PhysicalDrive0

We found one more #zeroday exploit that was used in APT. securelist.com/new-win32k-zer…

Now, Sibyl can be called from @GHIDRA_RE (github.com/cea-sec/Sibyl/…) or use it headless for function address discovering (github.com/cea-sec/Sibyl/…) :)

Circumventing Windows Defender ATP's user-mode APC Injection sensor from Kernel-mode : rce4fun.blogspot.com/2019/04/circum…

Operation #ShadowHammer Sample MD5 aa15eb28292321b586c27d8401703494 cape.contextis.com/analysis/55097/ #Asus #Susafone

@Ledtech3 nothing surprises me anymore.

@PhysicalDrive0 Makes you wonder if they add anything else while they are at it ?🤨

WINRAR EXPLOIT BUILDER Select your malware file and upload it and your malicious RAR-file will be created hxxp://lofi.stream cve-2018-20250

CVE-2019-5786 Chrome 72.0.3626.119 stable FileReader UaF exploit for Windows 7 x86 github.com/exodusintel/CV…

Microsoft fixed a Windows 0day (CVE-2019-0808) in Patch Tuesday. Our team constructed the POC and reproduced the vulnerability triggering process. Click here to read more: blogs.360.cn/post/RootCause…

One more #zeroday exploit was used in APT attack. securelist.com/cve-2019-0797-…

@_jsoo_ @KorbenD_Intel APT32

Google discovered a Chrome RCE #0day in the wild (CVE-2019-5786). Reportedly, a full chain with a sandbox escape: chromereleases.googleblog.com/2019/03/stable… In 2019, I expect epic 0days to be found in the wild: Android, iOS, Windows, Office, virtualization, and more. Stay safe and enjoy the show.

#WinPot Sample MD5 821e593e80c598883433da88a5431e9d #ATM cape.contextis.com/analysis/39924/

#GandCrab V5.2 @BitdefenderLabs

@tamas_boczan @demonslay335 but this is a constant mood "AnaLab_sucks"

@demonslay335 *5-10 characters

#GandCrab 5.2 samples, probably response to the new decryptor vmray.com/analyses/329b3… virustotal.com/gui/file/329b3…

A curated list of IDA x64DBG and OllyDBG plugins github.com/fr0gger/awesom…

#KerrDown Sample SHA256 e56ffcf5df2afd6b151c24ddfe7cd450f9208f59b5731991b926af0dce24285a cape.contextis.com/analysis/35766/ #APT32 #OceanLotus

2019-02-08: #ExileRAT Group: "CVE-2017-8759" altered toolkit "get_robin.py" server thread w/ local logging { SHELLCODE1 = 'sc.dat' as JScript | LOG_FILE = 'robins.log' } h/t @PhysicalDrive0 Original Research 👍 -> twitter.com/TalosSecurity/…

#ExileRAT is still up n running hxxp://27.126.188.212/2//

@ValthekOn twitter.com/PhysicalDrive0… It's an odd obsession

I just discovered some samples of #GandCrab with compiled time of 29/01/2019. The main diff is a new code that creates a hidden window with the name "AnaLab _sucks", one timer to stay here a little, and later create a thread to start the normal procedure.