Marius

@cybermariusf

Switzerland

Joined January 2012

1.2K Following

400 Followers

2.8K Posts

cybermariusf retweeted

about 1 month ago

Really nice paper on defeating evasive malware - huge kudos to the authors 👏🔥 In a nutshell: They use AI-generated instruction-skip YARA rules to automatically bypass evasions inside CAPE and expose hidden malware behavior 🤯 Also interesting: Joe Sandbox came out as the clear leader for malware family detection compared to the other sandbox platforms in their evaluation 🏆🦠 Great to see academic research using Joe Sandbox as a strong benchmark 💪 https://t.co/xCjhMMtJsI

joe4security's tweet photo. Really nice paper on defeating evasive malware - huge kudos to the authors 👏🔥

In a nutshell:

They use AI-generated instruction-skip YARA rules to automatically bypass evasions inside CAPE and expose hidden malware behavior 🤯

Also interesting: Joe Sandbox came out as the clear leader for malware family detection compared to the other sandbox platforms in their evaluation 🏆🦠

Great to see academic research using Joe Sandbox as a strong benchmark 💪

https://t.co/xCjhMMtJsI

2

56

18

33

13K

cybermariusf retweeted

2 months ago

🧵 From a "harmless" DLL to a fully reconstructed multi-stage #CobaltStrike Beacon. In our latest blog, we break down how we: 🔍 Uncovered a hidden multi-stage loader chain 🧠 Bypassed anti-sandbox domain checks 🛠️ Rebuilt dumped memory into runnable PE files 🌐 Reconstructed C2 comms & crypto 🎯 Extracted IOCs and linked the implant to known infrastructure A deep dive into loader reconstruction, memory forensics, protocol analysis, and attribution. Read it here: https://t.co/4PlAL20CK3 #MalwareAnalysis #ThreatIntel #DFIR #ReverseEngineering #InfoSec

joe4security's tweet photo. 🧵 From a "harmless" DLL to a fully reconstructed multi-stage #CobaltStrike Beacon.

In our latest blog, we break down how we:
🔍 Uncovered a hidden multi-stage loader chain
🧠 Bypassed anti-sandbox domain checks
🛠️ Rebuilt dumped memory into runnable PE files
🌐 Reconstructed C2 comms & crypto
🎯 Extracted IOCs and linked the implant to known infrastructure

A deep dive into loader reconstruction, memory forensics, protocol analysis, and attribution.

Read it here: https://t.co/4PlAL20CK3 #MalwareAnalysis #ThreatIntel #DFIR #ReverseEngineering #InfoSec

1

24

11

8

2K

cybermariusf retweeted

3 months ago

HWmonitor supply chain attack 🚨 (kudos to @OfficialPCMR 🙌) confirmed by Joe Reverser 🔍💻 https://t.co/OliZuw3WHr Stay cautious when downloading updates ⚠️📦 and always verify sources 🔐✅

joe4security's tweet photo. HWmonitor supply chain attack 🚨 (kudos to @OfficialPCMR 🙌) confirmed by Joe Reverser 🔍💻

https://t.co/OliZuw3WHr

Stay cautious when downloading updates ⚠️📦 and always verify sources 🔐✅ https://t.co/01Cyymygi4

0

24

12

12

2K

cybermariusf retweeted

6 months ago

Here is #VoidLink (kudos to @_CPResearch_ for the find) fully dissected by Joe Reverser: Stage 0: https://t.co/xtpZ9pmzKy Stage 1: https://t.co/MJvGaebd2R Rootkit: https://t.co/0i5Xib5MFf

joe4security's tweet photo. Here is #VoidLink (kudos to @_CPResearch_ for the find) fully dissected by Joe Reverser:

Stage 0: https://t.co/xtpZ9pmzKy
Stage 1: https://t.co/MJvGaebd2R
Rootkit: https://t.co/0i5Xib5MFf https://t.co/cFU0uA1lW3

2

38

20

11

3K

Who to follow

Verified account

@lightsilver323

Inc. 5000 CEO. Serial entrepreneur, proud #LMU alum. Talking about SAAS, marketing, tennis, @49ers, & my daughter’s tennis and gymnastics dominance 🎾🤸🏼

syntezia® sàrl

Strategy & Innovation boutique specialised in #AIAdvisory #SystemThinking #healthcare #Medtech #Greentech #Manufacturing #Mobility #RenewableEnergies #Biotech

Fabien Gatelier

@FabienGatelier

Joanne, Maïssa, Isia, Kubernetes, CI/CD, Gitops, GCP, Cloud Native, Agile, Drums, Africa, People, Power to the sun.

