-Reversing Tip 8/30- Want a faster way to open IDA on your exe? 1) open Explorer 2) enter “sendto” in the path bar 3) drag an IDA Pro shortcut to this folder 4) You can now right-click “send to IDA” on any file 5) ? 6) PROFIT! #BinReversingTips

Today I discovered Hex-Rays "Maximum commas" option, and I'm glad I did!

Can everyone stop reporting that APT27 are definitely into ransomware based on this report... …ic-reports.s3-eu-west-1.amazonaws.com/APT27+turns+to… The authors may have put a clickbait title suggesting that, but even they say in their conclusion that they can't attribute it to them!

T is a powerful IDA Pro shortcut when dealing with structs as shown in hex-rays.com/blog/igor-tip-…. I've been using method 2, but didn't know that you can automatically add missing fields 🤩#idapro

In case you missed it, we recently released Season 1 of “Igor’s tip of the week” blog posts in PDF format (All 52 of them!). We hope you find it useful! Check it out : hex-rays.com/blog/igors-tip… #HexRays #Igorstipoftheweek #IDA #ReverseEngineering

extra - IDA determines if a binary is Golang or not only by the presence of the Go build string. The build string does not need to be correctly formed, just finding space in the .text section with enough CC alignment and pasting that string in lets IDA work properly Hex-Rays SA

For anyone interested in some #ShadowPad research- pwc.co.uk/issues/cyber-s… github.com/PwCUK-CTO/Scat… Takes a deep dive into the #ScatterBee (aka #ShadowShredder, #PoppingBee) packing mechanism used by some ShadowPad variants and has scripts to enable static analysis of the payloads

What the heck is Shikata ga nai? Nothing can be done but spit out a thread

I never knew I needed this article until now 0xc0decafe.com/malware-analys…

PwC is seeking a Threat intelligence / malware analyst based in the US / NL / DE area. For more details, visit the listing. #ninjajobs #hiring #cybersecurity ninjajobs.org/job/93ab2fb57f…

Recently uploaded ShadowPad #malware (6e99974b8d421f8923fc132487d7da0d22c5e0fa1940494f312f9c9389c3f4ca) uses C2 login[.]onesigh[.]com. The Root module is from November 2020. Working on ShadowPad? DMs are open for collaboration #threatintel

This is cure to so much pain.

PwC is seeking a Cyber - Global Threat Intelligence - Technical Analyst - Sr Associate based in the Remote area. For more details, visit the listing. #ninjajobs #hiring #cybersecurity ninjajobs.org/job/2e436d5b6c…

The Banshee Queen👑 PwC ATT&CK Richard Ackroyd eral4m We're hiring for our #detectionengineering team. If you would like to join the team that helped produce this annex, the main report, and does so much more, then visit experiencedcareers.pwc.co.uk/job/14249418/e…

#flareon9 Pre-registration is now live! flare-on9.ctfd.io

Step 1: open a binary in IDA and press F5 Step 2: paste the decompiled code into OpenAI's chatbot Someone's job just got way easier.

We've got TWO roles open in Australia! Looking for both tech and strat threat intel analysts. Come work with all the awesome folks on the #pwc TI team. Bonus: Witness firsthand the epic banter between me and Jason Smart. jobs-au.pwc.com/experiencedhir… jobs-au.pwc.com/experiencedhir…

For anyone using Binary Ninja and wanting to use Mandiant's ShellcodeHashes IDA plugin-I ported a basic version of the IDA plugin to Binary Ninja: github.com/PwCUK-CTO/Bina… Known limitations - No GUI, no support for searching memory constants - but it works well for most use cases

Ever wonder how attackers use advanced tools to evade detection? Mandiant analyzes #ScatterBrain, an obfuscator in the POISONPLUG.SHADOW backdoor, which is used by China-nexus actors. Learn how we’re unmasking these sophisticated threats. Read more: bit.ly/42xfceL

Google's Nino Isakovic analyses the ScatterBrain obfuscator, used on POISONPLUG variants. ScatterBrain appears to be a substantial evolution of ScatterBee, an obfuscating compiler previously analysed by PWC. cloud.google.com/blog/topics/th…