Nietzsche Virus Lab

Tmux is a terrible experience on a phone And a phone will be where we're coding at least half the time now Try pressing CTRL-B on a phone We need a new Tmux for modern times

Giving away 2x full access packages: Linux Attack, Detection & Forensics v2.0 - Hands-on Purple Teaming Playbook + 90 days PurpleLabs VPN access To enter: ✅ Follow me ❤️ Like this post 💬 Comment 🔁 Repost Winners announced March 22nd 🎯 First time doing this, let's see how it goes 😄 edu.defensive-security.com/linux-attack-d… #linux #redteam #blueteam #dfir

@cr0nym 😇

Focus on hands-on #linux offsec content modularity and, at the same time, multi-layered detection and forensics was the best decision I could have made with V2.0 Playbook. Directly to the point, without any frills! New updates coming soon 😎

> check virustotal > uploaded 23 mins ago > AMOS stealer ah ok, so if you installed this skill it would just silently steal all your passwords and banking information and stuff. no big deal virustotal.com/gui/file/3c9dd…

I want to go over a basic use of static analysis of Linux malware using AI LLM tools. I'll use the classic BPFDoor fed into Claude Code with a simple prompt. This is done on an isolated VM using only static analysis command line tools. Let's go over this step by step in this thread.

Claude is down

This article explains what I've also been saying: AI tools for reverse engineering are here and they work. Stop believing doomers saying they can't do malware reverse analysis. They do a good job for 99% of all cases. The need for arcane reverse engineering skills is going away.

I think the best way to sum up the state of things is that manual reverse engineering doesn't make sense anymore. AI-assisted reversing is so much faster and easier that the old way of doing things is now obsolete. Full automation not there yet for heavily obfuscated samples.

note: binary wasn’t stripped, so symbols made it easy for AI still wild that i’m basically chatting with IDA Pro. next: trying a stripped/more advanced sample

vibe-reverse-engineering a macOS malware > be me > open IDA > load sus macOS binary > remember i wired IDA via ida-pro-mcp to Github Copilot > ask Copilot “what does this do?” > full expert-level analysis appears from @claudeai Sonnet 4.6 > didn’t reverse > just chatted @code

In this scenario, I was showing my non technical friend, with no IDA or RE knowledge, how we can just open Copilot CLI and have a chat with Notepad.exe . I started with the /idasql skill and asked it to load the binary in the background. I concluded the chat by asking about telemetry inside Notepad in Windows 11. It was a fun, casual and non technical chat with Notepad.

ayoo

@txhaflaire yo, this was fast nice work. it works great, but the slider feels too small. it would be better under the process tree view (like spritetree). a fullscreen toggle for the process tree view (class="tree-wrap") would also help since large trees feel constrained right now.

@NietzscheLab @NietzscheLab Gave it a first go. lmk what you think!

Is ESLogger or Mac Monitor your friend for dynamic malware analysis on macOS? Then i've got something that might come to use! An browser based ES/Mac Monitor log analyzer with a lot of neat features like story timelines, Sigma rule matching, an in-depth process tree analyzer and much more and the neat thing is, nothing is uploaded to any backend! I'm looking for feedback! Take a look at es.decompiler.dev #macos #malware #reverseengineering #re #ThreatHunting #dfir

@txhaflaire What AI tool and model was used to build this? I’m just curious.

@NietzscheLab Sounds doable! Noted

Chat, its finally over for us designers…

My new favorite insult is calling someone’s job a Claude skill.

👀Runs macOS on Windows Hyper-V - github.com/Qonfused/OSX-H…

High-performance secrets scanner. CLI, Go library, Burp Suite extension, and Chrome extension. 459 detection rules with live credential validation. github.com/praetorian-inc…