у него там в твиттере кстати куча ссылок на малварь в гугл плей, можете качать/смотреть
rat на го
https://www.intezer.com/blog/research/operation-electrorat-attacker-creates-fake-companies-to-drain-your-crypto-wallets/
качать
https://bazaar.abuse.ch/browse/tag/ElectroRAT/
https://www.intezer.com/blog/research/operation-electrorat-attacker-creates-fake-companies-to-drain-your-crypto-wallets/
качать
https://bazaar.abuse.ch/browse/tag/ElectroRAT/
Intezer
ElectroRAT: Attacker Creates Fake Companies to Drain Crypto Wallets
Wide-spread campaign already with thousands of victims promotes trojanized applications on niche cryptocurrency forums and social media.
Order of Six Angles
rat на го https://www.intezer.com/blog/research/operation-electrorat-attacker-creates-fake-companies-to-drain-your-crypto-wallets/ качать https://bazaar.abuse.ch/browse/tag/ElectroRAT/
Twitter
Avigayil Mechtinger
[1/7] Operation #ElectroRAT is a new campaign that takes sizable measures to steal crypto wallets. For more information about the operation - https://t.co/CWLnOevKir The following is a technical analysis-> @IntezerLabs
Таких статей и так много, но я думаю лишним не будет. Лично я стараюсь все руками собрать.
Building a Custom Malware Analysis Lab Environment
https://labs.sentinelone.com/building-a-custom-malware-analysis-lab-environment/
Building a Custom Malware Analysis Lab Environment
https://labs.sentinelone.com/building-a-custom-malware-analysis-lab-environment/
SentinelOne
Building a Custom Malware Analysis Lab Environment - SentinelLabs
Building the right malware analysis lab is the first step for every researcher. Use this guide and download our free custom tools to aid your research.
NTFS Remote Code Execution (CVE-2020-17096) Analysis
https://blog.zecops.com/vulnerabilities/ntfs-remote-code-execution-cve-2020-17096-analysis/
https://blog.zecops.com/vulnerabilities/ntfs-remote-code-execution-cve-2020-17096-analysis/
Jamf
Jamf Threat Labs | Blog
Order of Six Angles
Таких статей и так много, но я думаю лишним не будет. Лично я стараюсь все руками собрать. Building a Custom Malware Analysis Lab Environment https://labs.sentinelone.com/building-a-custom-malware-analysis-lab-environment/
обычно у меня стоит
dnSpy
ilSpy
de4dot
ssdeep
trid
yara
pebear
pestudio
peview
PPEE(puppy)
impfuzzy/imphash
binary ninja
ida pro
capa
windbg
x64dbg
HxD
process hacker
regshot
api monitor
sysinternals
floss
pe-sieve
resource hacker
wireshark
inetsim
office/foxit reader/chrome
Explorer Suite
+какие-то свои скрипты
Очень минимальный набор, но вроде хватает))
dnSpy
ilSpy
de4dot
ssdeep
trid
yara
pebear
pestudio
peview
PPEE(puppy)
impfuzzy/imphash
binary ninja
ida pro
capa
windbg
x64dbg
HxD
process hacker
regshot
api monitor
sysinternals
floss
pe-sieve
resource hacker
wireshark
inetsim
office/foxit reader/chrome
Explorer Suite
+какие-то свои скрипты
Очень минимальный набор, но вроде хватает))
и есть еще вот такая мини статья
https://zero2auto.com/2020/06/14/setting-up-a-malware-analysis-environment/
https://zero2auto.com/2020/06/14/setting-up-a-malware-analysis-environment/
Zero2Automated Blog
Setting Up a Malware Analysis Environment
Inside our Zero2Automated course, we didn’t really cover how to setup a proper malware analysis environment as it is more of an advanced course rather than a beginner course. However, we had …
еще раньше была локальная cuckoo sandbox, но опять ставить ее просто лень
A PowerShell script that attempts to help malware analysts hide their VMware Windows VM's from malware that may be trying to evade analysis.
