9687
Group for Malware Analysts. Pinned message with resources and rules: https://t.me/MalwareResearch/38033
read widely, find applications for those techniques will be much more helpful. either read MITRE ATT&CK references or read Malpedia
Читать полностью…
I have seen some assembly questions on the go, memory analysis related questions, differences between the various types of process injections (e.g. process hollowing vs process doppelgänging vs DLL injection)
some are also related to IR. why do you see this being injected to lsass.exe? what's the significance when you observe bla bla API calls and the given process tree?
better than theoretical knowledge is better to send a sample to be analyzed. you can add also question about programming (low level stuff and winapi)
Читать полностью…
@Libranalysis and @everyone
What are so good malware analysis and reverse engineering questions to ask during an interview? I have a Malware Reverse Engineer interview coming up and would like to learn what type of questions might come up?
I had brainstormed some examples like:
1. Explain process injection, runPE, ... etc
2. Could walk me through how to analyze shellcode, and how to write a program to launch shellcode?
3. Explain ransomware encryption schemes, pros and cons of each.
4. Multistage malware (how does the next stage gets dropped from the initial Word docx)?
5. Could you explain calling conventions and explain their designs?
6. Can you list some example of anti-debugging techniques and how to overcome them?
7. Given a brand new malware, how do you approach analyzing it?
8. What the difference between Yara and Sigma rules? and how can you hunt with them?
9. How does a malware choose a target process for injection? Why inject in itself sometimes?
Admin .. can I paste a survey here ? it has 2 questions only
Читать полностью…
Any one interested in Offensive macOS, check out, blog:
https://0xf00sec.github.io/0x1B
User Nkgg has 1/3 warnings; be careful!
Reason:
stay on topic
hey guys does anyone have vt subscription? i need setup.exe file from the recent eset compromise
link
Hello @aeonmusk, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…
Help❗️❗
Hii guys, I'm Adam.
My Instagram page, which is the community hub for 3D artists I manage, has been hacked. I’m receiving threatening messages and this could potentially cost me my job. I’ve tried contacting Instagram to resolve the issue, but their support forms aren’t working. My email, username, and phone number have all been changed, and the security codes I receive aren’t valid.
I thought I’d reach out here in case anyone with more experience has professional advice. I’m devastated right now as I don’t know when Instagram support will respond or if they’ll be able to fix this at all.😢
If there’s any way to fight the hacker on their own terms, I’ll do everything I can. Any help would be appreciated.
Thank you.
Blog post alert!
This one is about Turla backdoor. It tries to bypass ETW, EventLog and AMSI via well-known techniques - disabling PSEtwLogProvider and patching specific functions' instructions. But some of its patching is buggy. This blog describes the bypass techniques and why some of the function instruction patches are faulty.
Blog link: https://nikhilh-20.github.io/blog/turla_backdoor_defenses_bypass/
hi guys anyone has the following samples?
D330F1945A39CEB78B716C21B6BE5D82
B38D1C18CBCCDDDBF56FDD28E5E6ECBB
Google, Bing, Yandex are your best friends: https://www.sans.org/blog/alternate-data-streams-overview/
Читать полностью…
With regards to can: yes. The question is if they do. I presume AV/EDR/XDR vendors got it covered, but not all forensic tools might
IR-related questions may put some malware analysts without IR experience at disadvantage, but this is not hard to overcome, because there are plenty of blogs that describe them, be it IR incidents or red teamers/pentesters finding ways to evade EDR
Читать полностью…
This is great, thanks for your feedback.
Yeah I was anticipating questions about Go, .NET and Rust malware (and other weaponization like Electron and cross-platform malware)
Also you are correct about the Mobile malware (questions related to how would approach analyzing a obfuscated Android app)
For the unpacking: they probably ask open ended or scenario based questions (like what is virtualization-based packing and how would you unpack it. Can you use automation/emulation)
Other questions I can think of:
- what is self modifiying code and how would you analyze it?
- explain API Hashing
Hello, this questions is good but I think is kinda easy I think, you may add extra questions about assembly language
Like, name the registers goals etc
How we could unpack the binaries using disassemblers
Either, I would ask about Android/IOS/MacOS/Linux malware too, it is getting spread nowadays
And maybe about some new/trend techniques, like Ghost injection, Hollowing, how it works and can be caught.
Depends on the survey topic: if its on-topic, then yes
Читать полностью…
Hi, has anyone tried or know if maldev academy is good? Or is there something better?
Читать полностью…
New FedBan
Fed: Libra's Empire
FedAdmin: alex 27
User: Jery Mems
User ID: 7514521798
Reason: ignores rules
Hello everyone, should you require assistance with reversing EXE and APK files despite their protection measures, feel free to reach out to me. I specialize in reversing files protected by various techniques, including but not limited to:
1. VMProtect
1. Themida
1. UPX (Ultimate Packer for eXecutables)
1. Enigma Protector
1. Armadillo
1. ASProtect
1. CodeVirtualizer
1. Obsidium
I have expertise in reversing both EXE and APK files and can provide the necessary services. Please don't hesitate to contact me for further assistance in this area
Hi all.
Since sans certifications are expensive, what certification or course do you recommend for malware analysis?
first sample on any.run, second sample nowhere to be found
Читать полностью…
New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: 阿 芳
User ID: 6680919520
Reason: illegal activity
You know any tool that can detect these kinds of files?
Читать полностью…
Hi all,
I was going through an EC-Council forensic course and came across anti forensic techniques alternate data streams. Is there any way that we can use some forensics tools to find out and identify these kinds of files and any anti-virus or EDR/XDR tools can detect this kind of files?