Yaxser/Backstab: A tool to kill antimalware protected processes
https://github.com/Yaxser/Backstab
π@malwr
https://github.com/Yaxser/Backstab
π@malwr
GitHub
GitHub - Yaxser/Backstab: A tool to kill antimalware protected processes
A tool to kill antimalware protected processes. Contribute to Yaxser/Backstab development by creating an account on GitHub.
π₯1
Uncovering Malicious Infrastructure with DNS Pivoting
Demonstrating DNS pivoting and analysis techniques for uncovering Malicious infrastructure
https://embee-research.ghost.io/infrastructure-analysis-with-dns-pivoting/
π@malwr
Demonstrating DNS pivoting and analysis techniques for uncovering Malicious infrastructure
https://embee-research.ghost.io/infrastructure-analysis-with-dns-pivoting/
π@malwr
Embee Research
Introduction To Malware Infrastructure Analysis With Passive DNS
Malware Infrastructure Tracking Using Passive DNS Intelligence.
Reverse Engineering Snake Keylogger: Full .NET Malware Analysis
Discover an in-depth analysis of the Snake Keylogger malware, exposing its config, infostealing features, and anti-analysis techniques.
https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/
π@malwr
Discover an in-depth analysis of the Snake Keylogger malware, exposing its config, infostealing features, and anti-analysis techniques.
https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/
π@malwr
ANY.RUN's Cybersecurity Blog
Reverse Engineering Snake Keylogger: Full .NET Malware Analysis
Discover an in-depth analysis of the Snake Keylogger malware, exposing its config, infostealing features, and anti-analysis techniques.
π1
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/
π@malwr
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/
π@malwr
Gendigital
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day
Zero-Day Exploit Powers Advanced Rootkit
Android Malware Vultur Expands Its Wingspan
https://research.nccgroup.com/2024/03/28/android-malware-vultur-expands-its-wingspan/
π@malwr
https://research.nccgroup.com/2024/03/28/android-malware-vultur-expands-its-wingspan/
π@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
π1
WithSecureLabs/drozer: The Leading Security Assessment Framework for Android.
β Recent update
https://github.com/WithSecureLabs/drozer
π@malwr
β Recent update
https://github.com/WithSecureLabs/drozer
π@malwr
GitHub
GitHub - ReversecLabs/drozer: The Leading Security Assessment Framework for Android.
The Leading Security Assessment Framework for Android. - ReversecLabs/drozer
Operation FlightNight: Indian Government Entities and Energy Sector Targeted by Cyber Espionage Campaign
EclecticIQ analysts identified a threat actor that utilized information stealer HackBrowserData to target Indian government entities and energy sector.
https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign
π@malwr
EclecticIQ analysts identified a threat actor that utilized information stealer HackBrowserData to target Indian government entities and energy sector.
https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign
π@malwr
Eclecticiq
Operation FlightNight: Indian Government Entities and Energy Sector Targeted by Cyber Espionage Campaign
EclecticIQ analysts identified a threat actor that utilized information stealer HackBrowserData to target Indian government entities and energy sector.
Analysis of DinodasRAT Linux implant | Securelist
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.
https://securelist.com/dinodasrat-linux-implant/112284/
π@malwr
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.
https://securelist.com/dinodasrat-linux-implant/112284/
π@malwr
Securelist
Analysis of DinodasRAT Linux implant
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.
π1
Introducing SharpConflux - LRQA Nettitude Labs
SharpConflux, a .NET application built to facilitate Confluence exploitation during Red Team and Penetration Testing engagements.
https://labs.nettitude.com/blog/introducing-sharpconflux/
π@malwr
SharpConflux, a .NET application built to facilitate Confluence exploitation during Red Team and Penetration Testing engagements.
https://labs.nettitude.com/blog/introducing-sharpconflux/
π@malwr
LRQA
Introducing SharpConflux
Today, we are releasing a new tool called SharpConflux, a .NET application built to facilitate Confluence exploration. It allows Red Team operators to easily investigate Confluence instances with the goal of finding credential material and documentation relatingβ¦
Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild
Overview The SonicWall Capture Labs threat research team recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file
https://blog.sonicwall.com/en-us/2024/03/new-multi-stage-stopcrypt-ransomware/
π@malwr
Overview The SonicWall Capture Labs threat research team recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file
https://blog.sonicwall.com/en-us/2024/03/new-multi-stage-stopcrypt-ransomware/
π@malwr
Malware Development Essentials Part 1 | by Smukx | Mar, 2024 | Medium
For Malware development and security professionals, understanding the inner workings of Windows is crucial. Windows internals, the hidden world beneath the user interface, can harbor vulnerabilitiesβ¦
https://smukx.medium.com/malware-development-essentials-part-1-5f4626652ed9
π@malwr
For Malware development and security professionals, understanding the inner workings of Windows is crucial. Windows internals, the hidden world beneath the user interface, can harbor vulnerabilitiesβ¦
https://smukx.medium.com/malware-development-essentials-part-1-5f4626652ed9
π@malwr
Medium
Malware Development Essentials Part 1
Become an Beginner to Intermediate on Maldev field. This covers Fundamentals, core concepts, Functions , OS Internets and moreβ¦
Cracked5pider/LdrLibraryEx: A small x64 library to load dll's into memory.