https://github.com/d4rksystem/VMwareCloak
https://github.com/d4rksystem/VMwareCloak
GitHub
GitHub - d4rksystem/VMwareCloak: A PowerShell script that attempts to help malware analysts hide their VMware Windows VM's from…
A PowerShell script that attempts to help malware analysts hide their VMware Windows VM's from malware that may be trying to evade analysis. - d4rksystem/VMwareCloak
Order of Six Angles
Охуенная ваще табличка, да и самого автора знаю, тоже охуенный чел)) Это он кстати недавно линукс вирус выкладывал (https://t.me/OrderOfSixAngles/855) И блог у него классный https://www.guitmz.com/
Этот чувак также публиковал в своем блоге, который я скидывал, статью про криптор
https://www.guitmz.com/linux-elf-runtime-crypter/
И теперь его тулзу используют апт
https://www.bleepingcomputer.com/news/security/linux-malware-authors-use-ezuri-golang-crypter-for-zero-detection/amp/?__twitter_impression=true
https://www.guitmz.com/linux-elf-runtime-crypter/
И теперь его тулзу используют апт
https://www.bleepingcomputer.com/news/security/linux-malware-authors-use-ezuri-golang-crypter-for-zero-detection/amp/?__twitter_impression=true
Guitmz
Linux ELF Runtime Crypter
Ezuri: A Simple Linux ELF Runtime Crypter Using memfd_create Syscall
Order of Six Angles
zeppelin ransomware скачать https://bazaar.abuse.ch/sample/442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024/
GitHub
GitHub - LloydLabs/go-malwarebazaar: MalwareBazaar public API bindings for Go
MalwareBazaar public API bindings for Go. Contribute to LloydLabs/go-malwarebazaar development by creating an account on GitHub.
Order of Six Angles
Этот чувак также публиковал в своем блоге, который я скидывал, статью про криптор https://www.guitmz.com/linux-elf-runtime-crypter/ И теперь его тулзу используют апт https://www.bleepingcomputer.com/news/security/linux-malware-authors-use-ezuri-golang-crypter…
еще по теме
https://blog.aquasec.com/fileless-malware-container-security?hs_amp=true
https://mobile.twitter.com/TheHackersNews/status/1347552871860948994
https://cybersecurity.att.com/blogs/labs-research/malware-using-new-ezuri-memory-loader
https://twitter.com/ESETresearch/status/1321246274570620929?s=19
https://blog.aquasec.com/fileless-malware-container-security?hs_amp=true
https://mobile.twitter.com/TheHackersNews/status/1347552871860948994
https://cybersecurity.att.com/blogs/labs-research/malware-using-new-ezuri-memory-loader
https://twitter.com/ESETresearch/status/1321246274570620929?s=19
The malware analyst’s guide to aPLib decompression
https://0xc0decafe.com/malware-analysts-guide-to-aplib-decompression/
https://0xc0decafe.com/malware-analysts-guide-to-aplib-decompression/
0Xc0Decafe
The malware analyst’s guide to aPLib decompression
From l0w to h1gh level - full stack cyber!
Order of Six Angles
Weaponizing Nim for implant development and general offensive operations https://github.com/byt3bl33d3r/OffensiveNim
еще по теме
Bypassing Windows protection mechanisms & Playing with OffensiveNim
https://s3cur3th1ssh1t.github.io/Playing-with-OffensiveNim/
Open-Source PE Packer
https://github.com/phra/PEzor
Bypassing Windows protection mechanisms & Playing with OffensiveNim
https://s3cur3th1ssh1t.github.io/Playing-with-OffensiveNim/
Open-Source PE Packer
https://github.com/phra/PEzor
s3cur3th1ssh1t.github.io
Bypassing Windows protection mechanisms & Playing with OffensiveNim | S3cur3Th1sSh1t
In this post I’m telling a short story from an environment I faced some time ago and how to handle the situation bypassing Constrained Language Mode and Appl...
💀 Под конец прошлого года я поучаствовал в записи подкаста, надеюсь он когда-нибудь отредактируется и выйдет )) 💀