https://t.co/xsI8cFmVWx Little experiment about reusing Windows Defender built-in unpackers, mostly for fun (based on the very useful @taviso's loadlibrary)
We had a blast at #botconf last week! During the lightning talks session we gave a brief presentation about malware config extraction using malduck🦆. As an additional treat, we've also open-sourced a few of our internal modules: https://t.co/AlhmIbCV6T.
I tried to make sense of the backdoor mechanism this time and summarized it in a one-page overview. 😵💫
There's obviously more technical detail to uncover, but you'll get a general understanding of the complexity and the stealthy mechanisms used to remain undetected. 🧐
Thanks to @AndresFreundTec for his insight into this and a shoutout to these researchers if you want to learn more about the backdoor 🙏👇
- https://t.co/bLp4S0wpgC by SMX
- https://t.co/KC4ivTonF8 by @FiloSottile
- https://t.co/0byezgfiGJ by @amlweems
- https://t.co/9JjwBtVLlP by Karchem
- https://t.co/LWyx8f1eH1 by Russ Cox
- https://t.co/Q6vou6AfQD by 0xlane
And of course, all the others previously mentioned and those who contributed to the analysis. #xz #infosec
📢Big announcement: After months of work, with my partner in crime @Cyb3rWard0g, we created a masterclass that will teach you how to build your threat intelligence arsenal with Python and Generative AI 🚀
✨Our goal was to create something unique, innovative, and super practical! Through this training, we want to share our way of working, our mindset, and our experience working in the field for more than 10 years!
🤩Our training has been selected at @BlackHatEvents, and we will be teaching it this summer! We have limited seats! But stay tuned for future date announcement!
👉More info: https://t.co/u0gefxzRLl
.NET Hooking - Harmonizing Managed Territory CP<r> provides a walk through the .NET hooking using the #Harmony library
🛠️ Common Examples of Implementation
💪 Defeating the #ConfuserEx2 string obfuscation
⚠️ Harmony hooking from the #dnSpyEx context
https://t.co/kRPvZDYyRW
In the spirit of "this talk could've been a tweet", I just pushed a button:
#BinDiff is now open source.
- Snapshot release, no major new functionality
- Release binaries later today or tomorrow
- This is my 20% and I won't we able to act on PRs until end of Q4 (OOO traveling)
Just released a major update for DotDumper for @TrellixARC at @BlackHatEvents at the @ToolsWatch Arsenal! Unmanaged hooks are now supported, as well as a graphical user interface to create and search through DotDumper's JSON logs. Read all about it here: https://t.co/LBwNrKLhEw
The slides https://t.co/c77SpAoCDO and video https://t.co/8WpHENc1Og of my #Botconf talk about #IronTiger TTPs are online. I discuss recent infection vectors (supply chain attack), the evolution of their malware toolkit and targeting, and our attribution methodology #APT#APT27
🤗I've written a book! Let me introduce you "Visual Threat Intelligence"
You can register now to stay updated on its release and learn more about it in the link below. I really hope you'll like it! 🥹 #VisualThreatIntelligence#infosec#threatintel
👉https://t.co/REm5TuDRLu
Want to learn how #malware evades defenses and analysis tools? You can pre-order my new book "Evasive Malware" at Barnes & Noble for 25%-off (through 28 April)🥳
Use promo code "PREORDER25" when ordering.
https://t.co/G1GDaKNFyo
After a year to work on this version, with @tomchop_ we are proud to annonce a new version of Yeti 🤩🤩🤩
the changes are explained here: https://t.co/y3k2ptgUqo
and to test this new version it's here !
https://t.co/kwYSoVNo9F
#CTI#python#threatintel
Mon exploit pour la RCE non-authentifiée sur Covenant a enfin été publié par Exploit-DB (lien en bas du blog 🐦)
Il s'inscrit dans la suite de challenge que j'ai réalisé pour la DG'hAck. Le détail de l'exploitation et le WU de mon challenge sont dispo :
https://t.co/IHKVXku6IA
I hacked into a @Bing CMS that allowed me to alter search results and take over millions of @Office365 accounts.
How did I do it? Well, it all started with a simple click in @Azure… 👀
This is the story of #BingBang 🧵⬇️
🧐Two new anti-debugging techniques have been added by Alex Schwarz including code snippets! Find out more on the #UnprotectProject pages! 👇 cf: @DarkCoderSc#infosec#malware
1⃣https://t.co/dlpFxy6JgM
2⃣https://t.co/HLejAkr95V
.@Volexity details how to use #memoryanalysis to detect EDR-nullifying malware. This latest blog post uses the #AVBurner malware, first documented by @TrendMicro, as an example. Read more here: https://t.co/fai8oJihOJ
#dfir#threatintel
I am happy to release a new malware analysis tool.
VISION-Process.
A fast and cross platform Procmon visualization application written in Rust & TS.
https://t.co/M3GBy3Udb7
An demo with QBOT :
https://t.co/MruSaVYG2H
Happy Hunting !
@pr0xylife#DFIR