Agent Tesla [Part 1: Unpacking] | Ryan Weil
Introduction
https://ryan-weil.github.io/posts/AGENT-TESLA-1/
π@malwr
Introduction
https://ryan-weil.github.io/posts/AGENT-TESLA-1/
π@malwr
Ryan Weil
Agent Tesla Analysis [Part 1: Unpacking]
Introduction
π1
Agent Tesla [Part 2: Deobfuscation] | Ryan Weil
Introduction
https://ryan-weil.github.io/posts/AGENT-TESLA-2/
π@malwr
Introduction
https://ryan-weil.github.io/posts/AGENT-TESLA-2/
π@malwr
Ryan Weil
Agent Tesla Analysis [Part 2: Deobfuscation]
Introduction
π1
Release Ghidra 11.0.2 Β· NationalSecurityAgency/ghidra Β· GitHub
https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_11.0.2_build
π@malwr
https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_11.0.2_build
π@malwr
GitHub
Release Ghidra 11.0.2 Β· NationalSecurityAgency/ghidra
What's New
Change History
Installation Guide
SHA-256: 4f16ae3f288f8c01fd1872e8e55b25c79744e7b1e8a9383c5e576668ca7d1906
Change History
Installation Guide
SHA-256: 4f16ae3f288f8c01fd1872e8e55b25c79744e7b1e8a9383c5e576668ca7d1906
βCVE-2024-21388β- Microsoft Edgeβs Marketing API Exploited for Covert Extension Installation | by Guardio | Mar, 2024 | Medium
At Guardio, making browsing safer is what we do best, with one of our key products being a browser extension that boosts usersβ security on desktop browsers. Our expertise in this area led us toβ¦
https://labs.guard.io/cve-2024-21388-microsoft-edges-marketing-api-exploited-for-covert-extension-installation-879fe5ad35ca
π@malwr
At Guardio, making browsing safer is what we do best, with one of our key products being a browser extension that boosts usersβ security on desktop browsers. Our expertise in this area led us toβ¦
https://labs.guard.io/cve-2024-21388-microsoft-edges-marketing-api-exploited-for-covert-extension-installation-879fe5ad35ca
π@malwr
Medium
βCVE-2024-21388β- Microsoft Edgeβs Marketing API Exploited for Covert Extension Installation
By Oleg Zaytsev (Guardio Labs)
π1
Yaxser/Backstab: A tool to kill antimalware protected processes
https://github.com/Yaxser/Backstab
π@malwr
https://github.com/Yaxser/Backstab
π@malwr
GitHub
GitHub - Yaxser/Backstab: A tool to kill antimalware protected processes
A tool to kill antimalware protected processes. Contribute to Yaxser/Backstab development by creating an account on GitHub.
π₯1
Uncovering Malicious Infrastructure with DNS Pivoting
Demonstrating DNS pivoting and analysis techniques for uncovering Malicious infrastructure
https://embee-research.ghost.io/infrastructure-analysis-with-dns-pivoting/
π@malwr
Demonstrating DNS pivoting and analysis techniques for uncovering Malicious infrastructure
https://embee-research.ghost.io/infrastructure-analysis-with-dns-pivoting/
π@malwr
Embee Research
Introduction To Malware Infrastructure Analysis With Passive DNS
Malware Infrastructure Tracking Using Passive DNS Intelligence.
Reverse Engineering Snake Keylogger: Full .NET Malware Analysis
Discover an in-depth analysis of the Snake Keylogger malware, exposing its config, infostealing features, and anti-analysis techniques.
https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/
π@malwr
Discover an in-depth analysis of the Snake Keylogger malware, exposing its config, infostealing features, and anti-analysis techniques.
https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/
π@malwr
ANY.RUN's Cybersecurity Blog
Reverse Engineering Snake Keylogger: Full .NET Malware Analysis
Discover an in-depth analysis of the Snake Keylogger malware, exposing its config, infostealing features, and anti-analysis techniques.
π1
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/
π@malwr
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/
π@malwr
Gendigital
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day
Zero-Day Exploit Powers Advanced Rootkit
Android Malware Vultur Expands Its Wingspan
https://research.nccgroup.com/2024/03/28/android-malware-vultur-expands-its-wingspan/
π@malwr
https://research.nccgroup.com/2024/03/28/android-malware-vultur-expands-its-wingspan/
π@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
π1
WithSecureLabs/drozer: The Leading Security Assessment Framework for Android.
