ZathuraDbg is now open source and available for download! Zathura Debugger

Does anyone know the original source for this webshell? Like is there a Github or a Gitlab or anything? <title>{Ninja-Shell}</title>

A map of the US presidential election results if you are viewing it as a dog

Ghidra 11.2.1 has been released! github.com/NationalSecuri…

Still haven't been able to pull down a #Gootloader sample, but found some on VirusTotal and noticed they are now hiding their #malware in a #jQuery #JavaScript. Created a new #YARA rule to detect the .JS file github.com/GootloaderSite…

As promised, I just dropped a dozen new sandbox escape vulnerabilities at #POC2024 If you missed the talk, here is the blog post: jhftss.github.io/A-New-Era-of-m… Slides: github.com/jhftss/jhftss.… Enjoy and find your own bugs 😎

🚨 New Blog Post! 🚨 #Gootloader's pivot from SEO poisoning tactics to fake PDF converters. Find out how the shift from legal-themed files to "PDF to DOCX" scams could impact everyday users. Read more 👉 gootloader.wordpress.com/2024/11/07/goo… #Cybersecurity #MalwareAnalysis #ThreatIntel

Blogpost on new Gootloader distribution method. The actor has been responsible for initial access for ransomware for a long time. Ensure your org can detect their malware. It frequently bypass many defenses. Recent example: virustotal.com/gui/file/9c236… bazaar.abuse.ch/sample/9c236ea…

Debloat 1.6.2 Fixed a bug that could corrupting files. Only affected malware using tactic-7 (inflated section). Had such a Lumma sample: inflated EXE (700MB) which loads inflated DLL (700MB). Debloat reduces each to 3MB. They can then be sandboxed. github.com/Squiblydoo/deb…

👾 Check out our stream recording from last weekend where we looked at the new IDA 9.0 features and reverse engineered a packer that uses direct syscalls 😎youtu.be/hGiS5CyPDZg

🚨 MALWARE DEVELOPMENT CONTEST 🚨 🚨 CASH PRIZES 🚨 We're hosting a malware development competition. It is a JVM malware competition. Criteria: - Virality/infectiousness - Stealth - Flexibility What this is NOT: - An obfuscator contest - a VM design contest 0th place

Apple released a hearing aids feature for the AirPods Pro a while ago. I bought a pair for grandma, but then realized that the feature was geoblocked in India So we at Lagrange Point decided to unblock it. It ended up involving a leaky microwave and building a Faraday cage:

Top 10 last week's threats by uploads 🌐 ⬆️ #Lumma 857 (621) ⬇️ #Redline 791 (2641) ⬆️ #Stealc 640 (416) ⬇️ #Amadey 548 (1270) ⬇️ #Berbew 369 (483) ⬆️ #Xworm 228 (218) ⬇️ #Asyncrat 211 (216) ⬆️ #Snake 194 (152) ⬆️ #Remcos 181 (140) ⬇️ #Agenttesla 145 (163) Track them all 👉

Paged Out! Issue #5 is out now! pagedout.institute/?page=issues.p… Happy reading! Please RT and tell your friends! :)

Ngioweb #malware powers NSOCKS, with 80% of bots sourced from vulnerable IoT devices like routers and cameras. The botnet averages 35,000 active bots daily, some lasting over a month. Learn how this botnet operates — thehackernews.com/2024/11/ngiowe… #infosec #cybersecurity

Remember when most of the threats were Emotet, Trickbot, Danabot, and other banking Trojans? Now it's all malware loaders, commodity RATs, rogue RMMs, and Information Stealers. There's been a huge shift in the financially motivated criminal ecosystem over the past 5 years...

✨ Tyler Surrey is a magician 🎩

UPDATE: #ESETresearch was contacted by one of the possible authors of the Bootkitty bootkit, claiming the bootkit is a part of project created by cybersecurity students participating in Korea's Best of the Best (BoB) training program. 1/2 welivesecurity.com/en/eset-resear…

New blog with an update on the Socks5Systemz botnet with some interesting details! bitsight.com/blog/proxyam-p… #socks5systemz #proxyam

My recent writeup on updates in #Rhadamanthys stealer, along with some scripts that may be helpful in analysis. Check it out!