Forwarded from H
Hi
This is Hosien , currently i'm investigating a malware campaign targeting Iranian spoken users , exploiting winrar (likely cve-2025-6218 or cve-2025-8088) . the code they used are advanced and i think we face APT or skillful cyber-criminals .
i'm asking you to share this message so we can find out how this Threat Actor spread it's malware above images show .rar file & opened decoy .doc file
This is Hosien , currently i'm investigating a malware campaign targeting Iranian spoken users , exploiting winrar (likely cve-2025-6218 or cve-2025-8088) . the code they used are advanced and i think we face APT or skillful cyber-criminals .
i'm asking you to share this message so we can find out how this Threat Actor spread it's malware above images show .rar file & opened decoy .doc file
🔥2❤1
Source Byte
Hi This is Hosien , currently i'm investigating a malware campaign targeting Iranian spoken users , exploiting winrar (likely cve-2025-6218 or cve-2025-8088) . the code they used are advanced and i think we face APT or skillful cyber-criminals . i'm asking…
share here if you find something (any phishing emails , telegram post ....) :
https://news.1rj.ru/str/+SdT344H5Yec2YTRk
https://news.1rj.ru/str/+SdT344H5Yec2YTRk
2022 0-day In-the-Wild Exploitation…so far
As of June 15, 2022, there have been 18 0-days detected and disclosed as exploited in-the-wild in 2022. When we analyzed those 0-days, we found that at least nine of the 0-days are variants of previously patched vulnerabilities. At least half of the 0-days we’ve seen in the first six months of 2022 could have been prevented with more comprehensive patching and regression tests. On top of that, four of the 2022 0-days are variants of 2021 in-the-wild 0-days. Just 12 months from the original in-the-wild 0-day being patched, attackers came back with a variant of the original bug.
https://projectzero.google/2022/06/2022-0-day-in-wild-exploitationso-far.html
As of June 15, 2022, there have been 18 0-days detected and disclosed as exploited in-the-wild in 2022. When we analyzed those 0-days, we found that at least nine of the 0-days are variants of previously patched vulnerabilities. At least half of the 0-days we’ve seen in the first six months of 2022 could have been prevented with more comprehensive patching and regression tests. On top of that, four of the 2022 0-days are variants of 2021 in-the-wild 0-days. Just 12 months from the original in-the-wild 0-day being patched, attackers came back with a variant of the original bug.
https://projectzero.google/2022/06/2022-0-day-in-wild-exploitationso-far.html
❤4
Playing with the Tigress software protection. Break some of its protections and solve their reverse engineering challenges. Automatic deobfuscation using symbolic execution, taint analysis and LLVM.
https://tigress.cs.arizona.edu/challenges.html
https://tigress.cs.arizona.edu/challenges.html
❤3
Source Byte
Playing with the Tigress software protection. Break some of its protections and solve their reverse engineering challenges. Automatic deobfuscation using symbolic execution, taint analysis and LLVM. https://tigress.cs.arizona.edu/challenges.html
www.cs.cornell.edu
Flattening ASTs (and Other Compiler Data Structures)
This is an introduction to data structure flattening, a special case of arena allocation that is a good fit for programming language implementations. We build a simple interpreter twice, the normal way and the flat way, and show that some fairly mechanical…
❤4
Backdoor code found in Trust Wallet browser extension, causing theft of tens of millions of dollars in assets
A new backdoor code was added to version 2.68 of the Trust Wallet cryptocurrency wallet's browser extension, which sends users' mnemonic phrases to attacker servers. Due to the automatic update mechanism, the impact was widespread. On Christmas Day, December 25th, attackers began transferring funds, and according to current estimates, more than tens of millions of dollars in assets have been stolen. The latest version 2.69 has now removed the backdoor code.
