Malwrologist

2.7K posts

Malwrologist

@DissectMalware

Senior Security Engineer @Amazon. Ex Assistant Professor. Opinions are mine; not my employer's. DM is open. Author of xlmdeobfuscator and https://t.co/eh1fMHMADE

เข้าร่วม Şubat 2018

159 กำลังติดตาม15.2K ผู้ติดตาม

ทวีตที่ปักหมุด

Malwrologist@DissectMalware·18 Oca

"#ShadowMove: a Stealthy Lateral Movement Strategy" is now available to read Read if interested to see a new practical lateral movement usenix.org/conference/use… Demo (TDS (MS SQL) & FTP): uofi.app.box.com/folder/9302340… Prototype will be released soon @MITREattack @USENIXSecurity

English

180

364

Malwrologist@DissectMalware·8 May

@kavehrazavi It's fascinating to witness how far a dedicated team of researchers can go! @kavehrazavi It's always fun to follow your research even though it is completely out of my field expertise.

English

496

Kav@kavehrazavi·8 May

This took a significant amount of time and money, and now we know what DRAM vendors are doing in their sense amplifiers! Lots of research opportunities moving forward. All the images and the reverse engineered circuits are now publicly available.

Michele Marazzi@marazzi_michele

For the first time, we imaged and reverse engineered 6 modern DDR4/5 DRAM chips (comsec.ethz.ch/hifi-dram) Due to the incredibly small feature size of modern ICs, we use SEM combined with FIB reaching pixel resolutions as low as 3.4nm. Then we evaluate 10 years of DRAM research.

English

5.3K

Malwrologist@DissectMalware·10 Şub

@jstrosch @m_r_tz @bsdbandit @curi0usJack @ViriBack @fr0gger_ @Cryptolaemus1 @_ringzer0 @hasherezade @struppigel @hahnakane @stevemk14ebr @Malcoreio @malwareforme @UK_Daniel_Card @d4rksystem Thanks Josh, couldn't be active as I used to be. Wish I have more time... It is always nice to see FF specially from people like you

English

250

Josh Stroschein | The Cyber Yeti@jstrosch·9 Şub

2/2 continued and still in no particular order :) @m_r_tz @bsdbandit @curi0usJack @ViriBack @fr0gger_ @Cryptolaemus1 @_ringzer0 @hasherezade @struppigel @hahnakane @stevemk14ebr @Malcoreio @malwareforme @UK_Daniel_Card @DissectMalware @d4rksystem

English

996

Josh Stroschein | The Cyber Yeti@jstrosch·9 Şub

1/2 - How about a #FF! Who do you follow in #cybersecurity? Great accounts, in no particular order: @sh1shk0va @AnFam17 @rj_chap @James_inthe_box @JAMESWT_MHT @Gi7w0rm @c3rb3ru5d3d53c @banthisguy9349 @elektrokilldev @g0njxa @ex_raritas @executemalware

English

6.5K

Malwrologist@DissectMalware·28 Oca

Years ago I did something creative with fonts... never released it just demoed it to a few..

Ange@angealbertini

Fonts are multi-dimensional rabbit holes for me: format-wise, security-wise, design-wise and retro-wise. Send help?

English

6.5K

Malwrologist@DissectMalware·23 Oca

@n3mes1s indeed : ) I need to update the description and include the features as it hasn't updated since v0.0.1

English

Giuseppe `N3mes1s`@N3mes1s·23 Oca

@DissectMalware Nice feature. This is an underrated one. Testing yara in a controlled env with edr will match everything and this was exact the reason a started a project like this one to have everything done in browser in mem

English

233

Malwrologist@DissectMalware·23 Oca

Lesser known feature of #YaraDbg: you can drag/drop a pass-protected zip file to analyze the file inside. The pass must be "infected" The decompressed file will be in the memory not on the local filesystem github.com/DissectMalware… live: yaradbg.dev #100DaysOfYara

GIF

English

7.7K

Malwrologist@DissectMalware·17 Oca

@fr0gger_ @jelleverg This is a cool addition

English

322

Thomas Roccia 🤘@fr0gger_·16 Oca

#100DaysOfYara Day 16: Do you like automatically generating Yara rules based on opcode? 💻 Well me too and I've got you covered with YaraToolkit v0.4.2! I added a new feature adapted from MKyara by @jelleverg. I've loved this tool for quite some time, so it was natural to include it! 👍 How can you use it? Drop a sample, specify the offset of your function or piece of code, select the size and options, and voilà! 🧙‍♂️ 🔗 Check this out: yaratoolkit.securitybreak.io #yara #infosec #tools #python #malware #reverseengineering

GIF

English

Malwrologist@DissectMalware·13 Oca

Both #YaraDbg backend and frontend run in the docker container

English

5.2K

Malwrologist@DissectMalware·13 Oca

Want to run #YaraDbg locally on your system using #Docker? 1⃣ docker pull dissectmalware/yaradbg:latest 2⃣ docker run -p 7071:7071 -p 8081:80 -d dissectmalware/yaradbg:latest 3⃣ browse http://localhost:8081 Want to build the image yourself? github.com/DissectMalware…

English

8.2K

Malwrologist@DissectMalware·12 Oca

@AnFam17 @fr0gger_ Quick tip, rearrange the conditions first the check for whether it is PE and then the string match operation; will greatly improve perf

English

288

RussianPanda 🐼 🇺🇦@RussianPanda9xx·11 Oca

#100DaysofYara Day 10: Was scrolling through #UnprotectProject for some Yara rule ideas... Today, I picked the rule that detects Base64 encoding in native binaries. Contributing the rule to #UnprotectProject, of course, cc @fr0gger_ 💜 github.com/RussianPanda95…

