tildedennis
@tildedennisaverage malware reverse engineer https://t.co/YjfQWBzZd9 https://t.co/67tyxbpmw1
Similar User
@sysopfb
@TomHegel
@JRoosen
@CapeSandbox
@mesa_matt
@seanmw
@Antelox
@push_pnx
@r0ny_123
@Racco42
@JaromirHorejsi
@bigmacjpg
@adorais
@aRtAGGI
@Mesiagh
With everything going on right now preserving, contextualizing and promoting history and digital archives is more important than ever. You have to know the past to understand the present.
In a couple of days, we'll be releasing IDA 9.0! We're excited to introduce our supercharged FLIRT Manager plus thousands of new signatures, available as separate downloads 🤩 Learn more 🌐 eu1.hubs.ly/H0cBQx80 #idapro
Have you seen the 'sp-analysis failed' error and wondered why it appears and how to fix it? In this video, we explain the stack pointer tracing/analysis feature of IDA/its processor modules and how to fix stack pointer tracing errors. youtu.be/Cd6Q-_1dxNU Some of the topics…
Too excited it's back in email not to share: incoming: doc_inv_09-12\#[0-9]{1,4}\.pdf CampaignID: "Alpha" hxxps://isomicrotich.com/test/ hxxps://rilomenifis.com/test/ tldr high level: Email > PDF > URL > JS > MSI > #Latrodectus Samples in comments, IOCs on bazaar
"Comunicazione Importante dall'Agenzia delle Entrate" spam email spread #DanaBot Urls redirect > content.servepics.[com/login.php portfolio.serveirc.[com/login.php >JS > dll http://soundata.]top/resources.dll Samples bazaar.abuse.ch/browse/tag/age… AnyRun app.any.run/tasks/a059217b…
🛠️ We added a basic WebUI to our malware strings lookup service. Give it a try at strings.malpedia.io
📣We updated "Malpedia FLOSSed". TL;DR: More data, cleaner Rust/Go/Dotnet strings, various tags! We also created a public web service to make this data more accessible: strings.malpedia.io, as well as an IDA plugin as a demo use case. Read more -> github.com/malpedia/malpe…
#Zloader aka #SilentNight is back! Check out our technical analysis of Zloader version 2.1.7.0, where we uncover the new obfuscation techniques, updates to the DGA, and the addition of RSA to network encryption. Blog link: zscaler.com/blogs/security…
One of the biggest hurdles in public malware research is the lack of *labeled* samples for study. A richly labeled and organized sample corpus enables bulk research into TTPs and tradecraft for detection and intel analysis. Thank you VXUG for democratizing access. [1/2]
You can now download APTs in bulk vx-underground.org/APTs/Yearly%20…
If you’re into more historical stuff check out Zeus museum by @tildedennis zeusmuseum.com
A threat actor spreads #DanaBot using Google #malvertising via websites impersonating the Advanced IP scanner download page. It has probably been targeting IT admins (valuable hosts) for several months. Distribution infra of 40+ domain names: advancd-ip-scanner.]com ⬇️
Microsoft has identified new Qakbot phishing campaigns following the August 2023 law enforcement disruption operation. The campaign began on December 11, was low in volume, and targeted the hospitality industry. Targets received a PDF from a user masquerading as an IRS employee.
TIL CryptDeriveKey using sha256 is just sha256... thanks @kausrini !
Tips For Reverse Engineering Delphi (Danabot) A few tips from our recent stream, link to full VOD on Patreon follows...
After exploiting the vulnerability, Lace Tempest issued commands via the SysAid software to deliver a malware loader for the Gracewire malware. This is typically followed by human-operated activity, including lateral movement, data theft, and ransomware deployment.
Thank you again to people who listened to my presentation and talked with me at #vb2023 and #TheSAS2023 and organizers who provided me an opportunity. I released IDA FLIRT signature for fcClientDll (FlowCloud) and IOC I mentioned in the presentation. github.com/0xebfehat/2023…
Distracted by all those casts, and you don’t really need to see them? You can hide them, but beware of wrong results 🌐 hex-rays.com/blog/igors-tip… #IgorsTipOfTheWeek #IDAtips #IDAPro #decompiler
When you are doing reverse engineering what libraries, runtimes, toolkits, etc... have you seen used in your targets? The idea is to build a large library of (compressed) #Diaphora export databases for common libraries, runtimes, toolkits, etc... 1/2 mastodon.social/@joxean/111159…
2023-08-03 (Thursday): Malicious Google ad led to a fake TurboTax page pushing an installer package that led to #DanaBot. List of indicators available at bit.ly/3qfbEgL
United States Trends
- 1. Thanksgiving 642 B posts
- 2. #AEWDynamite 14,7 B posts
- 3. #Survivor47 2.292 posts
- 4. Zuck 7.897 posts
- 5. #BillboardIsOverParty 111 B posts
- 6. Custom 85,7 B posts
- 7. Vindman 42,2 B posts
- 8. #CONVICT 7.018 posts
- 9. Kamille 2.119 posts
- 10. #SistasOnBET N/A
- 11. Azzi 2.796 posts
- 12. James Harden 5.042 posts
- 13. Marcus Smart N/A
- 14. Shelton Benjamin 1.125 posts
- 15. Ishii 2.905 posts
- 16. Genevieve 3.452 posts
- 17. Jericho 3.932 posts
- 18. Mbappe 445 B posts
- 19. Max Caster N/A
- 20. Verify 30,5 B posts
Who to follow
-
sysopfb
@sysopfb -
Tom Hegel
@TomHegel -
Joe Roosen
@JRoosen -
CAPE Sandbox
@CapeSandbox -
Matthew Mesa
@mesa_matt -
sean
@seanmw -
Antelox
@Antelox -
Daniel Plohmann
@push_pnx -
Rony
@r0ny_123 -
Racco42
@Racco42 -
JaromirHorejsi
@JaromirHorejsi -
Kirk Sayre
@bigmacjpg -
Alexis Dorais-Joncas (@[email protected])
@adorais -
Digital_Monet
@aRtAGGI -
Artsiom Holub
@Mesiagh
Something went wrong.
Something went wrong.