#Turla #APT Skipper malicious doc + nvshost.exe. dsme[.]info 5a7a4755e785c227c250a7c1c346db20 fe19cf15a3c1f9f4691231965cbd9ae0

Read up👓, Brian Carrier’s series on speeding up incident response continues! #DFIR bit.ly/2Vg0Aw1

A joint report from the NCSC and NSA/CSS exposing Turla group activity ncsc.gov.uk/news/turla-gro…

How to use #YARA's new 'xor' modifier in the right way - don't look for strings found in malicious files - look for benign strings in an XORed form - best example with high coverage over multiple families: Mozilla/5.0 Hunt them down! github.com/Neo23x0/signat…

Applying Cache Probing Attack over multiple Google platforms medium.com/@terjanq/massi…

cve-2019-19363 is a good example of why one should baseline "normal" execution of the PrintIsolationHost.exe since this represent a valid vector for exploiting print drivers (any user can install) with weak ACL for privesc and/or persistence. pentagrid.ch/en/blog/local-…

A Trivial Privilege Escalation Bug in Windows Service Tracing itm4n.github.io/cve-2020-0668-…

I am so glad they are safe ;)

Here is my detailed write-up about CVE-2020-0787 - Windows Background Intelligent Transfer Service Elevation of Privilege 🙂 👉 itm4n.github.io/cve-2020-0787-…

Amazed by VirusTotal's search capability. An alternative way to hunt #royalroad exploit template. Syntax: behaviour_files:"wll" and tag:"rtf"

#slidewinder #apt used new board announcement as lure theme. Mmm F.. stands for football? 🤔 Filename: AFC New Board.pdf.lnk C2: www-afc.chrom3/.net r0dps/.net MD5: b6932a288649b3ceb9a454f808d6eb35

Fresh cross-platform #APT malware #NukeSped from #Lazarus / #HiddenCobra #OSX version MD5: 5357477cccaed037b45d79907d1b404c Filename: cassoosx #Windows version MD5: 6ca14a62e95569bbef1b9d65ab8fb730 Filename: casso.exe Both of them call to C2: lastedforcast/.com

Attribute to Lazarus's operation "DangerousPassword" in this Sept. File name: New Profits Distribution.lnk MD5: 50ed1ba7abdb38d75e68258275b9f2c7 C&C: filehost[.]network #dprk #lazarus #apt

More people are proposing using machine learning to classify malware families or detect malware. @Aragorn32328247 presents convolution neural networks with ensemble on memory-resident malware detection framework named "Mem2Img" in this Briefing bit.ly/3ca7WKd