Spider0x

As a DFIR Engineer, you should notice something suspicious going on here!! But how many techniques do you know that an attacker can use to hide this easy detection from you?! #C5W #DFIR #Malware #ThreatHunting #Cybersecurity

Another great Memory Forensics post and exercise written by @Cyberagent101 for @cyber5w #DFIR #MemoryForensics blog.cyber5w.com/anomalies-hunt…

@binaryz0ne That is an honor 🖤

@Cyberagent101 I’m personally very proud of you 👏🏻

New Hall of Fame member ^-^

Another good blog written by @Cyberagent101 #DFIR

NTFS is always the place where every disk-related artifact will leave a trace, mastering its analysis is a crucial skill to have as this will make your investigation much easier. #blueteam #digitalforensics #cyberdefense

If you have any addition or an interesting tool you want to share it with the community, please reach out to me and I will add it to the post, I am really interested to know more about how other analysts customize their machines. #malware #blueteam #cybersecuritytips

Check out my last blog post talking about how I customize my malware analysis machine with tools and plugins that can make my life easier and save me time. blog.cyber5w.com/malware%20anal…

"Always double-check your decompiled code and if something seems wrong, go with assembly". #ReverseEngineering #malware #DFIR

Just a quick tip for reverse engineering new guys, and any old one who doesn't care. Never rely on Decompiled code only, that always happens to me, but this time that was insane. my decompiler missed tens of lines of functions and API calls.

Browsers are keeping track of almost every move, check out my new blog post which is a reference where you can find what you need during your investigation. blog.cyber5w.com/browser%20fore… @cyber5w #dfir #blueteam #CyberSecurity #DigitalForensics

In our new blog post, @Cyberagent101 wrote about the different Anti-Analysis techniques used by the #Pikabot malware in its loader with detailed analysis. #malware #DFIR #Cybersecurity #RE blog.cyber5w.com/malware%20anal…

#malware #dfir #CybersecurityNews

- Junk Code - API Hashing - Encrypted Stack Strings - INT 0x2D instruction - OutputDebugString - Memory Write Watch Here is a detailed analysis of the new version of its Loader part.

Hey malware analysts, "Pikabot" is a relatively new malware and is considered the second wave of the famous "Qakbot". This malware contains two stages armed with many Anti-Analysis techniques to make defenders' lives harder like: blog.cyber5w.com/malware%20anal…

Firmware is really a great place for hunting vulnerabilities these days. here I am discussing how to emulate and reverse firmware binaries by doing research in "DLINK DIR 832G" router "CVE-2023-43241 & CVE-2023-43235" OOB writes. amr-git-dot.github.io/vulnerability%…

For Malware Analysts & Developers, another trick for executing code before "main" using "_initterm" to hide code. In this small article I discuss how you can get code execution before main using dynamically assigned global variables. amr-git-dot.github.io/malware%20anal… #malware

I wonder how two versions of a DLL with only about three months difference can have over 10KB of size. "Microsoft office product"

lack of good anti-virus solutions in such an environment. amr-git-dot.github.io/malware%20anal…

ESXIArgs Ransomware analysis. ESXIArgs Ransomware is widely spread these days due to the wide exploitation of a vulnerability with CVE-2021-21974 which is quite old but is not patched in many ESXI Servers. The malware itself is not complex at all but the danger comes from the