MoonPeak malware from North Korean actors unveils new details on attacker infrastructure
https://blog.talosintelligence.com/moonpeak-malware-infrastructure-north-korea/
#apt #moonpeak #xenorat #opensource #analysis
https://blog.talosintelligence.com/moonpeak-malware-infrastructure-north-korea/
#apt #moonpeak #xenorat #opensource #analysis
Cisco Talos Blog
MoonPeak malware from North Korean actors unveils new details on attacker infrastructure
Cisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.”
From Windows drivers to a almost fully working EDR
https://blog.whiteflag.io/blog/from-windows-drivers-to-a-almost-fully-working-edr/
#windows #edr #tutor
https://blog.whiteflag.io/blog/from-windows-drivers-to-a-almost-fully-working-edr/
#windows #edr #tutor
blog.whiteflag.io
From Windows drivers to a almost fully working EDR
In this article we will see how Windows drivers work, how to create one and, in the end, we will develope a custom EDR that will rely on kernel callback functions, static analysis and API hooking.
NGate Android malware relays NFC traffic to steal cash
https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/
#mobile #android #nfc #analysis
https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/
#mobile #android #nfc #analysis
Welivesecurity
NGate Android malware relays NFC traffic to steal cash
ESET Research uncovers Android malware that relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM.
Whitecat18/Rust-for-Malware-Development
https://github.com/Whitecat18/Rust-for-Malware-Development
#rust #opensource #samples
https://github.com/Whitecat18/Rust-for-Malware-Development
#rust #opensource #samples
GitHub
GitHub - Whitecat18/Rust-for-Malware-Development: Rust for malware Development is a repository for advanced Red Team techniques…
Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀 - Whitecat18/Rust-for-Malware-Development
New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules
https://thehackernews.com/2024/08/new-linux-malware-sedexp-hides-credit.html
#linux #udev #analysis
https://thehackernews.com/2024/08/new-linux-malware-sedexp-hides-credit.html
#linux #udev #analysis
Dissecting the Windows Defender Driver - WdFilter (Part 1)
https://n4r1b.com/posts/2020/01/dissecting-the-windows-defender-driver-wdfilter-part-1/
Dissecting the Windows Defender Driver - WdFilter (Part 2)
https://n4r1b.com/posts/2020/02/dissecting-the-windows-defender-driver-wdfilter-part-2/
#windows #defender #av #reverse
https://n4r1b.com/posts/2020/01/dissecting-the-windows-defender-driver-wdfilter-part-1/
Dissecting the Windows Defender Driver - WdFilter (Part 2)
https://n4r1b.com/posts/2020/02/dissecting-the-windows-defender-driver-wdfilter-part-2/
#windows #defender #av #reverse
N4R1B
Dissecting the Windows Defender Driver - WdFilter (Part 1)
In this series of posts I'll be explaining how the Windows Defender main Driver works, in this first post we will look into the initialization and the Process creation notifications among other things
Extract Windows Defender database from vdm files and unpack it
https://github.com/hfiref0x/WDExtract
#windows #defender #av #vdm #signuature #unpack
https://github.com/hfiref0x/WDExtract
#windows #defender #av #vdm #signuature #unpack
GitHub
GitHub - hfiref0x/WDExtract: Extract Windows Defender database from vdm files and unpack it
Extract Windows Defender database from vdm files and unpack it - hfiref0x/WDExtract
Defender Pretender: When Windows Defender Updates Become a Security Risk
https://www.safebreach.com/blog/defender-pretender-when-windows-defender-updates-become-a-security-risk/
#windows #defender #av #signature #vdm
https://www.safebreach.com/blog/defender-pretender-when-windows-defender-updates-become-a-security-risk/
#windows #defender #av #signature #vdm
SafeBreach
Windows Defender Security Risk: Defender Pretender | SafeBreach
SafeBreach exploited the Windows Defender update to deliver malicious updates & maintain persistence on systems as an unprivileged user
An unexpected journey into Microsoft Defender's signature World
https://retooling.io/blog/an-unexpected-journey-into-microsoft-defenders-signature-world
#windows #defender #av #signature
https://retooling.io/blog/an-unexpected-journey-into-microsoft-defenders-signature-world
#windows #defender #av #signature
PEAKLIGHT: Decoding the Stealthy Memory-Only Malware | Google Cloud Blog
https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/
#analysis #memonly
https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/
#analysis #memonly
Google Cloud Blog
PEAKLIGHT: Decoding the Stealthy Memory-Only Malware | Google Cloud Blog
Mandiant identified a new memory-only dropper using a complex, multi-stage infection process.
