Cracked5pider/LdrLibraryEx: A small x64 library to load dll's into memory.
https://github.com/Cracked5pider/LdrLibraryEx
π@malwr
https://github.com/Cracked5pider/LdrLibraryEx
π@malwr
GitHub
GitHub - Cracked5pider/LdrLibraryEx: A small x64 library to load dll's into memory.
A small x64 library to load dll's into memory. Contribute to Cracked5pider/LdrLibraryEx development by creating an account on GitHub.
Windows Memory Forensics
How to hunt for anomalies in a Windows Memory Dump
https://blog.cyber5w.com/anomalies-hunting-in-windows-memory-dump
π@malwr
How to hunt for anomalies in a Windows Memory Dump
https://blog.cyber5w.com/anomalies-hunting-in-windows-memory-dump
π@malwr
VMware ESXi Forensic with Velociraptor
Introduction During our investigations, we have come across more and more VMware ESXi hypervisors.
https://www.synacktiv.com/en/publications/vmware-esxi-forensic-with-velociraptor.html
π@malwr
Introduction During our investigations, we have come across more and more VMware ESXi hypervisors.
https://www.synacktiv.com/en/publications/vmware-esxi-forensic-with-velociraptor.html
π@malwr
Synacktiv
VMware ESXi Forensic with Velociraptor
New DinodasRAT Used as Linux Implants Worldwide: First Known Variant Still remains a Mystery
DinodasRAT is a C++ backdoor that was initially used to attack government organizations in Guyana. A new Linux variant targeting Red Hat and Ubuntu Linux has been discovered. The malware establishes persistence using Systemd and SystemV, communicates with C2 servers via TCP or UDP, and uses encryption. Its infrastructure has been linked to specific IP addresses and domains, affecting several countries.
https://hackhunting.com/2024/03/29/new-dinodasrat-used-as-linux-implants-worldwide-first-known-variant-still-remains-a-mystery/
π@malwr
DinodasRAT is a C++ backdoor that was initially used to attack government organizations in Guyana. A new Linux variant targeting Red Hat and Ubuntu Linux has been discovered. The malware establishes persistence using Systemd and SystemV, communicates with C2 servers via TCP or UDP, and uses encryption. Its infrastructure has been linked to specific IP addresses and domains, affecting several countries.
https://hackhunting.com/2024/03/29/new-dinodasrat-used-as-linux-implants-worldwide-first-known-variant-still-remains-a-mystery/
π@malwr
Geeoon/DNS-Tunnel-Keylogger: Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes through firewalls.
https://github.com/Geeoon/DNS-Tunnel-Keylogger
π@malwr
https://github.com/Geeoon/DNS-Tunnel-Keylogger
π@malwr
GitHub
GitHub - Geeoon/DNS-Tunnel-Keylogger: Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokesβ¦
Keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes through firewalls. - Geeoon/DNS-Tunnel-Keylogger
New Malicious PyPI Packages used by Lazarus
JPCERT/CC has confirmed that Lazarus has released malicious Python packages to PyPI, the official Python package repository...
https://blogs.jpcert.or.jp/en/2024/02/lazarus_pypi.html
π@malwr
JPCERT/CC has confirmed that Lazarus has released malicious Python packages to PyPI, the official Python package repository...
https://blogs.jpcert.or.jp/en/2024/02/lazarus_pypi.html
π@malwr
JPCERT/CC Eyes
New Malicious PyPI Packages used by Lazarus - JPCERT/CC Eyes
JPCERT/CC has confirmed that Lazarus has released malicious Python packages to PyPI, the official Python package repository (Figure 1). The Python packages confirmed this time are as follows: * pycryptoenv * pycryptoconf * quasarlib * swapmempool The packageβ¦
Quick Forensics Analysis of Apache logs - SANS Internet Storm Center
Quick Forensics Analysis of Apache logs, Author: Xavier Mertens
https://isc.sans.edu/diary/30792
π@malwr
Quick Forensics Analysis of Apache logs, Author: Xavier Mertens
https://isc.sans.edu/diary/30792
π@malwr
SANS Internet Storm Center
Quick Forensics Analysis of Apache logs - SANS ISC
Quick Forensics Analysis of Apache logs, Author: Xavier Mertens
π1
In-the-Wild Windows LPE 0-days: Insights & Detection Strategies β Elastic Security Labs
This article will evaluate detection methods for Windows local privilege escalation techniques based on dynamic behaviors analysis using Elastic Defend features.
https://www.elastic.co/security-labs/itw-windows-lpe-0days-insights-and-detection-strategies
π@malwr
This article will evaluate detection methods for Windows local privilege escalation techniques based on dynamic behaviors analysis using Elastic Defend features.
https://www.elastic.co/security-labs/itw-windows-lpe-0days-insights-and-detection-strategies
π@malwr
www.elastic.co
In-the-Wild Windows LPE 0-days: Insights & Detection Strategies β Elastic Security Labs
This article will evaluate detection methods for Windows local privilege escalation techniques based on dynamic behaviors analysis using Elastic Defend features.
