Daniel Plohmann

I have just published a new data set revision of MalpediaFLOSSed, now aggregating 5.6m unique strings gathered from 2.100 malware families. github.com/malpedia/malpe…

@angealbertini Malcat has been my initial malware triage tool for a good while now and saved me a decent amount of time combining and accelerating several common tasks. 100% what Ange said.

If you’re into malware analysis, you should really give Malcat a try. It’s an all-in-one tool with hex and structure views, disasm and decomp, integrated Yara, python scripting and similarities scanning... A very handy and well-designed time saver!

From building Malpedia to tracking malware families at scale, Daniel Plohmann @push_pnx is shaping how we fight cyber threats. hunt.io/blog/interview… In this Hunt interview, he shares insights from his research at Fraunhofer FKIE and how music fuels his creativity in security. Read the full conversation and see how Daniel connects technical expertise with artistic passion ⬇️ #CyberSecurity #ThreatIntelligence #CyberThreats

Tickets for #DEATHcon in Montreal are on sale now! Book now to secure your place. FYI, Virtual Tickets for round 1 are already Sold Out! eventbrite.ca/e/deathcon-mon… Additional info (like workshops) for the con can be found here : DEATHcon.io Please retweet for reach

DEATHCon online/remote ticket sale round 1 will start Monday 7th of July at 00:01 UTC! worldtimebuddy.com/?pl=1&lid=100,… Last year they sold out in 24h 😳 On-site tickets will be available on 7/7 at around 10am local time for each site. All details here: deathcon.io/tickets.html

You can now check your strings in #malcat against an online library of #Malpedia FLOSSed strings. Just copy this plugin, courtesy of @push_pnx : #plugin-for-malcat" target="_blank" rel="nofollow noopener">github.com/malpedia/malpe…

🔍 Looking for better detection models for Domain Generation Algorithms (DGA)? 🚀 In our new @RAID_Conference paper, we review a some assumptions that can limit the impact of the DGA detection models and discuss some improvements that can lead to more robust detection models.

𝗢𝗻𝗹𝗶𝗻𝗲, 𝗵𝗮𝗻𝗱𝘀-𝗼𝗻, 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗮𝗹, 𝗮𝗻𝗱 𝗳𝗿𝗲𝗲! CTU's "Introduction to Security" Class opens online for free! Join us and register for free. Starting on Sep 26th. #cybersec #infosec #blueteam #redteam stratosphereips.org/blog/2024/9/3/…

Ticket pre-sales for DEATHCon 2024 are now live! If you attended last year, please see the #announcements channel in Slack. If you aren't still on Slack, DM me and I'll get you the info!

🎉 HUGE thank you to the incredible VirusTotal community! We're turning 20 & feeling so grateful for your support over the years. 🙌 Check out our blog for what industry leaders are saying & maybe score some cool swag? #VirusTotal20Years ➡️ blog.virustotal.com/2024/05/we-mad…

We have released #malcat version 0.9.6, which comes with a new #malware identification service: #Kesakode! ● Works on unpacked malware ● 2000+ malware families & millions of clean + libs in DB ● Only hashes are sent ● Included in Malcat full & pro malcat.fr/blog/096-is-ou…

In less than 24 hours we will officially be 5 years old. We are giving away $1,000 worth of our "5 horsemen of the apocalypse" shirt. If you'd like a free shirt leave a comment below.

@hyun____22 Don't get me wrong, Hyara on itself is an awesome tool and I've used it many times in IDA! :) But its also a great blueprint for the different tools and I'm glad you spent all the effort to adapt it to the others!

@push_pnx I'm glad you found my project helpful. :)

I wrote a blog post about MalpediaFLOSSed, a collection of ~4 million strings extracted from 1800+ malware families and upgrading its GUI plugin to work with IDA, Ghidra, and Binary Ninja at once! Kudos to @hyun____22 for Hyara, which pioneered such cross-tool compatibility!

reupping this as i am still looking for the right fit. please pay me to eat malware and make bad guys sad.

Updated Reverse Engineering Go Malware talk with readable slides so you can read them. Many thanks to @yuriskinfo for fixing it youtube.com/watch?v=ftUvYR…

📣We updated "Malpedia FLOSSed". TL;DR: More data, cleaner Rust/Go/Dotnet strings, various tags! We also created a public web service to make this data more accessible: strings.malpedia.io, as well as an IDA plugin as a demo use case. Read more -> github.com/malpedia/malpe…

@albertzsigovits Haha, that's a very nice use of the file! I've had a quick look and it seems there are more such debug message indicators that you could also use: [!], [#], [*], [+], [-], [E], [I], [S], [~].

I feel like this dump doesn't get enough credit. So I filtered all malware debug ascii/utf16 strings from it and included it in a YAR rule file. That's just one use-case for this awesome dump. There are lots of other interesting malware indicators in it that could be used in a different way. @malpedia @push_pnx #100DaysofYARA #malpedia

@AzakaSekai_ @malpedia @Mandiant An example: you look at some new/unknown malware sample and extract strings for it. You can now cross-reference these strings against this collection to figure out how common they are, i.e. create a weighted order for the least common / most interesting ones.

@malpedia @Mandiant Not entirely sure what the goal or use case is 🤔

🛠️ We just published "Malpedia flossed": @Mandiant FLARE team's floss tool applied to all unpacked + dumped samples in @malpedia. Results: 35.645.324 raw strings, distilled to 2.137.276 unique strings from 1751 processed malware families - 400 MB JSON. -> github.com/malpedia/malpe…