www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-31T07:36:17+00:00 www.secnews.physaphae.fr Malware Hell - Blog Sécu: De c3rb3r3u5d3d53c Skid Osint Investigation Skid OSINT Investigation On Going very WIP! Starting with AlexxModder I received a Discord message from the user AlexxModder asking me to be a developer for their malware project. I was not inclined to participate but rather to analyze the code. So I stated Send me the source code, I then received the source code as ELYSc2.zip (Figure placeholder). Figure placeholder: AlexModder sending botnet source code. Next, we investigated the next persona, which was obtained by visiting the site https[:]//elys.]]> 2023-07-28T00:00:00+00:00 https://c3rb3r3u5d3d53c.github.io/2023/07/skid/ www.secnews.physaphae.fr/article.php?IdArticle=8363038 False Malware None 3.0000000000000000 Malware Hell - Blog Sécu: De c3rb3r3u5d3d53c Détruire Guloader<br>Destroying GuLoader Placeholder de la situation Points clés L'ensemble réserve de l'espace réservé réservé Chaîne d'infection par courriel Malspam La chaîne d'infection commence par un e-mail prétendant être de l'Université du Dr S. Susan (PhD) de Trento, une université reconnue pour ses réalisations importantes dans l'enseignement, la recherche.L'e-mail contient la pièce jointe Richiesta Prevevo: (isgb) 7788EU - 0605ita.pdf.zip.Le fichier joint a une double extension probable dans le but de faire en sorte que l'utilisateur ouvre le fichier une fois téléchargé (Figure Planholder).

Situation Placeholder Key Points Placeholder Placeholder Placeholder Placeholder Infection Chain Malspam Email The infection chain starts with an email purporting to be from Dr. S. Susan (PHD) University of Trento, a university recognized for its significant accomplishments in teaching, research. The email contains the attachment Richiesta Preventivo: (ISGB) 7788EU - 0605ITA.pdf.zip. The attached file has a double extension likely in an attempt of have the user open the file once downloaded (Figure placeholder).]]> 2023-07-15T00:00:00+00:00 https://c3rb3r3u5d3d53c.github.io/2023/07/guloader/ www.secnews.physaphae.fr/article.php?IdArticle=8357142 False None None 3.0000000000000000 Malware Hell - Blog Sécu: De c3rb3r3u5d3d53c Questions et réponses de logiciels malveillants<br>Malware Questions and Answers Introduction This page is dedicated for malware questions in which I address live on stream. 2023-06-28 but no thanks, i\'ll pass on your request. I have a question though... If someone exploits software, firmware, or hardware...does that make them a malware developer? — Jonathan Scott (@jonathandata1) June 28, 2023 Q: If someone exploits software, firmware, or hardware…does that make them a malware developer? FACT: An exploit is code designed to take advantage of a security flaw or vulnerability, in an application or computer system, typically for malicious purposes.]]> 2023-06-28T00:00:00+00:00 https://c3rb3r3u5d3d53c.github.io/2023/06/malware-questions/ www.secnews.physaphae.fr/article.php?IdArticle=8350426 False Malware None 2.0000000000000000 Malware Hell - Blog Sécu: De c3rb3r3u5d3d53c Angr python scripting Cheatheet<br>ANGR Python Scripting Cheatsheet ANGR Python CheatSheet Starting a Project 1 2 3 4 5 import angr, claripy # Create the Project p = angr.Project("stealer.exe") # Terminate Project Execution p.terminate_execution() Creating Project Hooks 1 2 3 4 5 6 7 # Hook an Address skip_bytes = 4 @p.hook(0xdeadbeef, length=skip_bytes) def hook_state(s): # Change State Here # Check If Address Hooked (Bool) p.is_hooked(0xdeadbeef) Creating a State 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 start_address = 0xdeadbeef end_address = 0xbeefdead avoid_address = 0xcafef00d # Create the Initial Execution State s = p.]]> 2023-06-26T00:00:00+00:00 https://c3rb3r3u5d3d53c.github.io/2023/06/angr-python-cheatsheet/ www.secnews.physaphae.fr/article.php?IdArticle=8349580 False None None 4.0000000000000000 Malware Hell - Blog Sécu: De c3rb3r3u5d3d53c Linux TTS Accessibility with Festival Introduction Most Linux distributions do not come with a text-to-speech (TTS) engine installed by default. However, there are several open source TTS engines available for Linux that can be installed easily through the package manager. I have dysgraphia, which is a neurological disorder that affects a person’s ability to write. People with dysgraphia may struggle with writing legibly, organizing their thoughts on paper, and/or maintaining consistent spacing and sizing of letters and words.]]