9685
Group for Malware Analysts. Pinned message with resources and rules: https://t.me/MalwareResearch/38033
Blog alert!
In this one, I go into great detail about how malware walks the Process Environment Block (PEB) to find particular DLLs and parses their export table to find address of functions. I also walk through a real-world implementation of this technique in Phobos ransomware.
Blog link: https://nikhilh-20.github.io/blog/peb_phobos_ransomware/
While this technique has been around for a while, I think people getting into malware analysis (or veterans who might need a refresher) can use this info to quickly understand this obfuscation technique. There's lots of WinDbg and PEB internals info in there!
#windows #malware #analysis #obfuscation
https://youtu.be/ttZ48hu6xjQ?si=VW0eSCwKVmx0nrv0
Читать полностью…
hey very nice bud! i noticed you mainly focus on windows binaries, will you be doing any series that are android focused?
Читать полностью…
it is .NET based .. dll file and usually with 2 classes .. 1 used to register and un register COM objects.. the other is heavily obfuscated .. i tried with de4dot but failed
Читать полностью…
My latest malware analysis video is up! 🔥 ⚔
Enjoy!
https://youtu.be/i791bZiJC7M
#cybersecurity #malwareanalysis
I have a malicious byte array that is injected into a process. Anybody good at reverse engineering malware that would be interested in helping? I got stuck when I noticed in the disassembly that there is XOR encryption. I don't have any background or previous experience in malware analysis
Читать полностью…
Hello @Pomipom, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
Reported Camaron [ LOOK BIO ] [5680038758] to admins.
that also wrt to what suits you easier for your work
Читать полностью…
I have a quick question what kind of platform do yall use to hack because i am stuck at linux and i want to upgrade
Читать полностью…
and if you are lost... you need to study a lot more
Читать полностью…
Hello @Bilben0503, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
Hello @dub314, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
sample: d4e4c4e495d9462dc8a283e87406c908bbe4504957b64a18ba3406c818a640e1
https://www.virustotal.com/gui/file/d4e4c4e495d9462dc8a283e87406c908bbe4504957b64a18ba3406c818a640e1
Guys anyone heared about Jalapeno trojan and analysed it?
Читать полностью…
https://gchq.github.io/CyberChef/#recipe=XOR(%7B'option':'Hex','string':''%7D,'Standard',false)
try to decrypt the XOR encryption?
https://chatgpt.com/share/66e731bb-c064-8003-8895-978f3aa3c6d4
Читать полностью…
Hello @AlePer55Pet, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: Camaron [ LOOK BIO ]
User ID: 5680038758
Reason: no spam
Hey there, recently I wrote a browser extension which aims to block basic HTML smuggling attacks. If you have any feedback please create a PR directly, this is a beta version though which works on Chrome/Edge on Windows/Mac OS. Thanks!
https://x.com/RandomDhiraj/status/1834693580276793824
I don't think u have to go on updating platform but if u would like to try distributions u must try black arch, kali, tails
Читать полностью…
New FedBan
Fed: Libra's Empire
FedAdmin: alex 27
User: Мария
User ID: 5347459189
Reason: None given.
New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: A.B
User ID: 7475824905
Reason: stay on topic next time, this is no place for skid questions
at its basic, this is how a simple login looks like
source: https://appriver.com/resources/blog/february-2021/token-based-authentication-what-it-and-how-it-works