cybermariusf retweeted

8 months ago

🚨 New campaign: #Rhadamanthys #infostealer is being delivered by an in-browser fake Windows Update, abusing the Fullscreen API (on-click), and using #ClickFix-style lures to trick users: https://t.co/cUYTHJUDQo

joe4security's tweet photo. 🚨 New campaign: #Rhadamanthys #infostealer is being delivered by an in-browser fake Windows Update, abusing the Fullscreen API (on-click), and using #ClickFix-style lures to trick users:

https://t.co/cUYTHJUDQo https://t.co/4bJojVtsTl

1

59

16

20

9K

cybermariusf retweeted

12 months ago

🚀 Introducing what is likely the first MCP (Model Context Protocol) server to feature dynamic and static malware analysis! 🔍 Explore it here: https://t.co/yowcuOX9E1 🧠 Powered by Joe Sandbox #CyberSecurity #MalwareAnalysis #AI #ModelContextProtocol #DFIR #ThreatIntel

joe4security's tweet photo. 🚀 Introducing what is likely the first MCP (Model Context Protocol) server to feature dynamic and static malware analysis!

🔍 Explore it here: https://t.co/yowcuOX9E1
🧠 Powered by Joe Sandbox

#CyberSecurity #MalwareAnalysis #AI #ModelContextProtocol #DFIR #ThreatIntel https://t.co/4XLuyuFm01

0

74

19

37

6K

cybermariusf retweeted

over 2 years ago

Great Joe Sandbox catch of #Quishing (QR Code #Phishing)! Submit various file formats like PNG, JPEG, GIF, PDF, EML, MSG, and more. Live Interaction extracts the URL and opens it in Chrome automatically. https://t.co/rQZPMiUWXb

joe4security's tweet photo. Great Joe Sandbox catch of #Quishing (QR Code #Phishing)! Submit various file formats like PNG, JPEG, GIF, PDF, EML, MSG, and more. Live Interaction extracts the URL and opens it in Chrome automatically.
https://t.co/rQZPMiUWXb https://t.co/KYFkBbvc0Q

0

62

16

18

8K

cybermariusf retweeted

over 3 years ago

#Emotet is back, this time big and fat!!! Check-out the file size of this Office doc and Dll! https://t.co/HKXDcT3oax

joe4security's tweet photo. #Emotet is back, this time big and fat!!! Check-out the file size of this Office doc and Dll!

https://t.co/HKXDcT3oax https://t.co/elUPKTll13

0

12

10

0

1K

cybermariusf retweeted

over 4 years ago

Level UP! With Joe Sandbox, you can now perform deep malware analysis on an Win10 Analyzer connected to a real DC (Server 2019, no crappy EMU)! Checkout the blog post for all the use-cases and info: https://t.co/iJq0jz2a4F #malware #sigma #dfir #infosec

joe4security's tweet photo. Level UP! With Joe Sandbox, you can now perform deep malware analysis on an Win10 Analyzer connected to a real DC (Server 2019, no crappy EMU)! Checkout the blog post for all the use-cases and info:

https://t.co/iJq0jz2a4F

#malware #sigma #dfir #infosec https://t.co/8RJv4IfQHo

joe4security's tweet photo. Level UP! With Joe Sandbox, you can now perform deep malware analysis on an Win10 Analyzer connected to a real DC (Server 2019, no crappy EMU)! Checkout the blog post for all the use-cases and info:

https://t.co/iJq0jz2a4F

#malware #sigma #dfir #infosec https://t.co/8RJv4IfQHo

joe4security's tweet photo. Level UP! With Joe Sandbox, you can now perform deep malware analysis on an Win10 Analyzer connected to a real DC (Server 2019, no crappy EMU)! Checkout the blog post for all the use-cases and info:

https://t.co/iJq0jz2a4F

#malware #sigma #dfir #infosec https://t.co/8RJv4IfQHo

joe4security's tweet photo. Level UP! With Joe Sandbox, you can now perform deep malware analysis on an Win10 Analyzer connected to a real DC (Server 2019, no crappy EMU)! Checkout the blog post for all the use-cases and info:

https://t.co/iJq0jz2a4F

#malware #sigma #dfir #infosec https://t.co/8RJv4IfQHo

0

125

52

28

0

cybermariusf retweeted

almost 5 years ago

#CVE-2021-40444 (MS / IE Office ZeroDay, MSHTML, 4c80dc9fb7483214b1613957aae57e2a) -> hxxp[:]//hidusi[.]com/e8c76295a5f9acb7/ministry.cab -> #CobaltStrike: https://t.co/r9GOZNEj84 #malware #CVE #ZeroDay

joe4security's tweet photo. #CVE-2021-40444 (MS / IE Office ZeroDay, MSHTML, 4c80dc9fb7483214b1613957aae57e2a) -> hxxp[:]//hidusi[.]com/e8c76295a5f9acb7/ministry.cab -> #CobaltStrike: https://t.co/r9GOZNEj84 #malware #CVE #ZeroDay https://t.co/okqqWOHzt3

0

44

18

7

0

cybermariusf retweeted

almost 5 years ago

Here is one of the first #XLoader / #Formbook #malware (kudos to @_CPResearch_) containing #macOS support: https://t.co/biABFDVTRf #Dfir #infosec #security

joe4security's tweet photo. Here is one of the first #XLoader / #Formbook #malware (kudos to @_CPResearch_) containing #macOS support: https://t.co/biABFDVTRf

#Dfir #infosec #security https://t.co/gnTnRqZyLP

joe4security's tweet photo. Here is one of the first #XLoader / #Formbook #malware (kudos to @_CPResearch_) containing #macOS support: https://t.co/biABFDVTRf

#Dfir #infosec #security https://t.co/gnTnRqZyLP

joe4security's tweet photo. Here is one of the first #XLoader / #Formbook #malware (kudos to @_CPResearch_) containing #macOS support: https://t.co/biABFDVTRf

#Dfir #infosec #security https://t.co/gnTnRqZyLP

joe4security's tweet photo. Here is one of the first #XLoader / #Formbook #malware (kudos to @_CPResearch_) containing #macOS support: https://t.co/biABFDVTRf

#Dfir #infosec #security https://t.co/gnTnRqZyLP

1

14

9

1

0

cybermariusf retweeted

over 5 years ago

#GuLoader (dropping #formbook, #nanocore, #remcos, #agenttesla etc.) has updated its hammering loop from 11M to 268M instructions and added a new time source! If you want to bypass #sandboxes it is definitely the loader of choice! https://t.co/FTHFsMTNQf https://t.co/UNmDQzJiKy

joe4security's tweet photo. #GuLoader (dropping #formbook, #nanocore, #remcos, #agenttesla etc.) has updated its hammering loop from 11M to 268M instructions and added a new time source! If you want to bypass #sandboxes it is definitely the loader of choice! https://t.co/FTHFsMTNQf https://t.co/UNmDQzJiKy https://t.co/8PsY6dioYK

1

11

9

0

0

cybermariusf retweeted

over 5 years ago

Thanks to automated .NET decompliation Joe Sandbox detects the #SUNBURST backdoor in OrionImprovementBusinessLayer C# code! .NET decompliation is also applied to unpacked binaries: https://t.co/Huwf0NXRKo #malware #dfir #infosec

joe4security's tweet photo. Thanks to automated .NET decompliation Joe Sandbox detects the #SUNBURST backdoor in OrionImprovementBusinessLayer C# code! .NET decompliation is also applied to unpacked binaries: https://t.co/Huwf0NXRKo #malware #dfir #infosec https://t.co/9it9PjZYxW

2

34

18

2

0

cybermariusf retweeted

over 5 years ago

[Feature] We have successfully added memory dumping capabilities to Joe Sandbox - #macOS dynamic analysis! This enables customer Yara rules for unpacked code! https://t.co/uqRcdhJVk8 #malware #dfir #infosec

joe4security's tweet photo. [Feature] We have successfully added memory dumping capabilities to Joe Sandbox - #macOS dynamic analysis! This enables customer Yara rules for unpacked code! https://t.co/uqRcdhJVk8
#malware #dfir #infosec https://t.co/nf67YbXvVP

0

31

13

3

0

cybermariusf retweeted

almost 6 years ago

Recent #TrickBot is using some nice API hammering to evade #sandbox! Read more about how API hammering works in our latest blog post: https://t.co/zeNIhsSPF4 #malware #dfir #infosec #evasive

joe4security's tweet photo. Recent #TrickBot is using some nice API hammering to evade #sandbox! Read more about how API hammering works in our latest blog post: https://t.co/zeNIhsSPF4
#malware #dfir #infosec #evasive https://t.co/ATSibbB0pS

1

86

44

8

0

cybermariusf retweeted

almost 6 years ago

Fully automated Joe Sandbox X analysis of #EvilQuest #ransomware on Mac bare metal! Kudos to @objective_see for the cool blog post! https://t.co/s26bJcashJ #malware #DFIR #macOS

joe4security's tweet photo. Fully automated Joe Sandbox X analysis of #EvilQuest #ransomware on Mac bare metal! Kudos to @objective_see for the cool blog post!
https://t.co/s26bJcashJ #malware #DFIR #macOS https://t.co/cOOcE8uXyg

joe4security's tweet photo. Fully automated Joe Sandbox X analysis of #EvilQuest #ransomware on Mac bare metal! Kudos to @objective_see for the cool blog post!
https://t.co/s26bJcashJ #malware #DFIR #macOS https://t.co/cOOcE8uXyg

joe4security's tweet photo. Fully automated Joe Sandbox X analysis of #EvilQuest #ransomware on Mac bare metal! Kudos to @objective_see for the cool blog post!
https://t.co/s26bJcashJ #malware #DFIR #macOS https://t.co/cOOcE8uXyg

joe4security's tweet photo. Fully automated Joe Sandbox X analysis of #EvilQuest #ransomware on Mac bare metal! Kudos to @objective_see for the cool blog post!
https://t.co/s26bJcashJ #malware #DFIR #macOS https://t.co/cOOcE8uXyg