English

8.6K

Malwrologist@DissectMalware·12 Oca

@greglesnewich Alternatively you can also use yaradbg.dev Drop your yara file or copy/paste a link to a yara rule to start

English

Greg Lesnewich@greglesnewich·11 Oca

Notepad ++ (thanks @DissectMalware !) github.com/DissectMalware…

English

138

Greg Lesnewich@greglesnewich·11 Oca

#100DaysofYARA one of the easiest ways to get bogged down with writing rules is the scaffolding - use a plug-in from your favorite text editor to ensure you get proper metadata, most syntax highlighting and some auto-completion! Sublime: packagecontrol.io/packages/Yara%…

GIF

English

3.2K

Malwrologist@DissectMalware·9 Oca

@fr0gger_ Thank you @fr0gger_ for the mention : )

English

272

Thomas Roccia 🤘@fr0gger_·9 Oca

I somewhat missed that yaradbg.dev has an editor which is very decent! and it is now open source! Nice work by @DissectMalware 🤩 x.com/DissectMalware…

Thomas Roccia 🤘@fr0gger_

1⃣ The first feature is a simple editor 📝 that lets you create and edit your rules directly from your web browser! The cool part is being able to check if your rule is valid ✅ (I need to figure out a way to implement the Yara Syntax highlighting)

English

10.6K

Malwrologist@DissectMalware·9 Oca

Loved the idea! So, I've donated the entire amount collected since activating the feature to St. Jude Children's Research Hospital, although it wasn't that much. Thank you all who donated : ) stjude.org/donate/donate-…

hasherezade@hasherezade

Thanks to all who decide to donate for my open source projects in the past year! The total collected sum will be dedicated to charity.

English

9.6K

Malwrologist@DissectMalware·9 Oca

If you are interested to contribute to this project, please reach out!

English

Malwrologist@DissectMalware·9 Oca

Short-term goal: Consolidate the frontend and backend projects. Long-term goal: Transition to a frontend-only application by eliminating the backend.

English

5.1K

Malwrologist@DissectMalware·9 Oca

#YaraDbg is now open-source (under Apache license v2)! Frontend: github.com/DissectMalware… Backend: github.com/DissectMalware… Live: yaradbg.dev #Yara grammar: github.com/DissectMalware…

English

11.4K

Malwrologist@DissectMalware·5 Oca

Remember maldocs with XOR encryption back in 2020? I crafted a decryptor and integrated it with my msoffcrypto-tool fork 3 years back! Guess what? it is now merged with github.com/nolze/msoffcry… main branch! Tnx @nolze : ) Context: twitter.com/JohnLaTwC/stat… by @JohnLaTwC

John Lambert@JohnLaTwC

ICYMI, looks like a campaign with XOR encrypted XLS with the VelvetSweatshop password. 0 AV detects. cc/ @BouncyHat 📎virustotal.com/gui/file/0f69a… 📎virustotal.com/gui/file/f402c… 📎virustotal.com/gui/file/0034b… 📎virustotal.com/gui/file/6fd94… 👉twitter.com/BouncyHat/stat… 📄docs.microsoft.com/en-us/openspec…

English

6.2K

Malwrologist@DissectMalware·5 Ara

@decalage2 Great to hear that! if you need a hand, let me know; I would love to contribute...

English

123

Philippe Lagadec@decalage2·4 Ara

I am resuming the work on this project, so new features might be added soon!

English

375

Philippe Lagadec@decalage2·4 Ara

Just released olefile 0.47 - a python parser for MS OLE/CFB files, used by many projects such as Pillow, oledump, oletools. This is a long overdue release with several new features and bugfixes. github.com/decalage2/olef… pypi.org/project/olefil…

English

6.2K

Malwrologist@DissectMalware·2 Kas

Thrilled to announce my move to @Amazon as a senior security engineer! Leaving the amazing team at @Microsoft was a tough call—they're truly incredible people. However, I'm buzzing with excitement for this new chapter and the opportunities it holds.

English

9.6K

Malwrologist@DissectMalware·18 Tem

@nolze Awesome! I created a pull request (github.com/nolze/msoffcry…) Encountered a few merge conflicts with master. If you have time, plz go ahead and resolve them. Otherwise, I will try to do it. It may take some time for me to get back to it though. Context: twitter.com/JohnLaTwC/stat…

John Lambert@JohnLaTwC

English

nolze@nolze·17 Tem

I'm really impressed with what you've done and I would love to continue its development with you and future contributors. If you're open to it, would you consider creating a Pull Request for us? Thank you in advance for your consideration.

English

203

nolze@nolze·17 Tem

@DissectMalware Hi Malwrologist, I'm nolze, the author/maintainer of msoffcrypto-tool. I came across your excellent work on the XOR algorithm implementation at github.com/DissectMalware….

English

264

Malwrologist@DissectMalware·15 Tem

@Mao_Ware I thought # of interviews is equal to number of companies; still impressive though

English

334

Brian Bartholomew@Mao_Ware·15 Tem

@DissectMalware Hahaha. 11 were with the same company :) I should have probably prefaced that.

English

1.4K

Brian Bartholomew@Mao_Ware·14 Tem

Extremely excited to join the herd at Rapid7. That said, for those that are navigating this job market, here's some numbers to help put things in perspective: - 22+ years experience - Unemployed May 4 - 38 applications submitted - 35 interviews conducted - 2 offers received

English

187

43.8K

ค้นพบ

@kavehrazavi @jstrosch @m_r_tz @bsdbandit @curi0usJack @ViriBack @fr0gger_ @Cryptolaemus1