Swing VPN Android app with 5M+ installs can DDoS any server received from config file.
I replicated original research and the app still sends server requests every 10 seconds. I reported the app to Google Play, and it was removed within 24 hours.
Research: https://lecromee.github.io/posts/swing_vpn_ddosing_sites/
🗣LukasStefanko
🎖@malwr
I replicated original research and the app still sends server requests every 10 seconds. I reported the app to Google Play, and it was removed within 24 hours.
Research: https://lecromee.github.io/posts/swing_vpn_ddosing_sites/
🗣LukasStefanko
🎖@malwr
👍2
Check Point researchers investigated an incident attributed to Camaro Dragon (aka Mustang Panda/LuminousMoth) involving self-propagating malware capable of spreading via USB drives. They provide a technical analysis of the infection chains & components. https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/
🗣virusbtn
🎖@malwr
🗣virusbtn
🎖@malwr
In this short video, I show how you can debug DLL files using IDA Disassembler and rundll32.exe.
I have decided to make this video because people who start with malware analysis struggle. Hope this video will be helpful to you all.
https://youtu.be/emvkCEeA1NY
#malwareanalysis
🗣MalFuzzer
🎖@malwr
I have decided to make this video because people who start with malware analysis struggle. Hope this video will be helpful to you all.
https://youtu.be/emvkCEeA1NY
#malwareanalysis
🗣MalFuzzer
🎖@malwr
YouTube
Malware Analyst Professional - Level 1 Online Course - Debugging DLL Files with IDA Disassembler
Malware Analyst Professional - Level 1 Online Course - https://training.trainsec.net/malware-analyst-professional-level-1
In this short video, I show how you can debug DLL files using IDA Disassembler and rundll32.exe.
I have decided to make this video because…
In this short video, I show how you can debug DLL files using IDA Disassembler and rundll32.exe.
I have decided to make this video because…
👍1🔥1
RE tip of the day: Here is an example of using standard structures in IDA to quickly find the meaning of the MZ-PE header fields used to dynamically resolve imports. Just add IMAGE_EXPORT_DIRECTORY structure and apply it!
#infosec #cybersecurity #malware #reverseengineering
🗣re_and_more
🎖@malwr
#infosec #cybersecurity #malware #reverseengineering
🗣re_and_more
🎖@malwr
GitHub - meirwah/awesome-incident-response: A curated list of tools for incident response https://github.com/meirwah/awesome-incident-response
🗣akaclandestine
🎖@malwr
🗣akaclandestine
🎖@malwr
GitHub
GitHub - meirwah/awesome-incident-response: A curated list of tools for incident response
A curated list of tools for incident response. Contribute to meirwah/awesome-incident-response development by creating an account on GitHub.
📺 Tips for learning RE
How to maximize your time and avoid mind traps when learning how to reverse engineer with #OALABS
https://youtu.be/JzhpTLe8Vg4
🗣herrcore
🎖@malwr
How to maximize your time and avoid mind traps when learning how to reverse engineer with #OALABS
https://youtu.be/JzhpTLe8Vg4
🗣herrcore
🎖@malwr
❤3
Android Root Detection Bypass using Frida (Part 1 – OWASP Uncrackable 1)
https://pentest.co.uk/labs/android-root-detection-bypass-using-frida-1/
🗣androidmalware2
🎖@malwr
https://pentest.co.uk/labs/android-root-detection-bypass-using-frida-1/
🗣androidmalware2
🎖@malwr
❤2
This repo of useful WinDbg scripts from @yarden_shafir is absolute gold! https://github.com/yardenshafir/WinDbg_Scripts/
🗣msuiche
🎖@malwr
🗣msuiche
🎖@malwr
GitHub
GitHub - yardenshafir/WinDbg_Scripts: Useful scripts for WinDbg using the debugger data model
Useful scripts for WinDbg using the debugger data model - yardenshafir/WinDbg_Scripts
I forgot to upload my #EuskalHack slides about #Diaphora 3.0. Here you have a link to the online version:
https://docs.google.com/presentation/d/1aLPjH3_4v6Zt2cwzROzMKVBqf8w7vwYfzJCRFbA-xGQ/edit?usp=drivesdk
🗣matalaz
🎖@malwr
https://docs.google.com/presentation/d/1aLPjH3_4v6Zt2cwzROzMKVBqf8w7vwYfzJCRFbA-xGQ/edit?usp=drivesdk
🗣matalaz
🎖@malwr
Google Docs
Modern Binary Diffing
Modern Binary Diffing Joxean Koret
❤1
Flutter Hackers
Understand and reverse engineer Flutter APK Release Mode with #Frida
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e
🗣androidmalware2
🎖@malwr
Understand and reverse engineer Flutter APK Release Mode with #Frida
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e
🗣androidmalware2
🎖@malwr
👍1
Hacking Auto-GPT and escaping its docker container
🗣albinowax
> The docker-compose.yml file present in the repo mounts itself into the docker
I mean this is just fucking stupid so...