0

47

20

5

0

cybermariusf retweeted

about 6 years ago

#COVID19 is not only infecting your body but also your computer's #MBR 😈😈😈 - at least this #virus (ref https://t.co/pCB8Kol9Me). Guess what the "Remove virus" button is just fake 😂 https://t.co/TBa10Qh4vk #malware #dfir #infosec

joe4security's tweet photo. #COVID19 is not only infecting your body but also your computer's #MBR 😈😈😈 - at least this #virus (ref https://t.co/pCB8Kol9Me). Guess what the "Remove virus" button is just fake 😂

https://t.co/TBa10Qh4vk

#malware #dfir #infosec https://t.co/hqof02ymBq

0

4

4

0

0

cybermariusf retweeted

Alain Berset @alain_berset

over 6 years ago

Ensemble et solidaires. Et vous, que faites-vous? Racontez-le avec le hashtag #voicicommentnousprotéger et lancez le défi à trois autres personnes. Je défie @christarigozzi, @stressmusic et @rogerfederer. Et n’oubliez pas: restez le plus possible à la maison!

236

2K

510

9

0

cybermariusf retweeted

over 6 years ago

Interested in LOLBins? Here is an example maldoc using cmstp.exe (Connection Manager) 🔗https://t.co/lvRAvCSHVv 🔬https://t.co/h1apbU0f3e 🎁@joe4security https://t.co/OniB7yZxK9 See the excellent research by @oddvarmoe 🧠https://t.co/FwG5Acp6UF 😆🗃️https://t.co/Y6RWUKNuZA

JohnLaTwC's tweet photo. Interested in LOLBins? Here is an example maldoc using cmstp.exe (Connection Manager)
🔗https://t.co/lvRAvCSHVv
🔬https://t.co/h1apbU0f3e
🎁@joe4security https://t.co/OniB7yZxK9

See the excellent research by @oddvarmoe
🧠https://t.co/FwG5Acp6UF
😆🗃️https://t.co/Y6RWUKNuZA https://t.co/Sef126wN4i

JohnLaTwC's tweet photo. Interested in LOLBins? Here is an example maldoc using cmstp.exe (Connection Manager)
🔗https://t.co/lvRAvCSHVv
🔬https://t.co/h1apbU0f3e
🎁@joe4security https://t.co/OniB7yZxK9

See the excellent research by @oddvarmoe
🧠https://t.co/FwG5Acp6UF
😆🗃️https://t.co/Y6RWUKNuZA https://t.co/Sef126wN4i

JohnLaTwC's tweet photo. Interested in LOLBins? Here is an example maldoc using cmstp.exe (Connection Manager)
🔗https://t.co/lvRAvCSHVv
🔬https://t.co/h1apbU0f3e
🎁@joe4security https://t.co/OniB7yZxK9

See the excellent research by @oddvarmoe
🧠https://t.co/FwG5Acp6UF
😆🗃️https://t.co/Y6RWUKNuZA https://t.co/Sef126wN4i

JohnLaTwC's tweet photo. Interested in LOLBins? Here is an example maldoc using cmstp.exe (Connection Manager)
🔗https://t.co/lvRAvCSHVv
🔬https://t.co/h1apbU0f3e
🎁@joe4security https://t.co/OniB7yZxK9

See the excellent research by @oddvarmoe
🧠https://t.co/FwG5Acp6UF
😆🗃️https://t.co/Y6RWUKNuZA https://t.co/Sef126wN4i

3

207

94

37

0

cybermariusf retweeted

over 6 years ago

You don't have a Malware Analysis Lab, but want one? Check-out Joe Lab - the Industry's first Cloud based Malware Analysis Lab built for CERTs, CIRTs, SOCs and malware analysts: https://t.co/TZnASj2M1D #dfir #infosec #LAB

joe4security's tweet photo. You don't have a Malware Analysis Lab, but want one? Check-out Joe Lab - the Industry's first Cloud based Malware Analysis Lab built for CERTs, CIRTs, SOCs and malware analysts: https://t.co/TZnASj2M1D #dfir #infosec #LAB https://t.co/92Dwd8VJJi

0

11

9

3

0

Last Seen Users on Sotwe

Trends for you

Most Popular Users