🔍 Using PE-sieve For Malware Analysis
💻 Detects malicious payloads, shellcode
🛡️ Reconstructs corrupted PE headers
🧩 Handles obfuscated code parts easily
⚙️ Customizable with various command-line args
🔧 Integrate into tools as DLL or static lib
👉guidedhacking.com/threads/how-to…

“Beginning with Windows Server 2025, dtrace is included as a built-in tool.” This is awesome to see! learn.microsoft.com/en-us/windows-…

Telegram is a social media platform, not a secure messenger. The primary use of the system is for groups, with one to one messaging occupying the same space as Twitter DMs.

Signal and Telegram address very different markets.

Swee Lai Lee is an extremely talented threat researcher and malware analyst from my team. Laid off after 8 years as part of the Carbon Black acquisition into Broadcom

Based in Malaysia, spoke at RSA, analysis writeups, large-scale malware tests against vendor products

Hire her!

abc.net.au/news/2024-05-1…

GDATA researchers look into recent Rust shellcode loaders abusing online meeting software GoTo Meeting to deploy Remcos RAT. gdatasoftware.com/blog/2024/05/3…

🛡️💻 If you were unable to attend the 2024 conferences or would like to watch some of them again.

👉 They are now online: ow.ly/BFXj50RFiyG
👉 Slides are also available (others may be added): ow.ly/fVAE50RFiyH

📸 Marine Garnier

#INSO24 #CTF #cybersecurity

The last couple days have been so wildly productive and i am proud of myself
I completely rebuilt the engine, api, and website for my powershell polymorphic reverse shell generator
and now that I have done so much work on it again I need help testing it against different AVs.…

Dzień dobry. Ktoś wyłudza i zapewne handluje lekami narkotycznymi. Mamy dane lekarzy, którzy wystawili recepty,( receptomaty?), mamy adresy realizacji recept, ale sprawcy i sprawców nie da się znaleźć. Jedyna osoba, której zależy to córka lekarka..

First part of chapter 11 has been published (security)! See how to call NtCreateToken :)
Chapter 10 is not ready yet, I'll leave it for later.
leanpub.com/windowsnativea…

Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass : the-deniss.github.io/posts/2022/12/… credits Denis Skvortcov

I just posted a roadmap on how I learnt C (+ x86-64 Assembly and OS Internals) from scratch.

I highly recommend it to anyone planning to take a course at OpenSecurityTraining2 or who is interested in malware development.

github.com/theokwebb/C-fr…

New advisory on APT28/FANCY BEAR 🇷🇺 activity by CERT Poland 🇵🇱 observed this first week of May targeting Polish government institutions.

🔎 Looks like they've moved away from CVE-2023-38831 in WinRAR or CVE-2023-23397 in Outlook in this campaign.

cert.pl/en/posts/2024/… 1/3

For anyone that's interested, following my talk 'Immoral Fiber: Unlocking & Discovering New Offensive Capabilities of Fibers' at Black Hat Asia 2024 #BlackHat I have open-sourced my new techniques here:
github.com/JanielDary/Imm…

If you rely on Driver Verifier beware that it's not working as expected on Windows 11: osr.com/blog/2024/05/0…

folks please help me get this word out. @Crowdstrike named some ransomware PunkSpider, literally the name of one of the pieces of software I made. Completely unrelated of course, mine is a security tool.

This is NOT cool, appreciate RTs to get them to change this.

The thing is, VMProtect is pretty much useless when it is only applied on the PyInstaller stub's code.

The PyInstaller archive at the end of the file is still as before and you can extract all the Python bytecode.

This is a funny sample.
PyInstaller executable protected by VMProtect.

virustotal.com/gui/file/581ce…

Inject into hidden window taskmgr to do a lsass dump github.com/cybersectroll/…

I am excited to announce I'll be presenting ' Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks' at #vb2024 🥳
virusbulletin.com/conference/vb2…

#LOLDrivers and the high popularity of abusing vulnerable drivers is here for a while so let´s see what new I am gonna…