😁5👾2🔥1
Deconstructing Dynamic Symbolic Execution
https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/dse.pdf
https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/dse.pdf
Forwarded from Sec Note
Analyzing Avast AV: Kernel Hooking and Driver Reverse Engineering
👾Presentation Video
Blog:
https://binary-win.github.io/2025/12/27/AVAST-Kernel-Hooks-and-AV-ANALYSIS.html
👾Presentation Video
Blog:
https://binary-win.github.io/2025/12/27/AVAST-Kernel-Hooks-and-AV-ANALYSIS.html
❤4🔥1
Forwarded from Infosec Fortress (Amir M. Jahangirzad)
media.ccc.de
DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices
The spyware attack targeting WhatsApp, disclosed in August as an in-the-wild exploit, garnered significant attention. By simply knowing a...
DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices
📹 Video
#exploitation
#whatsapp
#android
#ios
———
🆔 @Infosec_Fortress
📹 Video
#exploitation
#android
#ios
———
🆔 @Infosec_Fortress
❤4👍2
Forwarded from Sec Note
Analyzing CVE‑2025‑0287: From IOCTL Entry to Arbitrary Kernel Memory Write … in driver biontdrv.sys
By meisameb
By meisameb
🔥4❤1
The new wave of attacks on Iranian organizations: the release of infected files through the mirror links of the Soft98 website
https://news.amnpardaz.com/1404/10/17868/%da%a9%d9%85%d9%be%db%8c%d9%86-%d8%ac%d8%af%db%8c%d8%af-%d8%a8%d8%af%d8%a7%d9%81%d8%b2%d8%a7%d8%b1%db%8c-%d8%a7%d8%b3%d8%aa%d9%81%d8%a7%d8%af%d9%87-%d8%a7%d8%b2-soft98-%d8%a8%d9%87%d8%b9/
😁7
Forwarded from RME-DisCo @ UNIZAR [www.reversea.me]
Reverse-engineering the Yamaha DX7 synthesizer's sound chip from die photos http://www.righto.com/2021/11/reverse-engineering-yamaha-dx7.html?m=1
Righto
Reverse-engineering the Yamaha DX7 synthesizer's sound chip from die photos
The Yamaha DX7 digital synthesizer was released in 1983 and became "one of the most important advances in the history of modern popular mu...
👍3
Forwarded from APT IRAN
طبق بررسیهایی که انجام دادیم، از دیروز چندین آیپی از کشور امارات متحده عربی شروع به یک حمله سایبری سازمانیافته علیه سیستم ردیابی پیشرفتهای به نام MammutConnect کردند. این سیستم در واقع یک پلتفرم پیشرفته برای ردیابی و مدیریت ناوگان حملونقل سنگین و... در سطح کشور است که روی خودروهای سنگین مثل کامیونها و اتوبوسها نصب شده.
مهاجمین به سرورهای مرکزی این سیستم که روی سرویس ابری ایرانی "ابرآروان" قرار دارد، نفوذ کردند و اقدام به پاکسازی کامل اطلاعات (Data Wiping) کردند. این اطلاعات شامل موقعیتهای لحظهای خودروها، دادههای فنی موتور، مصرف سوخت، رفتار رانندگان و سایر اطلاعات حیاتی بود
مهاجمین به سرورهای مرکزی این سیستم که روی سرویس ابری ایرانی "ابرآروان" قرار دارد، نفوذ کردند و اقدام به پاکسازی کامل اطلاعات (Data Wiping) کردند. این اطلاعات شامل موقعیتهای لحظهای خودروها، دادههای فنی موتور، مصرف سوخت، رفتار رانندگان و سایر اطلاعات حیاتی بود
APT IRAN
Photo
Attribution base on IP address is bad idea
Here is cool report about UAE APT , "Stealth Falcon".
https://research.checkpoint.com/2025/stealth-falcon-zero-day/
Here is cool report about UAE APT , "Stealth Falcon".
https://research.checkpoint.com/2025/stealth-falcon-zero-day/
❤3