Understanding the #pe file format is key to #reverse #engineering windows executables. If you need help, I have a playlist with over 4 hours of content covering many of the most important aspects on #youtube 👇

▶️ youtube.com/playlist?list=…

My latest Pluralsight course live! This course will introduce you to three key detection technologies - #suricata , #yara and #sigma 👇

✅ pluralsight.com/courses/malwar…

This continues the malware skill path, where you can learn triage and reversing skills

app.pluralsight.com/paths/skills/m…

🚨 It's not too late - wrapping up today at 4pm CDT! FREE access to Pluralsight! 10 winners will get ALL of Pluralsight's courses at their fingertips for 30 days - including my 15 courses on reverse engineering/malware analysis!

🧨 pluralsight.thecyberyeti.com/may-giveaway

🚨 It's not too late - wrapping up today at 4pm CDT! FREE access to Pluralsight! 10 winners will get ALL of Pluralsight's courses at their fingertips for 30 days - including my 15 courses on reverse engineering/malware analysis!

🧨 pluralsight.thecyberyeti.com/may-giveaway

Created a quick video discussing ways to extract zip files from PCAPs, includes a quick recipe on cyberchef :) Zip was part of data exfil activity for an old Vidar sample, working on some training content & wanted to put something together as a reference.

youtu.be/-M6lsZgsqqw

YT Short: Can PDFs be Malware? 🦔📹

#MalwareAnalysisForHedgehogs #PDFs
youtube.com/shorts/rWjNDKz…

In one of the malware groups I am part of, someone asked a question about malware using the 'unaligned function calls' evasion technique. Here is how this technique works: (1/5)

Threat Hunters. These are fundamental skills!

Have interesting insights on Suricata? Share them at #SuriCon2024 ! Join industry, open-source, academia, and research professionals passionate about #Suricata and network threat hunting, apply today to talk at #SuriCon2024 . 📣 #CallforTalks

suricon.net/call-for-talks/

Calling all EU Threat Researchers 👀

Proofpoint's Threat Research team is hiring for a Senior APT Researcher based in the EU. 🚀 🇪🇺

Bonus points: I'll talk to you about Rust 🦀 whenever you want (and probably when you don't!).

proofpoint.wd5.myworkdayjobs.com/en-US/Proofpoi…

All glory to the Hypnotoad!

Also #AmphibianWeek !

🚨 Malware is often delivered through complex and convoluted distribution channels. This course will teach you the basics of performing fast and effective techniques for analyzing these chains and identifying important indicators of compromise.

pluralsight.com/courses/initia…

I've posted some videos covering reverse engineering concepts using #ghidra on YouTube - covers calling conventions, C++ objects and data structures.

Playlist 👓 youtube.com/playlist?list=…

I also have a course on Pluralsight to help get started!

🎓 pluralsight.com/courses/revers…

🚨 Malware is often delivered through complex and convoluted distribution channels. This course will teach you the basics of performing fast and effective techniques for analyzing these chains and identifying important indicators of compromise.

pluralsight.com/courses/initia…

I wrote a blog about #HijackLoader . It Discussed about the new modules added, changes observed, current malware delivery, second stage loading process and a script to extract all the modules used . Please share your feedback

Detect-it-easy, or DIE, is a great initial triage and PE parsing tool. A helpful feature is that it comes with signatures to help detect compilers, packers, & protectors. Learn more in this introduction video as I use it to analyze a stealer 👇

🛠️ youtu.be/_BMjNqdSoOQ

I was planning to attend #RSAC but ended up at Paddington Station 🤷‍♂️

🚨 icymi - I've put together my first #cheat #sheet around #maldocs , you can download a PDF version from 👇

✅ thecyberyeti.com/quick-referenc…

Covers the tools, common commands, and other information you need to know when analyzing malicious documents, such as Word, OneNote and PDF.