in this blog i wrote an agent development kit called nova which allows for a single definition of Team objects where it gets a planner, runner, synthesiser, and report. this enables a micro-teams workflow which is explored in the blog too: https://t.co/uTQcY6Sp4f
I saw an Akamai blog float by, and they used a "Windows Binaries Vectorstore" to semantically search for samples impacted by a CVE. I hadn't seen this logic before, so I built a pipeline to look for clusters/similarities in malware: https://t.co/5IjslUUQFH
Pushed my update to Citadel which has a ton of QOL and UI updates, as well as better analysis, more datapoints, and some data-driven classifications: https://t.co/N4cyEp9lyL
1/2 Over the past few weeks I've used the EMBER2024 model to try and figure out how to make implants less likely to be hit by ML. I wrote about the process here: https://t.co/9ys82E53cL
Under-the-hood, Ember uses LightGBM to score a sample from 0 to 1. I added this functionality into Citadel so any binaries added to the framework are now summarised and scored as well as the rest of the Citadel analysis. Read it here: https://t.co/jxxbFJkMNM
Impressive analysis of goodware and malware static artifacts, identifying some gaps offensive devs fall into during the development process.
Research conducted by Michael Ranaldo (@michaeljranaldo) and Brandon (@__mez0__) of @preemptdev. Great work, gents!
Side note: binary collection is relatively small (due to challenges in collecting process), but statistical conclusions are nevertheless worth exploring.
https://t.co/OAN1q8h8Su
#redteam #blueteam #maldev #malwaredevelopment
🧵 since the rise of AI, we’ve seen a lot of people pick up papers and not really understand how to read them. In my experience, I’ve found the Birds Eye approach the easiest. You don’t need to sit and read it end to end immediately 1/3
We procrastinated this for a few months, but ember 2024 released inspired us to pick this back up. Right now, it’s just exploratory of our dataset and idea, we’ll do more in the future ❤️cc: @MichaelJRanaldo@preemptdev
Last summer we spent some time collecting both benign and malicious applications. We picked it back up and put together a preliminary exploration of that dataset: https://t.co/KbuOMroAV9
I put together a blog on LLMs and RAGs for offsec. A particular usecase I found interesting was ingesting engagement data like Confluence, Jira, etc, and asking things like "How does X onboard new starters"? The backend LLM really varied the responses, though.
I wanted an excuse to play with an LLM API and ended up using ChatGPT to categorise a ton of WinAPI functions to (kind of) expand on https://t.co/IfZTrOWCYi. Here is the post: https://t.co/exKKNEbGVm
Next week, @michaeljranaldo and I will be talking @steel_con where we will be going over our analysis of malware, goodware, and "winware" to help operators build better payloads, or 'statistically average binaries' 🤖
Somehow all of our blog images died on Gitbook, we've gone back through and fixed them. Some of the older ones are still broken but the Maelstrom series is fixed. With that said, are there any other series of blogs that would be of interest? 👀👀 https://t.co/VihXzRt7Xg
[BLOG POST] And as promised, this is a brief article the describing the technique used within SilentMoonwalk. Might be a good weekend read!
https://t.co/FUnW2Ca6VP
The Maelstorm C2 Series has been summarised: https://t.co/WaZoAs1ct5
We don't have time at the moment to carry on with the series, so we put it all together in one place. However, let us know if there are any gaps you think we could expand on and we could pick it back up!
In the second part of the memory scanners #blog post from @__mez0__, learn how to determine if threads contain nefarious qualities.
https://t.co/nYHHNdxkiX