9632
Group for Malware Analysts. Pinned message with resources and rules: https://t.me/MalwareResearch/38033
You can start with using something like this http://www.dcs.fmph.uniba.sk/zri/6.prednaska/tools/PEiD/plugins/kanal.htm ? Maybe ? Try to figure out the some key common artefacts im ransomware sample like anti analysis, shadowcopy deletion , and all of that, try to read writeups related to technical analysis of ransomware samples
Читать полностью…
I have knowledge in reverse engineering but want to study ransomware reverse engineering.
Are there any courses specific to this?
I have read the pinned message, but didn’t find any resources attached
In fact many "legal" malware development companies such as REMCOS (i think) sell it as "surveillance" software
Читать полностью…
New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: Khandare Bhushan
User ID: 6155433766
Reason: no skids
I cannot find the paper, but I'm 100% sure I've read that someone did it for a scientific article -- this doesn't imply it's legal, it means that it's "tolerated in science"
Читать полностью…
I was sincerely hoping for something plug-n-play!
Читать полностью…
Wow thanks, you're a database :)
As a reference:
PowerShell is opensource => Make your own instrumented fork
Another one that I can think of is due to the PS-Transcript bug, but his code hasn't been updated. Searching for this bug should lead you to something similar created for debugging purposes, likely useful for reversing PS malware
https://github.com/PowerShell/PowerShell/issues/10994
I tried, and in fact this is not what I was looking for... but it's likely that someone wrote a ps1 wrapper using this PSDebug to dump all the intermediate values
Читать полностью…
Hello folks!
I remember "some time ago" I read about a trick to "instrument" powershell scripts, so that when you run them you are shown line by line input and output, very useful for reversing ps1 malware... does this ring a bell?
Do you know what I'm talking about?
New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: App developer
User ID: 6550221174
Reason: no spam
User App developer has 1/3 warnings; be careful!
Reason:
English only
Nvm i missed the "reverse engineering" sorry bud i am kinda single braincell here
Читать полностью…
User 0x00 has 1/3 warnings; be careful!
Reason:
English only
Well in many places is illegal to sell malware so...
Читать полностью…
Paying criminals might not be legal, depending on your country
Читать полностью…
yes, is it legal as long you don't use it for malicious purposes, obviously
Читать полностью…
Would it be legal to buy malware in order to analyse it ?
Читать полностью…
I don't think it will ever be fixed, but in doubt I think the PS fork is a great solution!
Читать полностью…
New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: Stake Mines Milllionaire
User ID: 6938205406
Reason: get lost
Might be from the IR group?
/channel/IncidentResponse/27706
I don't believe his codes are open source though
New FedBan
Fed: Libra's Empire
FedAdmin: ❤🦦
User: Byte Hacker
User ID: 5990593070
Reason: illegal activity
User Tatsuya has 1/3 warnings; be careful!
Reason:
English only in this chat
New FedBan
Fed: Libra's Empire
FedAdmin: Libra
User: uuuuuu hhhh
User ID: 6240585553
Reason: no skids
Hello root@botnet:~#, welcome to the Malware Research group! Please read the pinned message before you post!
Читать полностью…