MuddyWater: Snakes by the riverbank
MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook
MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook
🔥5
Reverse Dungeon
https://securelist.ru/sovmestnye-ataki-4bid-bo-team-red-likho/114124
This media is not supported in your browser
VIEW IN TELEGRAM
👾2
Forwarded from Offensive-SEC
Trainsec - MAoS – Malware Analysis on Steroids Bundle
🔗 Download
Info : https://trainsec.net/courses/maos-malware-analysis-on-steroids-bundle/
@offenciveSec
🔗 Download
Info : https://trainsec.net/courses/maos-malware-analysis-on-steroids-bundle/
@offenciveSec
👍8
CLR Unhooking Tool
Matthew Graeber (@mattifestation) - Reverse engineering InternalCall methods and CLR internals
#clr #bypass #rev
Note: For this to have the effect of a clean CLR, you’d need to manually map the DLL from disk into memory. You cannot use LoadLibraryA/W, because antivirus solutions will detect the DLL load event and may hook it immediately. If you want this behavior, you can look up existing manual mappers on GitHub and integrate one into your codebase. I’m not including one here, as AV vendors generally don’t appreciate thatA native C++ utility that bypasses EDR/AV hooks in the .NET Common Language Runtime by restoring the original nLoadImage function implementation.
Matthew Graeber (@mattifestation) - Reverse engineering InternalCall methods and CLR internals
#clr #bypass #rev
👾3🕊1
LazyHook is a stealthy API hooking framework that bypasses Host Intrusion Prevention Systems (HIPS) through call stack spoofing. By leveraging CPU-level hardware breakpoints and Vectored Exception Handling, it executes arbitrary code as if it originated from trusted, Microsoft-signed modules—completely fooling behavioral analysis engines that rely on call stack inspection and module origin verification.
#callstackspoofing #edr
Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks
Uses hardware breakpoints + VEH to hijack legitimate functions and spoof module origins
│ 1. Target Function Call
│ ↓
│ 2. CPU Debug Register Triggers (DR0-DR3) │
│ ↓
│ 3. EXCEPTION_SINGLE_STEP Raised │
│ ↓
│ 4. VEH Handler Intercepts Exception │
│ ↓
│ 5. Execution Redirected to Hook Function │
│ ↓
│ 6. CallOriginal() Temporarily Disables Breakpoint
│ ↓
│ 7. Original Function Executes │
│ ↓
│ 8. Breakpoint Re-enabled
#callstackspoofing #edr
👾5
👾6
Prince of Persia: A Decade of Iranian Nation-State APT Campaign Activity under the Microscope
See how a SafeBreach researcher tracked the malicious threat actor to achieve unprecedented visibility into the group’s ongoing operations, including activity as recently as December 2025.
🔥4
Forwarded from white2hack 📚
According to Cybersecurity Ventures, if Cybercrime were a country it would be the world's third largest Economy
Cybercrime is predicted to cost the world $10.5 trillion USD in 2025, according to Cybersecurity Ventures. If it were measured as a country, then cybercrime would be the world’s third largest economy after the U.S. and China.
This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.
Source
#analytics
Cybercrime is predicted to cost the world $10.5 trillion USD in 2025, according to Cybersecurity Ventures. If it were measured as a country, then cybercrime would be the world’s third largest economy after the U.S. and China.
This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.
Source
#analytics
🔥4👾3