Operation DevilTiger: 0day vulnerability techniques and tactics used by APT-Q-12 disclosed
https://ti.qianxin.com/blog/articles/operation-deviltiger-0day-vulnerability-techniques-and-tactics-used-by-apt-q-12-disclosed-en/
#analysis #apt
https://ti.qianxin.com/blog/articles/operation-deviltiger-0day-vulnerability-techniques-and-tactics-used-by-apt-q-12-disclosed-en/
#analysis #apt
Qianxin
奇安信威胁情报中心
Nuxt.js project
Analysis of two arbitrary code execution vulnerabilities affecting WPS Office
https://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office/
#analysis #apt #exploit #wps #office
https://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office/
#analysis #apt #exploit #wps #office
Welivesecurity
Analysis of two arbitrary code execution vulnerabilities affecting WPS Office
ESET research uncovers a vulnerability in WPS Office for Windows (CVE-2024-7262), as it was being exploited by South Korea-aligned cyberespionage group APT-C-60 to target East Asian countries. Analysis of the vendor’s silently released patch led to the discovery…
Obfuscated PowerShell leads to Lumma C2 Stealer
https://www.ontinue.com/resource/obfuscated-powershell-leads-to-lumma-c2-stealer/
#analysis #lummac2 #stealer
https://www.ontinue.com/resource/obfuscated-powershell-leads-to-lumma-c2-stealer/
#analysis #lummac2 #stealer
Masking Malicious Memory Artifacts – Part I: Phantom DLL Hollowing
https://www.forrest-orr.net/post/malicious-memory-artifacts-part-i-dll-hollowing
Masking Malicious Memory Artifacts – Part II: Blending in with False Positives
https://www.forrest-orr.net/post/masking-malicious-memory-artifacts-part-ii-insights-from-moneta
Masking Malicious Memory Artifacts – Part III: Bypassing Defensive Scanners
https://www.forrest-orr.net/post/masking-malicious-memory-artifacts-part-iii-bypassing-defensive-scanners
#research #memory #artifacts
https://www.forrest-orr.net/post/malicious-memory-artifacts-part-i-dll-hollowing
Masking Malicious Memory Artifacts – Part II: Blending in with False Positives
https://www.forrest-orr.net/post/masking-malicious-memory-artifacts-part-ii-insights-from-moneta
Masking Malicious Memory Artifacts – Part III: Bypassing Defensive Scanners
https://www.forrest-orr.net/post/masking-malicious-memory-artifacts-part-iii-bypassing-defensive-scanners
#research #memory #artifacts
ForrestOrr
Masking Malicious Memory Artifacts – Part I: Phantom DLL Hollowing
IntroductionI've written this article with the intention of improving the skill of the reader as relating to the topic of memory stealth when designing malware. First by detailing a technique I term DLL hollowing which has not yet gained widespread recognition…
Meet UULoader: An Emerging and Evasive Malicious Installer.
https://cyberint.com/blog/research/meet-uuloader-an-emerging-and-evasive-malicious-installer/
#analysis #loader #msi
https://cyberint.com/blog/research/meet-uuloader-an-emerging-and-evasive-malicious-installer/
#analysis #loader #msi
Cyberint
Meet UULoader: An Emerging and Evasive Malicious Installer.
Ransomware Tool Matrix
- The repository contains a list of which tools each ransomware gang or extortionist gang uses
- As defenders, we should exploit the fact that many of the tools used by these cybercriminals are often reused
- We can threat hunt, deploy detections, and block these tools to eliminate the ability of adversaries to launch intrusions
- The project will be updated as additional intelligence on ransomware gang TTPs is made available
https://github.com/BushidoUK/Ransomware-Tool-Matrix
#analysis #tools
- The repository contains a list of which tools each ransomware gang or extortionist gang uses
- As defenders, we should exploit the fact that many of the tools used by these cybercriminals are often reused
- We can threat hunt, deploy detections, and block these tools to eliminate the ability of adversaries to launch intrusions
- The project will be updated as additional intelligence on ransomware gang TTPs is made available
https://github.com/BushidoUK/Ransomware-Tool-Matrix
#analysis #tools
GitHub
GitHub - BushidoUK/Ransomware-Tool-Matrix: A resource containing all the tools each ransomware gangs uses
A resource containing all the tools each ransomware gangs uses - BushidoUK/Ransomware-Tool-Matrix
Stealer devs bypass Chrome's new cookie protection
https://news.risky.biz/risky-biz-news-stealer-devs-bypass-chromes-new-cookie-protection/
#chrome #cookies #stealers
https://news.risky.biz/risky-biz-news-stealer-devs-bypass-chromes-new-cookie-protection/
#chrome #cookies #stealers
Risky.Biz
Stealer devs bypass Chrome's new cookie protection
In other news: Sandvine to exit dozens of autocratic countries; Ukraine FINALLY bans Telegram on state devices; BingX hack is the 4th largest crypto-heist of the year.