this video becauseβ¦
π1π₯1
RE tip of the day: Here is an example of using standard structures in IDA to quickly find the meaning of the MZ-PE header fields used to dynamically resolve imports. Just add IMAGE_EXPORT_DIRECTORY structure and apply it!
#infosec #cybersecurity #malware #reverseengineering
π£re_and_more
π@malwr
#infosec #cybersecurity #malware #reverseengineering
π£re_and_more
π@malwr
GitHub - meirwah/awesome-incident-response: A curated list of tools for incident response https://github.com/meirwah/awesome-incident-response
π£akaclandestine
π@malwr
π£akaclandestine
π@malwr
GitHub
GitHub - meirwah/awesome-incident-response: A curated list of tools for incident response
A curated list of tools for incident response. Contribute to meirwah/awesome-incident-response development by creating an account on GitHub.
πΊ Tips for learning RE
How to maximize your time and avoid mind traps when learning how to reverse engineer with #OALABS
https://youtu.be/JzhpTLe8Vg4
π£herrcore
π@malwr
How to maximize your time and avoid mind traps when learning how to reverse engineer with #OALABS
https://youtu.be/JzhpTLe8Vg4
π£herrcore
π@malwr
β€3
Android Root Detection Bypass using Frida (Part 1 β OWASP Uncrackable 1)
https://pentest.co.uk/labs/android-root-detection-bypass-using-frida-1/
π£androidmalware2
π@malwr
https://pentest.co.uk/labs/android-root-detection-bypass-using-frida-1/
π£androidmalware2
π@malwr
β€2
This repo of useful WinDbg scripts from @yarden_shafir is absolute gold! https://github.com/yardenshafir/WinDbg_Scripts/
π£msuiche
π@malwr
π£msuiche
π@malwr
GitHub
GitHub - yardenshafir/WinDbg_Scripts: Useful scripts for WinDbg using the debugger data model
Useful scripts for WinDbg using the debugger data model - yardenshafir/WinDbg_Scripts
I forgot to upload my #EuskalHack slides about #Diaphora 3.0. Here you have a link to the online version:
https://docs.google.com/presentation/d/1aLPjH3_4v6Zt2cwzROzMKVBqf8w7vwYfzJCRFbA-xGQ/edit?usp=drivesdk
π£matalaz
π@malwr
https://docs.google.com/presentation/d/1aLPjH3_4v6Zt2cwzROzMKVBqf8w7vwYfzJCRFbA-xGQ/edit?usp=drivesdk
π£matalaz
π@malwr
Google Docs
Modern Binary Diffing
Modern Binary Diffing Joxean Koret
β€1
Flutter Hackers
Understand and reverse engineer Flutter APK Release Mode with #Frida
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e
π£androidmalware2
π@malwr
Understand and reverse engineer Flutter APK Release Mode with #Frida
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e
π£androidmalware2
π@malwr
π1
Hacking Auto-GPT and escaping its docker container
π£albinowax
> The docker-compose.yml file present in the repo mounts itself into the docker
I mean this is just fucking stupid so...
π€1esproc
This is the biggest issue with AI in my opinion and why it's not going to take over everyone's jobs just yet. It's too much of a black box
π€UnacceptableUse
π@malwr
π£albinowax
> The docker-compose.yml file present in the repo mounts itself into the docker
I mean this is just fucking stupid so...
π€1esproc
This is the biggest issue with AI in my opinion and why it's not going to take over everyone's jobs just yet. It's too much of a black box
π€UnacceptableUse
π@malwr
positive.security
Hacking Auto-GPT and escaping its docker container | Positive Security
We leverage indirect prompt injection to trick Auto-GPT (GPT-4) into executing arbitrary code when it is asked to perform a seemingly harmless task such as text summarization on a malicious website, and discovered vulnerabilities that allow escaping its sandboxedβ¦
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
π£thewatcher_
Do industrial attackers not know about ROP compilers? This whole silly arms race about process injection vs EDRs could be ended by simply using an existing free tools. Maybe most do and all the vendors are just fighting everyone who hasn't yet made the jump.
π€SirensToGo
π@malwr
π£thewatcher_
Do industrial attackers not know about ROP compilers? This whole silly arms race about process injection vs EDRs could be ended by simply using an existing free tools. Maybe most do and all the vendors are just fighting everyone who hasn't yet made the jump.
π€SirensToGo
π@malwr
Security Joes
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
Our research team is committed to continuously identifying potential security vulnerabilities and techniques that threat actors may exploit to bypass existing security controls. In this blog post, our team is detailing on a comprehensive research specificallyβ¦
AI Red Team: An Introduction
π£digicat
Established frameworks applied to ML and development. Thanks for nothing Nvidia, that read was a waste of time.
π€Sloky
π@malwr
π£digicat
Established frameworks applied to ML and development. Thanks for nothing Nvidia, that read was a waste of time.
π€Sloky
π@malwr
NVIDIA Technical Blog
NVIDIA AI Red Team: An Introduction
Machine learning has the promise to improve our world, and in many ways it already has. However, research and lived experiences continue to show this technology has risks. Capabilities that used to beβ¦
π1