9687
Group for Malware Analysts. Pinned message with resources and rules: https://t.me/MalwareResearch/38033
User Gennadiy has 1/3 warnings; be careful!
Reason:
English only and stay on topic. COVID is not malware
Cyber Threat Intelligence & Threat Hunting
/channel/cyberthreat_intel
User 0x876008c67af has 2/3 warnings; be careful!
Reason:
no advertising and stay on topic
https://securityintelligence.com/x-force/hunting-evidence-dll-side-loading-powershell-sysmon/
Читать полностью…
Blog alert!
In this one, I go into great detail about how malware walks the Process Environment Block (PEB) to find particular DLLs and parses their export table to find address of functions. I also walk through a real-world implementation of this technique in Phobos ransomware.
Blog link: https://nikhilh-20.github.io/blog/peb_phobos_ransomware/
While this technique has been around for a while, I think people getting into malware analysis (or veterans who might need a refresher) can use this info to quickly understand this obfuscation technique. There's lots of WinDbg and PEB internals info in there!
#windows #malware #analysis #obfuscation
https://youtu.be/ttZ48hu6xjQ?si=VW0eSCwKVmx0nrv0
Читать полностью…
hey very nice bud! i noticed you mainly focus on windows binaries, will you be doing any series that are android focused?
Читать полностью…
it is .NET based .. dll file and usually with 2 classes .. 1 used to register and un register COM objects.. the other is heavily obfuscated .. i tried with de4dot but failed
Читать полностью…
My latest malware analysis video is up! 🔥 ⚔
Enjoy!
https://youtu.be/i791bZiJC7M
#cybersecurity #malwareanalysis
I have a malicious byte array that is injected into a process. Anybody good at reverse engineering malware that would be interested in helping? I got stuck when I noticed in the disassembly that there is XOR encryption. I don't have any background or previous experience in malware analysis
Читать полностью…
Hello @Pomipom, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
Reported Camaron [ LOOK BIO ] [5680038758] to admins.
New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: 0x876008c67af
User ID: 1119116383
Reason: spam
New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: AbuAli Abutaleb
User ID: 828726653
Reason: illegal activity and cracks
Any one worked on detecting dll side loading? Or any blog you could share?
Читать полностью…
Hello @Bilben0503, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
Hello @dub314, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
sample: d4e4c4e495d9462dc8a283e87406c908bbe4504957b64a18ba3406c818a640e1
https://www.virustotal.com/gui/file/d4e4c4e495d9462dc8a283e87406c908bbe4504957b64a18ba3406c818a640e1
Guys anyone heared about Jalapeno trojan and analysed it?
Читать полностью…
https://gchq.github.io/CyberChef/#recipe=XOR(%7B'option':'Hex','string':''%7D,'Standard',false)
try to decrypt the XOR encryption?
https://chatgpt.com/share/66e731bb-c064-8003-8895-978f3aa3c6d4
Читать полностью…
Hello @AlePer55Pet, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: Camaron [ LOOK BIO ]
User ID: 5680038758
Reason: no spam
Hey there, recently I wrote a browser extension which aims to block basic HTML smuggling attacks. If you have any feedback please create a PR directly, this is a beta version though which works on Chrome/Edge on Windows/Mac OS. Thanks!
https://x.com/RandomDhiraj/status/1834693580276793824