👾Linux #Malware 💻Nikhil Nikhil Hegde shared insights on how using open-source technologies, an in-depth analysis of #Linux based malware such as Mirai, AvosLocker etc, can be conducted Stay tuned for the recording▶️ #NullconGoa2023

Blog post alert! nikhilh-20.github.io/blog/inc_ranso… In this one - I take an INC Linux ransomware sample (targets ESXi), submit it to the ELFEN sandbox and get solid insights within 2m. For completeness, I also dive into IDA's decompilation and describe the encryption mechanism. #malware

A GitHub flaw lets attackers upload executables that appear to be hosted on a company's official repo, such as Microsoft's—without the repo owner knowing anything about it. The following URLs, for example, make it seem like these ZIPs are present on Microsoft's source code repo:

No country for the less privileged. #PuneHitandRun

माननीय पोलीस, एकवेळ त्या वेदांत अगरवाल ला शिक्षा नाही झाली तरी चालेल🙏🏽 पण त्या गरीब निर्दोष बिचाऱ्या ड्रायव्हर ला फसवू नका🙏🏽 #PuneHitandRun

This blog is about PE process injection as implemented in BugSleep backdoor loader. This is an old technique, but I go over why the implementation in the loader is buggy and easily blocked by EDRs. nikhilh-20.github.io/blog/inject_bu…

Join @markrussinovich and I as we learn to Influence without Authority! youtu.be/JxRLX4VGuYg?si… #podcast

Turla backdoor tries to bypass ETW, EventLog and AMSI by disabling PSEtwLogProvider and patching specific functions. But some of its patching is buggy. This blog describes the bypass techniques and why some of the function patches are faulty. nikhilh-20.github.io/blog/turla_bac…