Malware Research / RedTeam / News – Telegram
Malware Research / RedTeam / News
@malware_research
172 subscribers
1 file
37 links
Download Telegram
About
Blog
Apps
Platform
Join
Malware Research / RedTeam / News
172 subscribers
Malware Research / RedTeam / News
Channel created
Malware Research / RedTeam / News
MoonPeak malware from North Korean actors unveils new details on attacker infrastructure

https://blog.talosintelligence.com/moonpeak-malware-infrastructure-north-korea/

#apt #moonpeak #xenorat #opensource #analysis
Cisco Talos Blog
MoonPeak malware from North Korean actors unveils new details on attacker infrastructure
Cisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.”
35 viewsedited  
Malware Research / RedTeam / News
From Windows drivers to a almost fully working EDR

https://blog.whiteflag.io/blog/from-windows-drivers-to-a-almost-fully-working-edr/

#windows #edr #tutor
blog.whiteflag.io
From Windows drivers to a almost fully working EDR
In this article we will see how Windows drivers work, how to create one and, in the end, we will develope a custom EDR that will rely on kernel callback functions, static analysis and API hooking.
37 viewsedited  
Malware Research / RedTeam / News
Open Source EDR for Windows

https://github.com/0xrawsec/whids

#windows #edr #opensource
GitHub
GitHub - 0xrawsec/whids: Open Source EDR for Windows
Open Source EDR for Windows. Contribute to 0xrawsec/whids development by creating an account on GitHub.
33 viewsedited  
Malware Research / RedTeam / News
NGate Android malware relays NFC traffic to steal cash

https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/

#mobile #android #nfc #analysis
Welivesecurity
NGate Android malware relays NFC traffic to steal cash
ESET Research uncovers Android malware that relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM.
31 viewsedited  
Malware Research / RedTeam / News
Whitecat18/Rust-for-Malware-Development

https://github.com/Whitecat18/Rust-for-Malware-Development

#rust #opensource #samples
GitHub
GitHub - Whitecat18/Rust-for-Malware-Development: Rust for malware Development is a repository for advanced Red Team techniques…
Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀 - Whitecat18/Rust-for-Malware-Development
33 viewsedited  
Malware Research / RedTeam / News
New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules

https://thehackernews.com/2024/08/new-linux-malware-sedexp-hides-credit.html

#linux #udev #analysis
35 viewsedited  
Malware Research / RedTeam / News
us_18_Bulazel_Windows_Offender_Reverse_Engineering_Windows_Defenders.pdf
37.3 MB
Windows Offender: Reverse Engineering Windows Defender's Antivirus Emulator

> A deeply technical look at Windows Defender Antivirus’ binary emulator internals

#windows #defender #reverse #emulator #av #blackhat #y2018
36 viewsedited  
Malware Research / RedTeam / News
Dissecting the Windows Defender Driver - WdFilter (Part 1)
https://n4r1b.com/posts/2020/01/dissecting-the-windows-defender-driver-wdfilter-part-1/

Dissecting the Windows Defender Driver - WdFilter (Part 2)
https://n4r1b.com/posts/2020/02/dissecting-the-windows-defender-driver-wdfilter-part-2/

#windows #defender #av #reverse
N4R1B
Dissecting the Windows Defender Driver - WdFilter (Part 1)
In this series of posts I'll be explaining how the Windows Defender main Driver works, in this first post we will look into the initialization and the Process creation notifications among other things
37 viewsedited  
Malware Research / RedTeam / News
Understanding WdBoot (Windows Defender ELAM)

https://n4r1b.com/posts/2019/11/understanding-wdboot-windows-defender-elam/

#windows #defender #av #reverse
N4R1B
Understanding WdBoot (Windows Defender ELAM)
Explanation on how the Windows Defender ELAM Driver (WdBoot) works
33 viewsedited  
Malware Research / RedTeam / News
Extract Windows Defender database from vdm files and unpack it

https://github.com/hfiref0x/WDExtract

#windows #defender #av #vdm #signuature #unpack
GitHub
GitHub - hfiref0x/WDExtract: Extract Windows Defender database from vdm files and unpack it
Extract Windows Defender database from vdm files and unpack it - hfiref0x/WDExtract
34 viewsedited  
Malware Research / RedTeam / News
Defender Pretender: When Windows Defender Updates Become a Security Risk

https://www.safebreach.com/blog/defender-pretender-when-windows-defender-updates-become-a-security-risk/

#windows #defender #av #signature #vdm
SafeBreach
Windows Defender Security Risk: Defender Pretender | SafeBreach
SafeBreach exploited the Windows Defender update to deliver malicious updates & maintain persistence on systems as an unprivileged user
36 viewsedited  
Malware Research / RedTeam / News
An unexpected journey into Microsoft Defender's signature World

https://retooling.io/blog/an-unexpected-journey-into-microsoft-defenders-signature-world

#windows #defender #av #signature
39 viewsedited