What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-07-28 00:00:00 | Skid Osint Investigation (lien direct) | Skid Osint Investigation sur le fait de passer très WIP!
En commençant par AlexxModder, j'ai reçu un message Discord de l'utilisateur AlexxModder me demandant d'être un développeur pour son projet de logiciel malveillant.Je n'étais pas enclin à participer mais plutôt à analyser le code.Alors j'ai déclaré Envoyer le code source, j'ai ensuite reçu le code source en tant qu'Elys.zip (Figure Planholder).
Figure Payholder: Alexmodder envoie un code source de botnet.
Ensuite, nous avons enquêté sur le prochain personnage, qui a été obtenu en visitant le site https [:] // elys.
Skid OSINT Investigation On Going very WIP! Starting with AlexxModder I received a Discord message from the user AlexxModder asking me to be a developer for their malware project. I was not inclined to participate but rather to analyze the code. So I stated Send me the source code, I then received the source code as ELYSc2.zip (Figure placeholder). Figure placeholder: AlexModder sending botnet source code. Next, we investigated the next persona, which was obtained by visiting the site https[:]//elys. |
Malware | ★★★ | |
|
2023-07-15 00:00:00 | Détruire Guloader Destroying GuLoader (lien direct) |
Placeholder de la situation
Points clés L'ensemble réserve de l'espace réservé réservé
Chaîne d'infection par courriel Malspam La chaîne d'infection commence par un e-mail prétendant être de l'Université du Dr S. Susan (PhD) de Trento, une université reconnue pour ses réalisations importantes dans l'enseignement, la recherche.L'e-mail contient la pièce jointe Richiesta Prevevo: (isgb) 7788EU - 0605ita.pdf.zip.Le fichier joint a une double extension probable dans le but de faire en sorte que l'utilisateur ouvre le fichier une fois téléchargé (Figure Planholder).
Situation Placeholder
Key Points Placeholder Placeholder Placeholder Placeholder
Infection Chain Malspam Email The infection chain starts with an email purporting to be from Dr. S. Susan (PHD) University of Trento, a university recognized for its significant accomplishments in teaching, research. The email contains the attachment Richiesta Preventivo: (ISGB) 7788EU - 0605ITA.pdf.zip. The attached file has a double extension likely in an attempt of have the user open the file once downloaded (Figure placeholder). |
★★★ | ||
|
2023-06-28 00:00:00 | Questions et réponses de logiciels malveillants Malware Questions and Answers (lien direct) |
INTRODUCTION Cette page est dédiée aux questions de logiciels malveillants dans lesquels j'aborde en direct sur Stream.
2023-06-28 Mais non merci, je passerai votre demande.Cependant j'ai une question...
Si quelqu'un exploite les logiciels, le micrologiciel ou le matériel ... cela fait-il d'elle un développeur de logiciels malveillants?
& mdash;Jonathan Scott (@ Jonathandata1) 28 juin 2023 Q: Si quelqu'un exploite les logiciels, le firmware ou le matériel et Hellip; cela fait-il d'eux un développeur de logiciels malveillants?
FAIT: Un exploit est un code conçu pour profiter d'un défaut ou d'une vulnérabilité de sécurité, dans un système d'application ou informatique, généralement à des fins malveillantes.
Introduction This page is dedicated for malware questions in which I address live on stream. 2023-06-28 but no thanks, i\'ll pass on your request. I have a question though... If someone exploits software, firmware, or hardware...does that make them a malware developer? — Jonathan Scott (@jonathandata1) June 28, 2023 Q: If someone exploits software, firmware, or hardware…does that make them a malware developer? FACT: An exploit is code designed to take advantage of a security flaw or vulnerability, in an application or computer system, typically for malicious purposes. |
Malware | ★★ | |
|
2023-06-26 00:00:00 | Angr python scripting Cheatheet ANGR Python Scripting Cheatsheet (lien direct) |
ANGR PYTHON TRUMSHEET LORAT UN PROJET 1 2 3 4 5 IMPORT ANGR, CLARIPY # Créez le projet P = angr.project ("Stealer.exe") # terminer ProjetExécution p.terminate_execution () Création de crochets de projet 1 2 3 4 5 6 7 # crochet une adresse skip_bytes = 4 @ p.hook (0xdeadbeef, longueur = skip_bytes) def hook_state (s): # modifier l'étatIci # Vérifiez si l'adresse Hrowed (bool) p.is_hooked (0xdeadbeef) Création d'un état 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 start_address = 0xdeadbeef end_address = 0xbeefdead éviter_address = 0xCaFef00d #p.
ANGR Python CheatSheet Starting a Project 1 2 3 4 5 import angr, claripy # Create the Project p = angr.Project("stealer.exe") # Terminate Project Execution p.terminate_execution() Creating Project Hooks 1 2 3 4 5 6 7 # Hook an Address skip_bytes = 4 @p.hook(0xdeadbeef, length=skip_bytes) def hook_state(s): # Change State Here # Check If Address Hooked (Bool) p.is_hooked(0xdeadbeef) Creating a State 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 start_address = 0xdeadbeef end_address = 0xbeefdead avoid_address = 0xcafef00d # Create the Initial Execution State s = p. |
★★★★ | ||
|
2023-03-09 00:00:00 | Linux TTS Accessibility with Festival (lien direct) |
Introduction Most Linux distributions do not come with a text-to-speech (TTS) engine installed by default. However, there are several open source TTS engines available for Linux that can be installed easily through the package manager.
