This media is not supported in your browser
VIEW IN TELEGRAM
ROPGenerator is a tool that helps you building ROP exploits by finding and chaining gadgets together
https://github.com/Boyan-MILANOV/ropgenerator
https://github.com/Boyan-MILANOV/ropgenerator
Debugging Windows Services For Malware Analysis / Reverse Engineering
https://secrary.com/Random/WindowsServiceDebugging/
https://secrary.com/Random/WindowsServiceDebugging/
SMUC: Simplified MITRE Use Cases, it describes the Attack and Detection
https://github.com/karemfaisal/SMUC
https://github.com/karemfaisal/SMUC
Get a reverse shell within 15 seconds on both Windows or Unix based systems, using the Digispark developement board.
https://github.com/HassanShehata/KeySpark
https://github.com/HassanShehata/KeySpark
HiddenWasp Malware Stings Targeted Linux Systems
https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/
https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/
Analysis of New Agent Tesla Spyware Variant
https://www.fortinet.com/blog/threat-research/analysis-of-new-agent-tesla-spyware-variant.html
https://www.fortinet.com/blog/threat-research/analysis-of-new-agent-tesla-spyware-variant.html
Forwarded from Itay Cohen
Hi everyone! We are so happy to announce that we finally implemented a debugger in Cutter! 🎉
The beta version of the debugger is available NOW on the Master branch so you can build the recent version of Cutter or download the precompiled executable from Appveyor (if you're on Windows).
We will release the debugger officially in about a week, until then - we are looking forward to your feedback so please make sure to try it and report us any issue or feature requests you have. 🍻
https://github.com/radareorg/cutter
The beta version of the debugger is available NOW on the Master branch so you can build the recent version of Cutter or download the precompiled executable from Appveyor (if you're on Windows).
We will release the debugger officially in about a week, until then - we are looking forward to your feedback so please make sure to try it and report us any issue or feature requests you have. 🍻
https://github.com/radareorg/cutter
AgentTesla: Deep analysis of a visual basic spyware Trojan
https://www.reb311ion.com/MalwareAnalysisReports/AgentTesla/
https://www.reb311ion.com/MalwareAnalysisReports/AgentTesla/
deReferencing is an IDA Pro plugin that implements new registers and stack views. Adds dereferenced pointers, colors and other useful information, similar to some GDB plugins (e.g: PEDA, GEF, pwndbg, etc).
Supports following architectures: x86, x86-64, ARM, ARM64, MIPS32 and MIPS64
https://github.com/danigargu/deREferencing
Supports following architectures: x86, x86-64, ARM, ARM64, MIPS32 and MIPS64
https://github.com/danigargu/deREferencing
Python-Based Malware Uses NSA Exploit to Propagate Monero (XMR) Miner
https://www.fortinet.com/blog/threat-research/python-based-malware-uses-nsa-exploit-to-propagate-monero--xmr--.html
https://www.fortinet.com/blog/threat-research/python-based-malware-uses-nsa-exploit-to-propagate-monero--xmr--.html
Fortinet Blog
Python-Based Malware Uses NSA Exploit to Propagate Monero (XMR) Miner
Recently, FortiGuard Labs uncovered a new python-based cryptocurrency mining malware that uses the ETERNALROMANCE exploit, that we have dubbed “PyRoMine.” In this article, I provide an analysis of …
DbgChild is a stand alone tool for debugging child processes (auto attach).
https://github.com/David-Reguera-Garcia-Dreg/DbgChild
https://github.com/David-Reguera-Garcia-Dreg/DbgChild
GitHub
GitHub - therealdreg/DbgChild: Debug Child Process Tool (auto attach)
Debug Child Process Tool (auto attach). Contribute to therealdreg/DbgChild development by creating an account on GitHub.
abuse.ch is operated by a random swiss guy fighting malware for non-profit,
running a couple of projects helping internet service providers and network operators protecting
their infrastructure from malware. IT-Security researchers, vendors and law enforcement agencies rely
on data from abuse.ch, trying to make the internet a safer place.
https://abuse.ch
running a couple of projects helping internet service providers and network operators protecting
their infrastructure from malware. IT-Security researchers, vendors and law enforcement agencies rely
on data from abuse.ch, trying to make the internet a safer place.
https://abuse.ch
abuse.ch
abuse.ch - Figthing malware and botnets
abuse.ch is providing community driven threat intelligence on cyber threats
UNPACME is an automated malware unpacking service. Submissions to UNPACME are analyzed using a set of custom unpacking processes maintained by OpenAnalysis. These processes extract all encrypted or packed payloads from the submission and return a unique set of payloads to the user. In short, UNPACME automates the first step in your malware analysis process.
https://www.unpac.me/
https://www.unpac.me/