#Zloader development continues with new versions that include an anti-analysis feature that prevents samples from being executed on another system after an initial infection. This is likely inspired by the leaked #ZeuS source code that implements a similar feature.

Read the…

🔴 We are live!

twitch.tv/oalabslive

Ever wonder what is buried in a 10 year old file infector? What files has it collected over the years?

Join us at 1300 EST today and find out!

#OALabsLive
#SundaySandboxCentipede

Self-replicating malware, long abandoned by its operators, continues to contribute significant volume and noise to malware feeds.

We investigate this trend, which we refer to as 𝗭𝗼𝗺𝗯𝗶𝗲𝘄𝗮𝗿𝗲 🧟‍♂️

blog.unpac.me/2024/04/25/zom…

Honoured to be presenting the keynote for NorthSec this year. If you are in the neighbourhood May 16-17 come say hi, tickets are still available😺

Unpack all malware with a single breakpoint? Maybe? And I promise I won't mention anything about LLMs!

nsec.io

💥 The Github comments upload malware conversation.

Candidly I wanted to record this a month ago, but now that it's in the news, I'm late to the punch and needed to talk about.😅 We do a quick demo on the upload trick, and showcase ANOTHER technique.. 😁
youtu.be/0wduZ3nO848

Since it is back in the news here is some info on SmartLoader that mysterious LUA malware...

The name SmartLoader comes from the UserAgent string used in early builds of the malware (cc Who said what), the true name is currently unknown.

There are at least two different versions of…

A GitHub flaw (or bad design decision) is being abused to distribute malware through URLs linked to Microsoft’s repository, and others, to make the files appear trustworthy.
bleepingcomputer.com/news/security/…

Daniel Mayer herrcore Vector 35 Josh Reynolds (jmag) Binary Ninja’s strengths are its API (especially when accessing the decompiler) and its headless mode (sadly that’s only in the commercial version.) Here is a cheat sheet for binary ninja I created a while back.

gist.github.com/alexander-hane…

I got selected by Vector 35 for a free Binja license for filling out their survey! Do all my Binja folks have suggestions on where to read up on the differences from ida/what are the strengths/weaknesses?

Josh Reynolds (jmag) herrcore ?

If you’re interested in structure recovery in Binary Ninja this stream highlights their auto-generate functionality and interfaces for constructing them. Havoc is actually a pretty nice example for this. Enjoy!

Why are Google dorks returning fewer results now? The search quality has degraded significantly in the last few weeks (more than the usual degradation). Previously working queries fail to find anything, yet the sites remain unchanged. Something feels off recently; anyone else?

Last chance to give your feedback! Reminder, our survey is only live for two more days before the prize drawing ends.

binary.ninja/survey/

🚨🍻🚨 Some very nice CFP submissions are coming in for both Talks, Training and Workshops! Don't hesitate submitting yours before the CFP closes end of this month! Check it out at brucon.org/2024/cfp/ 🚨🍻🚨

🔴 we are live and it’s…

TOTAL WAR!!

(On obfuscation)

twitch.tv/oalabslive

Come hang out for a chill stream while we continue looking at red team tooling! twitch.tv/InvokeReversing

Source: They’re building a next-gen obfuscator suitable for modern binaries Back Engineering Labs. They can do binary-to-binary translation of Windows kernel, CSGO, Chromium, Hyper-V, while respecting CFG, ACG, CET

We want your feedback! Reminder, our survey is live for another week and half before the prize drawing ends.

binary.ninja/survey/