Malware

Malware

58 bookmarks
Custom sorting
The Pumpkin Eclipse - Lumen
The Pumpkin Eclipse - Lumen
Executive Summary Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP). The incident took place over a 72-hour period between October 25-27, rendered the infected devices permanently inoperable, and required a hardware-based replacement. Public scan data Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP).
·blog.lumen.com·
The Pumpkin Eclipse - Lumen
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials | Microsoft Security Blog
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials | Microsoft Security Blog
Since 2019, Forest Blizzard has used a custom post-compromise tool to exploit a vulnerability in the Windows Print Spooler service that allows elevated permissions. Microsoft has issued a security update addressing this vulnerability as CVE-2022-38028.
·microsoft.com·
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials | Microsoft Security Blog
kargisimos/detenv
kargisimos/detenv
A small and portable Windows C library for sandbox detection
·github.com·
kargisimos/detenv
Raspberry Robin’s Roshtyak: A Little Lesson in Trickery - Avast Threat Labs
Raspberry Robin’s Roshtyak: A Little Lesson in Trickery - Avast Threat Labs
We take a deep dive into Roshtyak, the DLL backdoor payload associated with Raspberry Robin. Roshtyak is full of anti-analysis tricks. Some are well-known, and some we have never seen before. From a technical perspective, the lengths Roshtyak takes to protect itself are extremely interesting. Roshtyak belongs to one of the best-protected malware strains we have ever seen. We hope by publishing our research and analysis of the malware and its protection tricks we will help fellow researchers recognize and respond to similar tricks, and harden their analysis environments, making them more resistant to the evasion techniques described.
·decoded.avast.io·
Raspberry Robin’s Roshtyak: A Little Lesson in Trickery - Avast Threat Labs
GitHub - optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
GitHub - optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs - GitHub - optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executabl...
·github.com·
GitHub - optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
Writing an Independent Malware
Writing an Independent Malware
A quick guide and high-level discussion on how to remove runtime dependencies when writing malware.
·captmeelo.com·
Writing an Independent Malware
A tale of EDR bypass methods | S3cur3Th1sSh1t
A tale of EDR bypass methods | S3cur3Th1sSh1t
In a time full of ransomware as well as Advanced persistent Thread (APT) incidents the importance of detecting those attacking groups has become increasingly...
·s3cur3th1ssh1t.github.io·
A tale of EDR bypass methods | S3cur3Th1sSh1t
GitHub - wavestone-cdt/EDRSandblast
GitHub - wavestone-cdt/EDRSandblast
Contribute to wavestone-cdt/EDRSandblast development by creating an account on GitHub.
·github.com·
GitHub - wavestone-cdt/EDRSandblast
Windows System Calls For Hunters
Windows System Calls For Hunters
Introduction System calls are the ultimate high-level atomic actions that Malware writers might control. System calls sequences are the defacto ultimate way to divide behaviors between good and bad…
·marcoramilli.com·
Windows System Calls For Hunters