I have dysgraphia, which is a neurological disorder that affects a person’s ability to write. People with dysgraphia may struggle with writing legibly, organizing their thoughts on paper, and/or maintaining consistent spacing and sizing of letters and words. |
★★ | ||
|
2023-02-20 00:00:00 | Using GitHub Hugo and Obsidian to build a Portfolio (lien direct) |
Introduction A portfolio website showcases immediate value to employers because it provides a platform to demonstrate your skills, creativity, and achievements. By presenting your best work, you can show employers what you can bring to the table and how you can contribute to their organization. A portfolio website also shows that you are proactive and take pride in your work, which can be attractive to employers who are looking for self-motivated and passionate candidates. |
★★★★ | ||
|
2023-02-05 00:00:00 | Hunting Opaque Predicates with YARA (lien direct) |
Introduction Malware tends to obfuscate itself using many different techniques from opaque predicates, garbage code, control flow manipulation with the stack and more. These techniques definitely make analysis more challening for reverse engineers. However, from a detection and hunting standpoint to find interesting samples to reverse engineer we can leverage our knowlege of these techniques to hunt for obfuscated code. In our case today, we will be developing a yara signature to hunt for one specific technique of opaque predicates, there are many variations and situations where this does not match and should only serve as a hunting signatures as more heuristic and programitic approaches for this are better for detection. |
Malware | ★★★ | |
|
2023-02-04 00:00:00 | Fish as a User Shell in Linux (lien direct) |
Introduction The purpose of this article is to provide reasoning behind why I’m a fish shell user and how to I setup fish 🐟 shell on all my Linux machines. Before we begin, we need to understand what fish shell is.
Fish is a Unix shell with a focus on interactivity and usability. Fish is designed to give the user features by default, rather than by configuration. Fish is considered an exotic shell since it does not rigorously adhere to POSIX shell standards, at the discretion of the maintainers. |
★★★ | ||
|
2023-02-04 00:00:00 | Ghidra Python Scripting Cheatsheet (lien direct) | This is a cheatsheet I use for Ghidra scripting. NOTE: Some of these functions use each other 😄 Get Python Bytes from Address 1 2 def get_bytes(address, size): return bytes(map(lambda b: b & 0xff, getBytes(address, size))) Get Section Bytes (Program Tree) 1 2 3 def get_section_bytes(section_name): section = getMemoryBlock(section_name) return get_bytes(section.getStart(), section.getSize()) Get Executable Path 1 currentProgram.getExecutablePath() Get Program Start Address 1 currentProgram.getMinAddress() Get Program End Address 1 currentProgram.getMaxAddress() Comments 1 2 3 4 from ghidra. | ★★★★ | ||
|
2023-02-04 00:00:00 | Hooking C Runtime or libc (lien direct) | Introduction A friend at work asked me if we can actively change argc when executing a target program without modifying the target program. I was not sure at the time what the solution would be. However, after some thought; I thought about LD_PRELOAD and using it to hook specific functions. I figured, well it probably won’t allow the hooking of libc, but in reality it does. This is of course interesting behavior that can be leveraged for offensive and defensive security research practices. | ★★★ | ||
|
2022-11-29 21:57:40 | Destroying Redline Stealer (lien direct) |
Situation Muta from SomeOrdinaryGamers uploaded a video on Redline Stealer on Aug 14, 2022, which infected Martin Shkreli. The purpose of this analysis is to destroy Redline Stealer (specifically the version that infected Martin Shkreli), beginning to end. We will be writing our own configuration extractor, compiling our own version of Redline Stealer in Visual Studio (without source code), write detection signature and tear apart every aspect of the attack chain. |
★★★ | ||
|
2022-11-23 00:00:00 | Twitch Streaming Live Chat for OBS (lien direct) | Twitch Live Stream Chat 1 https://dashboard.twitch.tv/popout/u//stream-manager/chat?uuid=2 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 /* Twitch chat browsersource CSS for OBS Just set the URL as https://www. | ★★★ | ||
|
2022-08-04 00:00:00 | A Reverse Engineering Guide for Rust Binaries (lien direct) | Introduction The Rust programming language is like rust on a vehicle for malware analysts and reverse engineers. The adoption of the language by malware authors spreads like cancer the longer it is in active development. This is due to convenient static linking and support for many operating systems, yielding a binary with little to no dependencies. These features are excellent for the distribution of malware. Every time we need to reverse engineer a Rust binary, we would rather embrace the sweet release of death. | Malware | ★★★ | |
|
2022-07-20 00:00:00 | What is a DLL? (lien direct) | Introduction Hey everybody, it’s cerberus and welcome to malware hell. Today we are going to do a whiteboard session on what a DLL is and why it is important to malware reverse engineering and analysis. Dynamic-link library (DLL) is Microsoft’s implementation of the shared library concept in the Microsoft Windows and OS/2 operating systems. These libraries usually have the file extension DLL, OCX (for libraries containing ActiveX controls), or DRV (for legacy system drivers). | Malware | ★★★ | |
|
2022-07-13 00:00:00 | Reversing Additional Lockbit 3.0 API Hashing (lien direct) | I was watching @herrcore’s OALabs stream on Lockbit 3.0. After he wrote a utility to decrypt additional data from the ransomware, he noticed one of the buffers was a Portable Executable (PE) file. It had an interesting API hashing routine, we would be reversing for the next stream. I decided to have a closer look. 😄 Analysis This is an interesting sample, I have not mapped out its full functionality yet. | ★★★★ |
1
We have: 15 articles.
We have: 15 articles.
To see everything:
Our RSS (filtrered)