👤1esproc
This is the biggest issue with AI in my opinion and why it's not going to take over everyone's jobs just yet. It's too much of a black box
👤UnacceptableUse
🎖@malwr
🗣albinowax
> The docker-compose.yml file present in the repo mounts itself into the docker
I mean this is just fucking stupid so...
👤1esproc
This is the biggest issue with AI in my opinion and why it's not going to take over everyone's jobs just yet. It's too much of a black box
👤UnacceptableUse
🎖@malwr
positive.security
Hacking Auto-GPT and escaping its docker container | Positive Security
We leverage indirect prompt injection to trick Auto-GPT (GPT-4) into executing arbitrary code when it is asked to perform a seemingly harmless task such as text summarization on a malicious website, and discovered vulnerabilities that allow escaping its sandboxed…
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
🗣thewatcher_
Do industrial attackers not know about ROP compilers? This whole silly arms race about process injection vs EDRs could be ended by simply using an existing free tools. Maybe most do and all the vendors are just fighting everyone who hasn't yet made the jump.
👤SirensToGo
🎖@malwr
🗣thewatcher_
Do industrial attackers not know about ROP compilers? This whole silly arms race about process injection vs EDRs could be ended by simply using an existing free tools. Maybe most do and all the vendors are just fighting everyone who hasn't yet made the jump.
👤SirensToGo
🎖@malwr
Security Joes
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
Our research team is committed to continuously identifying potential security vulnerabilities and techniques that threat actors may exploit to bypass existing security controls. In this blog post, our team is detailing on a comprehensive research specifically…
AI Red Team: An Introduction
🗣digicat
Established frameworks applied to ML and development. Thanks for nothing Nvidia, that read was a waste of time.
👤Sloky
🎖@malwr
🗣digicat
Established frameworks applied to ML and development. Thanks for nothing Nvidia, that read was a waste of time.
👤Sloky
🎖@malwr
NVIDIA Technical Blog
NVIDIA AI Red Team: An Introduction
Machine learning has the promise to improve our world, and in many ways it already has. However, research and lived experiences continue to show this technology has risks. Capabilities that used to be…
👍1
New Malware Analysis/RE plugin is now available!🚨
IAT-Tracer is an offline automation plugin for the Tiny-Tracer framework (by @hasherezade) to trace and watch functions directly out of the executable's import table.
https://github.com/YoavLevi/IAT-Tracer
ℹ️ Thanks Levi, for such a nice tool.
🎖@malwr
IAT-Tracer is an offline automation plugin for the Tiny-Tracer framework (by @hasherezade) to trace and watch functions directly out of the executable's import table.
https://github.com/YoavLevi/IAT-Tracer
ℹ️ Thanks Levi, for such a nice tool.
🎖@malwr
GitHub
GitHub - YoavLevi/IAT-Tracer: An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's…
An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (.tag) files. - YoavLevi/IAT-Tracer
❤2
疑似摩诃草组织利用WarHawk后门变种Spyder窥伺多国 - The suspected Maha grass organization uses the WarHawk backdoor variant Spyder to spy on many countries
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
微信公众平台
疑似摩诃草组织利用WarHawk后门变种Spyder窥伺多国
近期,奇安信威胁情报中心在日常样本跟踪分析过程中,发现一批与摩诃草存在关联的恶意样本,攻击者使用的后门并非摩诃草组织此前常用的木马。根据Spyder后门早期样本使用的数字签名和以此关联到的Remcos木马样本,怀疑背后的攻击团伙是摩诃草。
[CVE-2022-43684 - Insecure Access Control to Full Administrator Takeover in ServiceNow Instances](https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/)
🗣Rezk0n_
🎖@malwr
🗣Rezk0n_
🎖@malwr
R3zk0n
ServiceNow Insecure Access Control To Full Admin Takeover
ServiceNow Insecure Access Control leading to Administrator Account Takeover - CVE-2022-43684
👍1
HexWalk 1.4.0 , Hex Analyzer new release for Windows/Mac/Linux, new release with Byte Patterns (header color tags + YAML format)
🗣gcarmix1
Can I compare two or more files so it would highlight same patterns even if they're shifted?
👤1mrpeter
Does HexWalk do everything that 010 editor does?
👤WindyDaysAreWindy
🎖@malwr
🗣gcarmix1
Can I compare two or more files so it would highlight same patterns even if they're shifted?
👤1mrpeter
Does HexWalk do everything that 010 editor does?
👤WindyDaysAreWindy
🎖@malwr
GitHub
GitHub - gcarmix/HexWalk: Hex Viewer/Editor/Analyzer compatible with Linux/Windows/MacOS
Hex Viewer/Editor/Analyzer compatible with Linux/Windows/MacOS - gcarmix/HexWalk