BPFDoor - An Evasive Linux Backdoor Technical Analysis
BPFDoor is an stealthy Linux backdoor operating for years undetected. We disclose full technical details and detection techniques here.
REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence
Updated samples indicate access to original source code and active development, signaling that GOLD SOUTHFIELD has resumed operations.
A new BluStealer Loader Uses Direct Syscalls to Evade EDRs
The latest version of the BluStealer loader syscalls to bypass EDRs. We break it down and analyze how it works.
Daxin Backdoor: In-Depth Analysis, Part Two
In the second of a two-part series of blogs, we examine the communications and networking features of Daxin.
Daxin Backdoor: In-Depth Analysis, Part One
In the first of a two-part series of blogs, we will delve deeper into Daxin, examining the driver initialization, networking, key exchange, and backdoor functionality of the malware.
Carbon Black Threat Research Dissects Red Leaves Malware, Which Leverages DLL Side Loading - VMware Security Blog - VMware
At the beginning of April, Carbon Black Threat Research began analyzing a malware variant commonly referred to as Red Leaves, which appears to have code reuse from the PlugX family. During the last month, this malware family has been referenced in several security blogs and government