Leveraging a Hooking Framework to Expand Malware Detection Coverage on the Android Platform
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
Unit 42
Leveraging a Hooking Framework to Expand Malware Detection Coverage on the Android Platform
We employ static and dynamic analysis to dissect two case studies using obfuscation in Android malware: a Cerberus banking trojan and HiddenAd adware.
LatLoader: PoC module to demonstrate automated lateral movement with the Havoc C2 framework.
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
GitHub
GitHub - icyguider/LatLoader: PoC module to demonstrate automated lateral movement with the Havoc C2 framework.
PoC module to demonstrate automated lateral movement with the Havoc C2 framework. - icyguider/LatLoader
FASER: Binary Code Similarity Search through the use of Intermediate Representations or Cross-Architecture Function Similarity Search Model
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
GitHub
GitHub - br0kej/FASER: Cross-Architecture Function Similarity Search Model - https://arxiv.org/abs/2310.03605
Cross-Architecture Function Similarity Search Model - https://arxiv.org/abs/2310.03605 - br0kej/FASER
[RELEASE KsDumper 11 v1.3](https://github.com/mastercodeon314/KsDumper-11)
๐ฃMastercodeon314
Updated KsDumper 11 to v1.3.
Now uses KDU v1.3.4, has new Provider selector, did away with the old provider scanner that would cause frequent crashes, updated to .NET Framework 4.8.
Stability of KsDumper 11 should be MUCH better now!
๐คMastercodeon314
๐@malwr
๐ฃMastercodeon314
Updated KsDumper 11 to v1.3.
Now uses KDU v1.3.4, has new Provider selector, did away with the old provider scanner that would cause frequent crashes, updated to .NET Framework 4.8.
Stability of KsDumper 11 should be MUCH better now!
๐คMastercodeon314
๐@malwr
GitHub
GitHub - mastercodeon314/KsDumper-11: A revival of the classic and legendary KsDumper
A revival of the classic and legendary KsDumper. Contribute to mastercodeon314/KsDumper-11 development by creating an account on GitHub.
Predator Files: Technical deep-dive into Intellexa Allianceโs surveillance products
๐ฃyzoug
๐@malwr
๐ฃyzoug
๐@malwr
Amnesty International Security Lab
Predator Files: Technical deep-dive into Intellexa Alliance's surveillance products - Amnesty International Security Lab
An expose the Intellexa Alliance's surveillance capabilities including advanced spyware, mass surveillance platforms, and tactical systems for targeting and intercepting nearby devices.
Digital Defense Report 2023 - fourth annual edition of the report we share actionable steps and valuable insights from what weโre seeing for the reporting period from July 2022 through June 2023.
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
Microsoft
Microsoft Digital Defense Report 2023 (MDDR)
Read the Microsoft Digital Defense Report 2023 to gain the latest cybersecurity insights into the digital threat landscape and learn how you can empower your organization's digital defense
R2R stomping โ are you ready to run?
https://research.checkpoint.com/2023/r2r-stomping-are-you-ready-to-run/
๐@malwr
https://research.checkpoint.com/2023/r2r-stomping-are-you-ready-to-run/
๐@malwr
Check Point Research
R2R stomping โ are you ready to run? - Check Point Research
Research by: Jiri Vinopal Highlights Abstract What if we told you that the reality you perceive with your very own eyes is not always what it seems? That the .NET code you witness executing within your beloved managed debugger, such as dnSpy/dnSpyEx, mayโฆ
9th October โ Threat Intelligence Report
https://research.checkpoint.com/2023/9th-october-threat-intelligence-report/
๐@malwr
https://research.checkpoint.com/2023/9th-october-threat-intelligence-report/
๐@malwr
Check Point Research
9th October โ Threat Intelligence Report - Check Point Research
For the latest discoveries in cyber research for the week of 9th October, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES The American Rock County Public Health Department, which serves more than 160K people across Wisconsin areaโฆ
Electric Power System Cybersecurity Vulnerabilities
Digitalization has changed the business environment of the electric power industry, exposing it to various threats. This webinar will help you uncover previously unnoticed threats and develop countermeasures and solutions.
https://www.trendmicro.com/en_us/research/23/j/electric-power-system-cybersecurity-vulnerabilities.html
๐@malwr
Digitalization has changed the business environment of the electric power industry, exposing it to various threats. This webinar will help you uncover previously unnoticed threats and develop countermeasures and solutions.
https://www.trendmicro.com/en_us/research/23/j/electric-power-system-cybersecurity-vulnerabilities.html
๐@malwr
Trend Micro
Electric Power System Cybersecurity Vulnerabilities
Learn about cybersecurity vulnerabilities in electric power systems by watching this recent webinar.
2023-10-04 - DarkGate malware infection
https://www.malware-traffic-analysis.net/2023/10/04/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2023/10/04/index.html
๐@malwr
Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2
Summary Summary Beginning in September 2023, Microsoft was notified by industry partners about a newly identified Distributed Denial-of-Service (DDoS) attack technique being used in the wild targeting HTTP/2 protocol. This vulnerability (CVE-2023-44487) impacts any internet exposed HTTP/2 endpoints. As an industry leader, Microsoft promptly opened an investigation and subsequently began working with industry partners for a coordinated disclosure and mitigation plan.
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
๐@malwr
Summary Summary Beginning in September 2023, Microsoft was notified by industry partners about a newly identified Distributed Denial-of-Service (DDoS) attack technique being used in the wild targeting HTTP/2 protocol. This vulnerability (CVE-2023-44487) impacts any internet exposed HTTP/2 endpoints. As an industry leader, Microsoft promptly opened an investigation and subsequently began working with industry partners for a coordinated disclosure and mitigation plan.
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
๐@malwr
The October 2023 Security Update Review
https://www.thezdi.com/blog/2023/10/10/the-october-2023-security-update-review
๐@malwr
https://www.thezdi.com/blog/2023/10/10/the-october-2023-security-update-review
๐@malwr
Zero Day Initiative
Zero Day Initiative โ The October 2023 Security Update Review
Twenty years ago this month, Microsoft introduced the concept of โPatch Tuesdayโ โ although the marketing folks wanted it called โUpdate Tuesdayโ (they didnโt like the word โpatchโ). Over the years, more companies joined the Patch Tuesday bandwagon. Hereโฆ
๐1
10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows
Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands on the targeted device.
https://blog.talosintelligence.com/vulnerability-roundup-webkit-and-yifan-router/
๐@malwr
Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands on the targeted device.
https://blog.talosintelligence.com/vulnerability-roundup-webkit-and-yifan-router/
๐@malwr
Cisco Talos Blog
10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows
Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands on the targeted device.
Stayinโ Alive โ Targeted Attacks Against Telecoms and Government Ministries in Asia
https://research.checkpoint.com/2023/stayin-alive-targeted-attacks-against-telecoms-and-government-ministries-in-asia/
๐@malwr
https://research.checkpoint.com/2023/stayin-alive-targeted-attacks-against-telecoms-and-government-ministries-in-asia/
๐@malwr
Check Point Research
Stayinโ Alive - Targeted Attacks Against Telecoms and Government Ministries in Asia - Check Point Research
Introduction In the last few months, Check Point Research has been tracking โStayinโ Aliveโ, an ongoing campaign that has been active since at least 2021. The campaign operates in Asia, primarily targeting the Telecom industry, as well as government organizations.โฆ