β Recent update
https://github.com/WithSecureLabs/drozer
π@malwr
β Recent update
https://github.com/WithSecureLabs/drozer
π@malwr
GitHub
GitHub - ReversecLabs/drozer: The Leading Security Assessment Framework for Android.
The Leading Security Assessment Framework for Android. - ReversecLabs/drozer
Operation FlightNight: Indian Government Entities and Energy Sector Targeted by Cyber Espionage Campaign
EclecticIQ analysts identified a threat actor that utilized information stealer HackBrowserData to target Indian government entities and energy sector.
https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign
π@malwr
EclecticIQ analysts identified a threat actor that utilized information stealer HackBrowserData to target Indian government entities and energy sector.
https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign
π@malwr
Eclecticiq
Operation FlightNight: Indian Government Entities and Energy Sector Targeted by Cyber Espionage Campaign
EclecticIQ analysts identified a threat actor that utilized information stealer HackBrowserData to target Indian government entities and energy sector.
Analysis of DinodasRAT Linux implant | Securelist
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.
https://securelist.com/dinodasrat-linux-implant/112284/
π@malwr
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.
https://securelist.com/dinodasrat-linux-implant/112284/
π@malwr
Securelist
Analysis of DinodasRAT Linux implant
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.
π1
Introducing SharpConflux - LRQA Nettitude Labs
SharpConflux, a .NET application built to facilitate Confluence exploitation during Red Team and Penetration Testing engagements.
https://labs.nettitude.com/blog/introducing-sharpconflux/
π@malwr
SharpConflux, a .NET application built to facilitate Confluence exploitation during Red Team and Penetration Testing engagements.
https://labs.nettitude.com/blog/introducing-sharpconflux/
π@malwr
LRQA
Introducing SharpConflux
Today, we are releasing a new tool called SharpConflux, a .NET application built to facilitate Confluence exploration. It allows Red Team operators to easily investigate Confluence instances with the goal of finding credential material and documentation relatingβ¦
Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild
Overview The SonicWall Capture Labs threat research team recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file
https://blog.sonicwall.com/en-us/2024/03/new-multi-stage-stopcrypt-ransomware/
π@malwr
Overview The SonicWall Capture Labs threat research team recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file
https://blog.sonicwall.com/en-us/2024/03/new-multi-stage-stopcrypt-ransomware/
π@malwr
Malware Development Essentials Part 1 | by Smukx | Mar, 2024 | Medium
For Malware development and security professionals, understanding the inner workings of Windows is crucial. Windows internals, the hidden world beneath the user interface, can harbor vulnerabilitiesβ¦
https://smukx.medium.com/malware-development-essentials-part-1-5f4626652ed9
π@malwr
For Malware development and security professionals, understanding the inner workings of Windows is crucial. Windows internals, the hidden world beneath the user interface, can harbor vulnerabilitiesβ¦
https://smukx.medium.com/malware-development-essentials-part-1-5f4626652ed9
π@malwr
Medium
Malware Development Essentials Part 1
Become an Beginner to Intermediate on Maldev field. This covers Fundamentals, core concepts, Functions , OS Internets and moreβ¦
Cracked5pider/LdrLibraryEx: A small x64 library to load dll's into memory.
https://github.com/Cracked5pider/LdrLibraryEx
π@malwr
https://github.com/Cracked5pider/LdrLibraryEx
π@malwr
GitHub
GitHub - Cracked5pider/LdrLibraryEx: A small x64 library to load dll's into memory.
A small x64 library to load dll's into memory. Contribute to Cracked5pider/LdrLibraryEx development by creating an account on GitHub.
Windows Memory Forensics
How to hunt for anomalies in a Windows Memory Dump
https://blog.cyber5w.com/anomalies-hunting-in-windows-memory-dump
π@malwr
How to hunt for anomalies in a Windows Memory Dump
https://blog.cyber5w.com/anomalies-hunting-in-windows-memory-dump
π@malwr
VMware ESXi Forensic with Velociraptor
Introduction During our investigations, we have come across more and more VMware ESXi hypervisors.
https://www.synacktiv.com/en/publications/vmware-esxi-forensic-with-velociraptor.html
π@malwr
Introduction During our investigations, we have come across more and more VMware ESXi hypervisors.
https://www.synacktiv.com/en/publications/vmware-esxi-forensic-with-velociraptor.html
π@malwr
Synacktiv
VMware ESXi Forensic with Velociraptor