https://github.com/Cracked5pider/LdrLibraryEx
π@malwr
https://github.com/Cracked5pider/LdrLibraryEx
π@malwr
GitHub
GitHub - Cracked5pider/LdrLibraryEx: A small x64 library to load dll's into memory.
A small x64 library to load dll's into memory. Contribute to Cracked5pider/LdrLibraryEx development by creating an account on GitHub.
Windows Memory Forensics
How to hunt for anomalies in a Windows Memory Dump
https://blog.cyber5w.com/anomalies-hunting-in-windows-memory-dump
π@malwr
How to hunt for anomalies in a Windows Memory Dump
https://blog.cyber5w.com/anomalies-hunting-in-windows-memory-dump
π@malwr
VMware ESXi Forensic with Velociraptor
Introduction During our investigations, we have come across more and more VMware ESXi hypervisors.
https://www.synacktiv.com/en/publications/vmware-esxi-forensic-with-velociraptor.html
π@malwr
Introduction During our investigations, we have come across more and more VMware ESXi hypervisors.
https://www.synacktiv.com/en/publications/vmware-esxi-forensic-with-velociraptor.html
π@malwr
Synacktiv
VMware ESXi Forensic with Velociraptor
New DinodasRAT Used as Linux Implants Worldwide: First Known Variant Still remains a Mystery
DinodasRAT is a C++ backdoor that was initially used to attack government organizations in Guyana. A new Linux variant targeting Red Hat and Ubuntu Linux has been discovered. The malware establishes persistence using Systemd and SystemV, communicates with C2 servers via TCP or UDP, and uses encryption. Its infrastructure has been linked to specific IP addresses and domains, affecting several countries.
https://hackhunting.com/2024/03/29/new-dinodasrat-used-as-linux-implants-worldwide-first-known-variant-still-remains-a-mystery/
π@malwr
DinodasRAT is a C++ backdoor that was initially used to attack government organizations in Guyana. A new Linux variant targeting Red Hat and Ubuntu Linux has been discovered. The malware establishes persistence using Systemd and SystemV, communicates with C2 servers via TCP or UDP, and uses encryption. Its infrastructure has been linked to specific IP addresses and domains, affecting several countries.
https://hackhunting.com/2024/03/29/new-dinodasrat-used-as-linux-implants-worldwide-first-known-variant-still-remains-a-mystery/
π@malwr
Geeoon/DNS-Tunnel-Keylogger: Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes through firewalls.
https://github.com/Geeoon/DNS-Tunnel-Keylogger
π@malwr
https://github.com/Geeoon/DNS-Tunnel-Keylogger
π@malwr
GitHub
GitHub - Geeoon/DNS-Tunnel-Keylogger: Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokesβ¦
Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes through firewalls. - Geeoon/DNS-Tunnel-Keylogger
New Malicious PyPI Packages used by Lazarus
JPCERT/CC has confirmed that Lazarus has released malicious Python packages to PyPI, the official Python package repository...
https://blogs.jpcert.or.jp/en/2024/02/lazarus_pypi.html
π@malwr
JPCERT/CC has confirmed that Lazarus has released malicious Python packages to PyPI, the official Python package repository...
https://blogs.jpcert.or.jp/en/2024/02/lazarus_pypi.html
π@malwr
JPCERT/CC Eyes
New Malicious PyPI Packages used by Lazarus - JPCERT/CC Eyes
JPCERT/CC has confirmed that Lazarus has released malicious Python packages to PyPI, the official Python package repository (Figure 1). The Python packages confirmed this time are as follows: * pycryptoenv * pycryptoconf * quasarlib * swapmempool The packageβ¦
Quick Forensics Analysis of Apache logs - SANS Internet Storm Center
Quick Forensics Analysis of Apache logs, Author: Xavier Mertens
https://isc.sans.edu/diary/30792
π@malwr
Quick Forensics Analysis of Apache logs, Author: Xavier Mertens
https://isc.sans.edu/diary/30792
π@malwr
SANS Internet Storm Center
Quick Forensics Analysis of Apache logs - SANS ISC
Quick Forensics Analysis of Apache logs, Author: Xavier Mertens
π1