> 2023-03-09T00:00:00+00:00 https://c3rb3r3u5d3d53c.github.io/2023/03/linux-tts-with-festival/ www.secnews.physaphae.fr/article.php?IdArticle=8317128 False None None 2.0000000000000000 Malware Hell - Blog Sécu: De c3rb3r3u5d3d53c Using GitHub Hugo and Obsidian to build a Portfolio Introduction A portfolio website showcases immediate value to employers because it provides a platform to demonstrate your skills, creativity, and achievements. By presenting your best work, you can show employers what you can bring to the table and how you can contribute to their organization. A portfolio website also shows that you are proactive and take pride in your work, which can be attractive to employers who are looking for self-motivated and passionate candidates.]]> 2023-02-20T00:00:00+00:00 https://c3rb3r3u5d3d53c.github.io/2023/02/hugo-and-obsidian/ www.secnews.physaphae.fr/article.php?IdArticle=8314728 False None None 4.0000000000000000 Malware Hell - Blog Sécu: De c3rb3r3u5d3d53c Hunting Opaque Predicates with YARA Introduction Malware tends to obfuscate itself using many different techniques from opaque predicates, garbage code, control flow manipulation with the stack and more. These techniques definitely make analysis more challening for reverse engineers. However, from a detection and hunting standpoint to find interesting samples to reverse engineer we can leverage our knowlege of these techniques to hunt for obfuscated code. In our case today, we will be developing a yara signature to hunt for one specific technique of opaque predicates, there are many variations and situations where this does not match and should only serve as a hunting signatures as more heuristic and programitic approaches for this are better for detection.]]> 2023-02-05T00:00:00+00:00 https://c3rb3r3u5d3d53c.github.io/2023/02/opaque-predicate-hunting-with-yara/ www.secnews.physaphae.fr/article.php?IdArticle=8314729 False Malware None 3.0000000000000000 Malware Hell - Blog Sécu: De c3rb3r3u5d3d53c Fish as a User Shell in Linux Introduction The purpose of this article is to provide reasoning behind why I’m a fish shell user and how to I setup fish 🐟 shell on all my Linux machines. Before we begin, we need to understand what fish shell is. Fish is a Unix shell with a focus on interactivity and usability. Fish is designed to give the user features by default, rather than by configuration. Fish is considered an exotic shell since it does not rigorously adhere to POSIX shell standards, at the discretion of the maintainers.]]> 2023-02-04T00:00:00+00:00 https://c3rb3r3u5d3d53c.github.io/2023/02/fish-user-shell/ www.secnews.physaphae.fr/article.php?IdArticle=8314730 False None None 3.0000000000000000 Malware Hell - Blog Sécu: De c3rb3r3u5d3d53c Hooking C Runtime or libc 2023-02-04T00:00:00+00:00 https://c3rb3r3u5d3d53c.github.io/2023/02/hooking-libc.en.md/ www.secnews.physaphae.fr/article.php?IdArticle=8314732 False None None 3.0000000000000000 Malware Hell - Blog Sécu: De c3rb3r3u5d3d53c Ghidra Python Scripting Cheatsheet 2023-02-04T00:00:00+00:00 https://c3rb3r3u5d3d53c.github.io/2023/02/ghidra-python-cheatsheet.en.md/ www.secnews.physaphae.fr/article.php?IdArticle=8314731 False None None 4.0000000000000000 Malware Hell - Blog Sécu: De c3rb3r3u5d3d53c Destroying Redline Stealer Situation Muta from SomeOrdinaryGamers uploaded a video on Redline Stealer on Aug 14, 2022, which infected Martin Shkreli. The purpose of this analysis is to destroy Redline Stealer (specifically the version that infected Martin Shkreli), beginning to end. We will be writing our own configuration extractor, compiling our own version of Redline Stealer in Visual Studio (without source code), write detection signature and tear apart every aspect of the attack chain.]]> 2022-11-29T21:57:40+00:00 https://c3rb3r3u5d3d53c.github.io/2022/11/redline-stealer/ www.secnews.physaphae.fr/article.php?IdArticle=8314733 False None None 3.0000000000000000 Malware Hell - Blog Sécu: De c3rb3r3u5d3d53c Twitch Streaming Live Chat for OBS 2022-11-23T00:00:00+00:00 https://c3rb3r3u5d3d53c.github.io/2022/11/twitch-live-chat/ www.secnews.physaphae.fr/article.php?IdArticle=8314734 False None None 3.0000000000000000 Malware Hell - Blog Sécu: De c3rb3r3u5d3d53c A Reverse Engineering Guide for Rust Binaries 2022-08-04T00:00:00+00:00 https://c3rb3r3u5d3d53c.github.io/2022/08/malware-reversing-rust/ www.secnews.physaphae.fr/article.php?IdArticle=8314735 False Malware None 3.0000000000000000 Malware Hell - Blog Sécu: De c3rb3r3u5d3d53c What is a DLL? 2022-07-20T00:00:00+00:00 https://c3rb3r3u5d3d53c.github.io/2022/07/what-is-a-dll/ www.secnews.physaphae.fr/article.php?IdArticle=8314736 False Malware None 3.0000000000000000 Malware Hell - Blog Sécu: De c3rb3r3u5d3d53c Reversing Additional Lockbit 3.0 API Hashing 2022-07-13T00:00:00+00:00 https://c3rb3r3u5d3d53c.github.io/2022/07/lockbit-api-hashing/ www.secnews.physaphae.fr/article.php?IdArticle=8314737 False None None 4.0000000000000000