Advanced CyberChef Techniques for Configuration Extraction - Detailed Walkthrough and Examples
Advanced CyberChef techniques using Registers, Regex and Flow Control
https://embee-research.ghost.io/advanced-cyberchef-operations-netsupport/
π@malwr
Advanced CyberChef techniques using Registers, Regex and Flow Control
https://embee-research.ghost.io/advanced-cyberchef-operations-netsupport/
π@malwr
Embee Research
Advanced CyberChef Techniques For Malware Analysis - Detailed Walkthrough and Examples
Advanced CyberChef techniques using Registers, Regex and Flow Control
Android Malware Vultur Expands Its Wingspan β Fox-IT International blog
Authored by Joshua Kamp Executive summary The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim's mobile device. Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that areβ¦
https://blog.fox-it.com/2024/03/28/android-malware-vultur-expands-its-wingspan/
π@malwr
Authored by Joshua Kamp Executive summary The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim's mobile device. Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that areβ¦
https://blog.fox-it.com/2024/03/28/android-malware-vultur-expands-its-wingspan/
π@malwr
Fox-IT International blog
Android Malware Vultur Expands Its Wingspan
Authored by Joshua Kamp Executive summary The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely intβ¦
[Nullcon Berlin 2024] The complexity of reversing Flutter applications
Flutter is a cross-platform application development platform. With the same codebase, developers write and compile native applications for Android,...
https://filestore.fortinet.com/fortiguard/research/nullcon.pdf
π@malwr
Flutter is a cross-platform application development platform. With the same codebase, developers write and compile native applications for Android,...
https://filestore.fortinet.com/fortiguard/research/nullcon.pdf
π@malwr
Keylogging in the Windows kernel with undocumented data structures // eversinc33
https://eversinc33.com/posts/kernel-mode-keylogging/
π@malwr
https://eversinc33.com/posts/kernel-mode-keylogging/
π@malwr
β€1
Forwarded from CVE Notify
π¨ CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0.
Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
π@cveNotify
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0.
Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
π@cveNotify
π±2π1
Mindmap/Tools at main Β· Ignitetechnologies/Mindmap Β· GitHub
Red Team & Blue Team Tools Cheat Sheet
https://github.com/Ignitetechnologies/Mindmap/tree/main/Tools
π@malwr
Red Team & Blue Team Tools Cheat Sheet
https://github.com/Ignitetechnologies/Mindmap/tree/main/Tools
π@malwr
GitHub
Mindmap/Tools at main Β· Ignitetechnologies/Mindmap
This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them - Ignitetechnologies/Mindmap
https://x.com/cyb3rops/status/1774024044288806987?t=AW9VZPEFKraSXuUYraPfug
https://github.com/Neo23x0/signature-base/blob/master/yara/bkdr_xz_util_cve_2024_3094.yar
π@malwr
https://github.com/Neo23x0/signature-base/blob/master/yara/bkdr_xz_util_cve_2024_3094.yar
π@malwr
X (formerly Twitter)
Florian Roth β‘οΈ (@cyb3rops) on X
Here is my first set of #YARA rules to detect the backdoored XZ packages
Report
https://t.co/jc7kA4tFsv
Rules
https://t.co/0k8gqZxHF9
#XZ #XZutil
Report
https://t.co/jc7kA4tFsv
Rules
https://t.co/0k8gqZxHF9
#XZ #XZutil
Malware Analysis - JS to PowerShell to XWorm with Binary Refinery - YouTube
We deobfuscate a JScript loader that downloads a powershell script, then we unpack the payload using Binary Refinery. We decrypt the configuration of the fin...
https://youtube.com/watch?v=5ZtmYNmVMKo
π@malwr
We deobfuscate a JScript loader that downloads a powershell script, then we unpack the payload using Binary Refinery. We decrypt the configuration of the fin...
https://youtube.com/watch?v=5ZtmYNmVMKo
π@malwr
YouTube
Malware Analysis - JS to PowerShell to XWorm with Binary Refinery
We deobfuscate a JScript loader that downloads a powershell script, then we unpack the payload using Binary Refinery. We decrypt the configuration of the final payload: XWorm.
Malware analysis courses: https://malwareanalysis-for-hedgehogs.learnworlds.com/coursesβ¦
Malware analysis courses: https://malwareanalysis-for-hedgehogs.learnworlds.com/coursesβ¦