New Malicious PyPI Packages used by Lazarus
JPCERT/CC has confirmed that Lazarus has released malicious Python packages to PyPI, the official Python package repository...
https://blogs.jpcert.or.jp/en/2024/02/lazarus_pypi.html
๐@malwr
JPCERT/CC has confirmed that Lazarus has released malicious Python packages to PyPI, the official Python package repository...
https://blogs.jpcert.or.jp/en/2024/02/lazarus_pypi.html
๐@malwr
JPCERT/CC Eyes
New Malicious PyPI Packages used by Lazarus - JPCERT/CC Eyes
JPCERT/CC has confirmed that Lazarus has released malicious Python packages to PyPI, the official Python package repository (Figure 1). The Python packages confirmed this time are as follows: * pycryptoenv * pycryptoconf * quasarlib * swapmempool The packageโฆ
Quick Forensics Analysis of Apache logs - SANS Internet Storm Center
Quick Forensics Analysis of Apache logs, Author: Xavier Mertens
https://isc.sans.edu/diary/30792
๐@malwr
Quick Forensics Analysis of Apache logs, Author: Xavier Mertens
https://isc.sans.edu/diary/30792
๐@malwr
SANS Internet Storm Center
Quick Forensics Analysis of Apache logs - SANS ISC
Quick Forensics Analysis of Apache logs, Author: Xavier Mertens
๐1
In-the-Wild Windows LPE 0-days: Insights & Detection Strategies โ Elastic Security Labs
This article will evaluate detection methods for Windows local privilege escalation techniques based on dynamic behaviors analysis using Elastic Defend features.
https://www.elastic.co/security-labs/itw-windows-lpe-0days-insights-and-detection-strategies
๐@malwr
This article will evaluate detection methods for Windows local privilege escalation techniques based on dynamic behaviors analysis using Elastic Defend features.
https://www.elastic.co/security-labs/itw-windows-lpe-0days-insights-and-detection-strategies
๐@malwr
www.elastic.co
In-the-Wild Windows LPE 0-days: Insights & Detection Strategies โ Elastic Security Labs
This article will evaluate detection methods for Windows local privilege escalation techniques based on dynamic behaviors analysis using Elastic Defend features.
Advanced CyberChef Techniques for Configuration Extraction - Detailed Walkthrough and Examples
Advanced CyberChef techniques using Registers, Regex and Flow Control
https://embee-research.ghost.io/advanced-cyberchef-operations-netsupport/
๐@malwr
Advanced CyberChef techniques using Registers, Regex and Flow Control
https://embee-research.ghost.io/advanced-cyberchef-operations-netsupport/
๐@malwr
Embee Research
Advanced CyberChef Techniques For Malware Analysis - Detailed Walkthrough and Examples
Advanced CyberChef techniques using Registers, Regex and Flow Control
Android Malware Vultur Expands Its Wingspan โ Fox-IT International blog
Authored by Joshua Kamp Executive summary The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim's mobile device. Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that areโฆ
https://blog.fox-it.com/2024/03/28/android-malware-vultur-expands-its-wingspan/
๐@malwr
Authored by Joshua Kamp Executive summary The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim's mobile device. Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that areโฆ
https://blog.fox-it.com/2024/03/28/android-malware-vultur-expands-its-wingspan/
๐@malwr
Fox-IT International blog
Android Malware Vultur Expands Its Wingspan
Authored by Joshua Kamp Executive summary The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely intโฆ
[Nullcon Berlin 2024] The complexity of reversing Flutter applications
Flutter is a cross-platform application development platform. With the same codebase, developers write and compile native applications for Android,...
https://filestore.fortinet.com/fortiguard/research/nullcon.pdf
๐@malwr
Flutter is a cross-platform application development platform. With the same codebase, developers write and compile native applications for Android,...
https://filestore.fortinet.com/fortiguard/research/nullcon.pdf
๐@malwr
Keylogging in the Windows kernel with undocumented data structures // eversinc33
https://eversinc33.com/posts/kernel-mode-keylogging/
๐@malwr
https://eversinc33.com/posts/kernel-mode-keylogging/
๐@malwr
โค1
Forwarded from CVE Notify
๐จ CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0.
Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
๐@cveNotify
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0.
Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
๐@cveNotify
๐ฑ2๐1
Mindmap/Tools at main ยท Ignitetechnologies/Mindmap ยท GitHub
Red Team & Blue Team Tools Cheat Sheet
https://github.com/Ignitetechnologies/Mindmap/tree/main/Tools
๐@malwr
Red Team & Blue Team Tools Cheat Sheet
https://github.com/Ignitetechnologies/Mindmap/tree/main/Tools
๐@malwr
GitHub
Mindmap/Tools at main ยท Ignitetechnologies/Mindmap
This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them - Ignitetechnologies/Mindmap
https://x.com/cyb3rops/status/1774024044288806987?t=AW9VZPEFKraSXuUYraPfug
https://github.com/Neo23x0/signature-base/blob/master/yara/bkdr_xz_util_cve_2024_3094.yar
๐@malwr
https://github.com/Neo23x0/signature-base/blob/master/yara/bkdr_xz_util_cve_2024_3094.yar
๐@malwr
X (formerly Twitter)
Florian Roth โก๏ธ (@cyb3rops) on X
Here is my first set of #YARA rules to detect the backdoored XZ packages
Report
https://t.co/jc7kA4tFsv
Rules
https://t.co/0k8gqZxHF9
#XZ #XZutil
Report
https://t.co/jc7kA4tFsv
Rules
https://t.co/0k8gqZxHF9
#XZ #XZutil
Malware Analysis - JS to PowerShell to XWorm with Binary Refinery - YouTube
We deobfuscate a JScript loader that downloads a powershell script, then we unpack the payload using Binary Refinery. We decrypt the configuration of the fin...
https://youtube.com/watch?v=5ZtmYNmVMKo
๐@malwr
We deobfuscate a JScript loader that downloads a powershell script, then we unpack the payload using Binary Refinery. We decrypt the configuration of the fin...
https://youtube.com/watch?v=5ZtmYNmVMKo
๐@malwr
YouTube
Malware Analysis - JS to PowerShell to XWorm with Binary Refinery
We deobfuscate a JScript loader that downloads a powershell script, then we unpack the payload using Binary Refinery. We decrypt the configuration of the final payload: XWorm.
Malware analysis courses: https://malwareanalysis-for-hedgehogs.learnworlds.com/coursesโฆ
Malware analysis courses: https://malwareanalysis-for-hedgehogs.learnworlds.com/coursesโฆ
Debugging Stop 0xCE โ DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS | Machines Can Think
DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS (ce)A driver unloaded without cancelling timers, DPCs, worker threads, etc.The broken driver's name is displayed on the screen and saved inKiBugCheckDriver.Arguments:Arg1: fffff805c5bc8597, memory referencedArg2: 0000000000000010, value 0 = read operation, 1 = write operationArg3: fffff805c5bc8597, If non-zero, the instruction address which referenced the bad memory address.Arg4: 0000000000000000, Mm internal code. The bugcheck parameters areโฆ
https://bsodtutorials.wordpress.com/2024/03/26/debugging-stop-0xce-driver_unloaded_without_cancelling_pending_operations/
๐@malwr
Machines Can Think
Debugging Stop 0xCE โ DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS
DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS (ce)A driver unloaded without cancelling timers, DPCs, worker threads, etc.The broken driverโs name is displayed on the screen and saved โฆ
Malware Spotlight: Linodas aka DinodasRAT for Linux
https://research.checkpoint.com/2024/29676/
๐@malwr
https://research.checkpoint.com/2024/29676/
๐@malwr
Check Point Research
Malware Spotlight: Linodas aka DinodasRAT for Linux - Check Point Research
Introduction In recent months, Check Point Research (CPR) has been closely monitoring the activity of a Chinese-nexus cyber espionage threat actor who is focusing on Southeast Asia, Africa, and South America. This activity significantly aligns with the insightsโฆ
โค1๐1
From OneNote to RansomNote: An Ice Cold Intrusion
Key Takeaways We provide a range of services, one of which is our Threat Feed, specializing in monitoring Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, Viper, Mythic, Havoc, โฆ
https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/
๐@malwr
Key Takeaways We provide a range of services, one of which is our Threat Feed, specializing in monitoring Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, Viper, Mythic, Havoc, โฆ
https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/
๐@malwr
๐1
Return Oriented Programming โ ret2win โ ROP Emporium โ RingBuffer's Blog
A detail guide on how to capture the flag using return oriented programming buffer overflow challenge on ROP Emporium.
https://vandanpathak.com/kernels-and-buffers/return-oriented-programming-ret2win-rop-emporium/
๐@malwr
A detail guide on how to capture the flag using return oriented programming buffer overflow challenge on ROP Emporium.
https://vandanpathak.com/kernels-and-buffers/return-oriented-programming-ret2win-rop-emporium/
๐@malwr
RingBuffer's Blog
ROP Challenge โ Exploiting ret2win Binary โ RingBuffer's Blog
A detail guide on how to capture the flag using return oriented programming buffer overflow challenge on ROP Emporium.