Olivia
Online
Adam
@malworms
IDA pro enthusiast, malware reverser, addicted to Rocket League.
@PwC_uk Threat Intelligence.
All views my own.
Joined August 2020
61 Following
289 Followers
44 Posts
Google's Nino Isakovic analyses the ScatterBrain obfuscator, used on POISONPLUG variants. ScatterBrain appears to be a substantial evolution of ScatterBee, an obfuscating compiler previously analysed by PWC. https://t.co/E9FU3eokgl
Ever wonder how attackers use advanced tools to evade detection?
Mandiant analyzes #ScatterBrain, an obfuscator in the POISONPLUG.SHADOW backdoor, which is used by China-nexus actors.
Learn how we’re unmasking these sophisticated threats.
Read more: https://t.co/5vwYoEBwjz
For anyone using Binary Ninja and wanting to use Mandiant's ShellcodeHashes IDA plugin-I ported a basic version of the IDA plugin to Binary Ninja:
https://t.co/4CIM7QwfbP
Known limitations - No GUI, no support for searching memory constants - but it works well for most use cases
We've got TWO roles open in Australia! Looking for both tech and strat threat intel analysts. Come work with all the awesome folks on the #pwc TI team. Bonus: Witness firsthand the epic banter between me and @pewpew_lazors.
https://t.co/pHIhEkwPog
https://t.co/M211FbxPdm
Who to follow
Igor Kuznetsov 
@2igosha
Reverse engineering, soldering, programming, digital forensics & random stuff | Director @ Kaspersky GReAT | Tweets are my own
Daniel Lunghi
@thehellu
Threat researcher @trendai_RSRCH mostly focused on #APT
Steve YARA Synapse Miller
@stvemillertime
AI threat intelligence @google
writing & sharing on adversary tradecraft, malware, threat detection, AI-nexus intel and all things #yara
Step 1: open a binary in IDA and press F5
Step 2: paste the decompiled code into OpenAI's chatbot
Someone's job just got way easier.
#flareon9 Pre-registration is now live! https://t.co/b0uJiVMBMi
@c3rb3ru5d3d53c Looks very much like the technique lockbit is currently using to me 🧐
@fr0gger_ Alt+F7 feels like a bit of an omission. Used way more by me than most on this list...
@cyberoverdrive @PwC @MITREattack @rfackroyd @eral4m We're hiring for our #detectionengineering team. If you would like to join the team that helped produce this annex, the main report, and does so much more, then visit https://t.co/lwuvtHiLjm
PwC is seeking a Cyber - Global Threat Intelligence - Technical Analyst - Sr Associate based in the Remote area. For more details, visit the listing. #ninjajobs #hiring #cybersecurity https://t.co/OIjnF3FiGb
This is cure to so much pain.
Recently uploaded ShadowPad #malware (6e99974b8d421f8923fc132487d7da0d22c5e0fa1940494f312f9c9389c3f4ca) uses C2 login[.]onesigh[.]com. The Root module is from November 2020. Working on ShadowPad? DMs are open for collaboration #threatintel
PwC is seeking a Threat intelligence / malware analyst based in the US / NL / DE area. For more details, visit the listing. #ninjajobs #hiring #cybersecurity https://t.co/jMN0KjiZD0
I never knew I needed this article until now
https://t.co/NehYwJoGA6
What the heck is Shikata ga nai?
Nothing can be done but spit out a thread
@zcracga Thanks a lot!
For anyone interested in some #ShadowPad research- https://t.co/lQ4nlBFBXK
https://t.co/PuUIlH4mht
Takes a deep dive into the #ScatterBee (aka #ShadowShredder, #PoppingBee) packing mechanism used by some ShadowPad variants and has scripts to enable static analysis of the payloads
@LloydLabs Thanks mate, was a fun one to work through.
extra - IDA determines if a binary is Golang or not only by the presence of the Go build string. The build string does not need to be correctly formed, just finding space in the .text section with enough CC alignment and pasting that string in lets IDA work properly @HexRaysSA
If you are reversing latest #Hive #Ransomware (written in GO) be careful about intentionally missing "Go build ID" string in compiled binary - latest IDA 7.6 will not treat it as GO compiled binary and no func will be recognized (Patch it -> Load it -> Patch it back).🙏😉
In case you missed it, we recently released Season 1 of “Igor’s tip of the week” blog posts in PDF format (All 52 of them!). We hope you find it useful!
Check it out : https://t.co/cPy0hT07YV
#HexRays #Igorstipoftheweek #IDA #ReverseEngineering
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers