Tired of repetitive manual unpacking? x64dbg Automate helps you reduce strain, tame complexity, scale analysis, and share reproducible wins. Watch it unpack encrypted code in action! 🔐 Check out the new blog post 'Analysis at Scale with x64dbg Automate' by Darius Houle ↓

Malicious .svg files with embedded JS are flooding @VirusTotal with almost zero AV detections - looks like a massive phishing campaign We just published a YARA rule to help you catch them YARA github.com/Neo23x0/signat…

Another "intelligence" account spreading backdoored and infected source code repositories... Setup is basically the same as this one I previously wrote about x.com/cod3nym/status…

A new threat, closely resembling #SUDDENICON’s supply chain attack has surfaced in our threat intelligence feeds. This campaign delivers a malicious MSI installer that deploys a Python executable with encrypted payload append at the end of the executable. The payload is

In the past few days we have observed an increasing amount of backdoored malware source code releases on GitHub. The repositories were spread by multiple threat intelligence accounts on X. The malware uses MSBuild project files with build events to execute malicious code. The

I wrote a simple website to check GitHub repositories for potentially infected MSBuild project files. cod3nym.github.io/github-backdoo… Checkout the details below.

After #flareon11 challenge 7, I got inspired to build tooling for #dotnet Native AOT reverse engineering. As such, I built a #Ghidra Analyzer that can automatically recover most .NET types, methods and frozen objects (e.g., strings). Blog:👉blog.washi.dev/posts/recoveri…

Thanks to tremendous dev work by Fukusuke Takahashi and DustInDark, we have our first alpha version release of Suzaku - "Hayabusa for cloud logs". Still lots to implement but the basic sigma detection is working for AWS CloudTrail logs so try it out and give us feedback on how we

Stumbled over this new AMSI bypass. It works by manipulating the COM RPC communication used by AMSI to talk to AV engines. By hooking NdrClientCall3 which handles the RPC calls we can intercept AMSI scan requests before they reach the AV engine. I wrote a simplified version that

🚀 THOR Cloud & THOR Cloud Lite now support YARA Forge Upgrade from the 4,300-rule built-in rules to 11,310+ curated rules from 40+ sources 🧠 Broader detection ⚙️ Simple activation ✅ Free for all users 📖 nextron-systems.com/2025/04/30/yar… 📊 github.com/YARAHQ/yara-fo…

We’re excited to announce the launch of malops.io , a platform built by analysts, for analysts and it’s completely free. You can join and enjoin with our frist challenge about RokRat Loader.

Related "x-ray-health-records-qdf.bat": 69ae32f8fa7bdda3f215db7f0bf57305e82ed38a28974884b75b7015dbfa43b4 AV vendors on VT not detected this too, but at least there is a THOR APT Scanner comment... 🤷‍♂️

New blog post from Gameel Ali 🤘 and me: we analyze Katz Stealer. Focusing on bypassing App-Bound Chrome Encryption and compromising Electron apps; and how those behaviors can be leveraged for detection. We highlight key detection vectors uncovered during our analysis and provide

a good & quick read: deceptiq.com/blog/rethinkin…

'Villa - Home Decor - Architectural Design Drawing - Prinsiri Developement - 2605h01.bat' abuse.ch bazaar.abuse.ch/sample/43a8084… Jonathan Peters Nextron Research ⚡️

Introducing Havoc Professional: A Lethal Presence We’re excited to share a first look at Havoc Professional, a next-generation, highly modular Command and Control framework, and Kaine-kit our fully Position Independent Code agent engineered for stealth! infinitycurve.org/blog/introduct…

A trojanized Autoruns DLL loading shellcode from its .data section. Currently, only THOR APT Scanner detects it on VirusTotal. virustotal.com/gui/file/1c962… #shellcode #peb Nextron Research ⚡️

Did anyone already notice this webshell dropped with the name spinstallp.aspx It's a different minified ASPX webshell #SharePoint virustotal.com/gui/file/2f270…

There are plenty of malware‑analysis tools - but pe‑sieve (hasherezade) + YARA Forge (Florian Roth ⚡️) is one of the sharpest offline combos to identify malware families. Dump → PE‑sieve Scan → YARA Forge ID → Malware family Step‑by‑step walkthrough in the video below 👇