EmoCheck v2.0をリリースしました。新しいバージョンでは、2020年12月以降に登場した新しいEmotetも検知できるように対応しています。 github.com/JPCERTCC/EmoCh…

Bye-bye botnets👋 Huge global operation brings down the world's most dangerous malware. Investigators have taken control of the Emotet botnet, the most resilient malware in the wild. Get the full story: europol.europa.eu/newsroom/news/…

"Knock, knock, Neo. - Active C2 Discovery Using Protocol Emulation" #JSAC2021 slides jsac.jpcert.or.jp/archive/2021/p… Cobalt Strike team servers with leaked/cracked IDs (over 3,200, 51% of the total) github.com/carbonblack/ac…

New release: #pe_to_shellcode (#pe2shc) - added DCP support: now the generated shellcode can be injected into a processes with DCP ( "Dynamic Code Prohibited" ) enabled github.com/hasherezade/pe…

domain-fronted Cobalt Strike team servers since 2020/02 (MS Azure and Fastly) github.com/carbonblack/ac… I hope they will block it

I've updated the #YARA performance guidelines with input from Arnim Rupp Guidelines github.com/Neo23x0/YARA-P… We've been working on Panopticon, a YARA performance measurement tool & Arnim improved the guide according to new findings github.com/Neo23x0/panopt…

非公開にして、EmoCheck v2.0のソースコードを公開しました。 ^ST github.com/JPCERTCC/EmoCh…

#JSAC2021 の全講演動画をYouTubeにアップロードしました。ご参加いただけなかった皆様、ぜひご覧ください。 ^ST youtube.com/playlist?list=…

I am pleased to announce the release of DFIR-O365RC: A #PowerShell module to help the #DFIR analyst collect logs for #Office365 investigations. github.com/ANSSI-FR/DFIR-…

国内で発生した攻撃グループLazarusによる攻撃で使用されたマルウェア、ツールについてまとめました。IoC情報も記載していますので、ご活用ください。^ST blogs.jpcert.or.jp/ja/2021/03/Laz…

Tenet is an #IDAPro plugin for exploring execution traces. The goal of this plugin is to provide more natural, human controls for navigating execution traces against a given binary. Check it out: blog.ret2.io/2021/04/20/ten… #reverseengineering #idapython

NSRLJP_202104 released. It’s been 2 years since I updated last time :) kazamiya.net/en/NSRLJP #DFIR

IDAPython script deobfuscating ADVobfuscator strings, applied to a TrickBoot sample github.com/TakahiroHaruya… We may not be able to reuse it for a different sample that was compiled with a different compiler or with different flags but I think the same approach can be applied.

Our preprint is available here: phanivadrevu.com/files/papers/p… Please reach out with any questions. Also, do attend our presentation which is scheduled for Track-1 on August 13th (Friday) at 11:15 PDT.

Analyzing Malicious Documents Cheat Sheet has been updated to include new tools and techniques: zeltser.com/analyzing-mali…

New release: #TinyTracer (2.0) - allows to trace also indirect calls to local functions: github.com/hasherezade/ti…

Today I've launched malapi.io. I've been analyzing malware source code that utilizes WinAPIs and have been categorizing them. Please feel free to contribute as I know the current list is not exhaustive.

Here's our YARA rule to detect APT10, APT29, BlackTech, Darkhotel, DragonOK, Lazarus, Tick and others. github.com/JPCERTCC/jpcer…

2023年1月25-26日(水、木)にJSAC2023を開催します。そして、本日からCFP・CFWの募集を開始しました。今回から発表未経験者枠やLIGHTNING TALK枠を新設しております。みなさまのご応募お待ちしております。^AS #JSAC2023 jsac.jpcert.or.jp

Our malware detection tool YAMA, which can scan memory based on your own YARA rule, is now available! Don't miss out on JPCERT/CC's presentation about the tool at #BlackHatUSA Arsenal at 10am on 9 Aug. ^MT blogs.jpcert.or.jp/en/2023/08/yam… github.com/JPCERTCC/YAMA