Back to #yara in my latest video on #youtube - I discuss some techniques for crafting a rule to detect #pecompact2 using #idapro and hex strings:

👁️ youtu.be/P4_aN7bA6Wc

🕸️ Discover and triage #opendirs with #subcrawl - project includes many #yara rules to help identify payloads, phishing kits, c2 panels, and more 👇

✅ github.com/jstrosch/subcr…

You can learn more about #subcrawl 👇

▶️ youtu.be/iEAVPKwX_B8

You've just come across a potentially malicious PE (.exe, .dll, etc) file, what is the first thing you do to begin your triage process?

🧠 My thoughts on why you need to learn #assembly to become proficient with tools like #idapro and #ghidra 👇

youtu.be/AdMnkVbwKks

We'll dive into the importance of assembly demonstrating compilation, machine code identification, and code recovery with IDA Pro FREE

Unraveling Not AZORult but Koi Loader: A Precursor to Koi Stealer

Did some analysis on #KoiLoader which ultimately led to #KoiStealer . Warning ⚠️It is not AZORult.

The blog: esentire.com/blog/unravelin…

eSentire Threat Intel

🚨 Shorten the time between infection and detection! This course from the OISF on @Pluralsight equips you to monitor your network & deploy #Suricata for real-world defense. 👇

pluralsight.com/paths/network-…

Get started today!

Just released 🎉: Threat actors recently registered many fake Homebrew domains to serve Atomic MacOS Stealer (AMOS).

Let's dive into this malware variant, look at some dynamic analysis, and then dive into how we can decrypt its strings using Python.

youtu.be/as5iq7tKZzk

Google CEO lookalike and master instructor 🐘 @[email protected] will teach The ARM IoT Exploit Laboratory, a virtual Ringzer0 course this July: ringzer0.training/doubledown24-a…

🔥 Learn how quick and easy it is to customize #Fakenet 's default web root. This allows you to serve custom content when performing malware analysis or performing other dynamic network analysis 👇

thecyberyeti.com/post/customizi…

🚨 Malware is often delivered through complex and convoluted distribution channels. This course will teach you the basics of performing fast and effective techniques for analyzing these chains and identifying important indicators of compromise.

pluralsight.com/courses/initia…

My Favorite Reverse Engineering Teachers:
🥇 herrcore - patreon.com/oalabs
🥈 Josh Stroschein | The Cyber Yeti - thecyberyeti.com
🥉 0verfl0w - courses.zero2auto.com

Why?
1⃣ Concise & Direct Teaching
2⃣ Practical Real World Examples
3⃣ Comprehensive & Inexpensive

🔥 Looking for a reason to attend #hacker #summer camp in #Vegas ? I'm offering a 4 day hands-on training to learn how to reverse #Windows #malware !

😈 ringzer0.training/doubledown24-a…

👆 Full course details and agenda

🦔 📹 New Video: D3fack loader analysis

➡️ Inno Setup pascal script analysis
➡️ string deobfuscation with binary refinery
➡️ JPHP decompilation

Sample was first described by RussianPanda 🐼 🇺🇦

youtube.com/watch?v=y09Zre…
#MalwareAnalysisForHedgehogs #D3fackLoader

🚨 Prepping for another Malware Mondays next week! Until then, you can get caught up with previous live streams!

Ep. 01 - Process Monitor
youtube.com/live/b5_PUMmpw…

Ep. 02 - Process Explorer/System Informer
youtube.com/live/bxIIsnFGh…

Additional resources:
thecyberyeti.com/malware-mondays

Hi all, If you are struggling with inline decryption and C++ triage, I wrote a brief article, using #emulation and a quite recent #GlorySprout sample. Hope someone will find it an inspiring reading: shorturl.at/teq6W

Mandiant Detection Engineering is hiring! google.com/about/careers/…

🚨 It's not too late - wrapping up today at 4pm CDT! FREE access to Pluralsight! 10 winners will get ALL of Pluralsight's courses at their fingertips for 30 days - including my 15 courses on reverse engineering/malware analysis!

🧨 pluralsight.thecyberyeti.com/may-giveaway

🚨 It's not too late - wrapping up today at 4pm CDT! FREE access to Pluralsight! 10 winners will get ALL of Pluralsight's courses at their fingertips for 30 days - including my 15 courses on reverse engineering/malware analysis!

🧨 pluralsight.thecyberyeti.com/may-giveaway

Created a quick video discussing ways to extract zip files from PCAPs, includes a quick recipe on cyberchef :) Zip was part of data exfil activity for an old Vidar sample, working on some training content & wanted to put something together as a reference.

youtu.be/-M6lsZgsqqw

YT Short: Can PDFs be Malware? 🦔📹

#MalwareAnalysisForHedgehogs #PDFs
youtube.com/shorts/rWjNDKz…