Cisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.”

In this article we will see how Windows drivers work, how to create one and, in the end, we will develope a custom EDR that will rely on kernel callback functions, static analysis and API hooking.

Open Source EDR for Windows. Contribute to 0xrawsec/whids development by creating an account on GitHub.

ESET Research uncovers Android malware that relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM.

Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀 - Whitecat18/Rust-for-Malware-Development

In this series of posts I'll be explaining how the Windows Defender main Driver works, in this first post we will look into the initialization and the Process creation notifications among other things

Explanation on how the Windows Defender ELAM Driver (WdBoot) works

Extract Windows Defender database from vdm files and unpack it - hfiref0x/WDExtract

SafeBreach exploited the Windows Defender update to deliver malicious updates & maintain persistence on systems as an unprivileged user

Mandiant identified a new memory-only dropper using a complex, multi-stage infection process.

Nuxt.js project

ESET research uncovers a vulnerability in WPS Office for Windows (CVE-2024-7262), as it was being exploited by South Korea-aligned cyberespionage group APT-C-60 to target East Asian countries. Analysis of the vendor’s silently released patch led to the discovery…