Malware

Malware

45 bookmarks
Custom sorting
A tale of EDR bypass methods | S3cur3Th1sSh1t
A tale of EDR bypass methods | S3cur3Th1sSh1t
In a time full of ransomware as well as Advanced persistent Thread (APT) incidents the importance of detecting those attacking groups has become increasingly...
·s3cur3th1ssh1t.github.io·
A tale of EDR bypass methods | S3cur3Th1sSh1t
GitHub - wavestone-cdt/EDRSandblast
GitHub - wavestone-cdt/EDRSandblast
Contribute to wavestone-cdt/EDRSandblast development by creating an account on GitHub.
·github.com·
GitHub - wavestone-cdt/EDRSandblast
Windows System Calls For Hunters
Windows System Calls For Hunters
Introduction System calls are the ultimate high-level atomic actions that Malware writers might control. System calls sequences are the defacto ultimate way to divide behaviors between good and bad…
·marcoramilli.com·
Windows System Calls For Hunters
IcedID GZIPLOADER Analysis - Binary Defense
IcedID GZIPLOADER Analysis - Binary Defense
In late February, while tracking a malicious spam campaign from the Qakbot distributor “TR,” Binary Defense’s analysts identified a new version of IcedID being delivered through malicious Word and Excel files. The updated IcedID has a new first stage loading mechanism, which we’ve dubbed “gziploader,” along with new encryption algorithms for hiding its configuration and […]
·binarydefense.com·
IcedID GZIPLOADER Analysis - Binary Defense
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild - Avast Threat Labs
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild - Avast Threat Labs
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild - Avast Threat Labs