0x4143

🕵️ Windows Forensic Commands: Investigate, Analyze & Respond 🔍💻 When a security incident occurs on a Windows system, knowing which commands to run can make the difference between guessing and solid digital forensics 🧠⚖️ ⤵️ Blue Team ⤵️

Unknown(?) golang ransomware/wiper MD5: f184b9d19baaa682472598556c74e469 SHA256: ac4c4fff973e0609d61d8b37b0536271b2c7e4a2ead8bed5de238ad697d651e0 filename: rhs.exe backup_log.txt spawns: reg.exe, takeown.exe, icacls.exe, vssadmin.exe, powershell.exe

Given the recent events with VMPSoft DMCA'ing educational YouTube videos demonstrating how to unpack malware protected with VMProtect, we have decided to release a free to use unpacker which works for all versions of VMP 3.x including the most recent version. Simply sign up/login here: app.codedefender.io and then click on "Unpacker" on the top right corner. For context: x.com/rhotav/status/… x.com/allthingsida/s… x.com/herrcore/statu…

G:\Mammon\Release\Mammon.pdb - so maybe Mammon ransomware?

New ransomware... MD5: c85b8d8a130e475bd294feb1be152890 SHA256: db7244e877f1801fd83dc504295ba04f362bc1b7966fc5c41a06f0fb1ddd7bd7 file.ext -[james.shaw.junior@gmail.com]id-[<10randomchars>].aaabbbccc ransom note: howtoDecrypt.txt

@bbaskin @sublime_sec Awesome, congrats!🔥

My first blog post with @sublime_sec! We followed an infostealer campaign that had some very weird and fun levels of obfuscation.

My presentation slides "UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior" @REverseConf are available online github.com/binarly-io/Res…

The Windows Kernel Exploitation tutorial series is complete for both English and Spanish speakers. Huge thank you to @HackSysTeam for creating HEVD to begin with and thank you to @corelanc0d3r and @ret2wargames for creating resources that are free for those who can't afford them!

6 months ago, I started working on a way to better map the #ransomware ecosystem and its evolution, including rebrands.🔎 I am really happy to share this handmade cartography, which is based on @orangecyberdef resources, #OSINT and reverse engineering. ➡️ github.com/cert-orangecyb…

Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code. virustotal.com/gui/file/4a240…

Unknown (new?) #ransomware Encrypts files with .vgvx extension SHA256: 81a27b3dcfbd52ceb68043465a9aaa3ff6a2e4d04e487197bb23db5c76eec740 CC: @demonslay335 @Amigo_A_

I usually make short-form satirical videos for fun, but never share them with the world. This time tho, I thought I'd make one for the infosec community. Some might even find it educational 😅 If you're in #infosec and you feel a little down this week, this video is for you💙

☁️ Awesome Cloud Security ⚔️ Collection of awesome #Cloud security tools, standards, and other resources 🔗 github.com/4ndersonLin/aw… #cloudsecurity #DevOps #Pentesting #infosec #cybersecurity

Bypass Defender AV static detection: If you name a malicious file DumpStack.log Defender doesn't scan it.

@0xAsm0d3us Thx for the mention @0xAsm0d3us ! I aim to update this again very soon! 😎

This awesome repository contains Malware analysis/Reverse engineering related tools, training, podcasts, blog posts, literature and just about anything else closely related to the topic. - by @0x4143 github.com/0x4143/malware… #malware #hacking #reversing #cybersecurity

🚨🚨WARNING 🚨🚨 We have confirmed that #Emotet is dropping CS Beacons on E5 Bots and we have observed the following as of 10:00EST/15:00UTC. The following beacon was dropped: tria.ge/211207-t5l24sb… Note the traffic to lartmana[.]com. This is an active CS Teams Server. 1/x

#ESETresearch discovered a trojanized IDA Pro installer, distributed by the #Lazarus APT group. Attackers bundled the original IDA Pro 7.5 software developed by @HexRaysSA with two malicious components. @cherepanov74 1/5

Today I've launched malapi.io. I've been analyzing malware source code that utilizes WinAPIs and have been categorizing them. Please feel free to contribute as I know the current list is not exhaustive.

I found some private keys on VT, enabling all of us to decrypt C2 traffic from a subset of all the malicious Cobalt Strike servers that are out there on the Internet. More details: "Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1" blog.nviso.eu/2021/10/21/cob…

I tweaked overflowedminds.net a little bit and I uploaded trainings, courses, papers, presentations, and posts with the idea in mind that knowledge should be free. Some of the most interesting content follows: