I have been slowly writing the next articles:

1. MAS 08: Introduction to MacOS malware analysis.
2. ER 03: macOS/iOS (part 01)
3. MAS 09: Shellcode Analysis
4. ER 04: Browsers or Hypervisors (part 01)
5. RE 05: Hypervisors or Browsers (part 01)

MAS 09 will be the last article…

We recently merged JA4 support in Suricata master
(redmine.openinfosecfoundation.org/issues/6379), including detection and
logging. This is a contribution by the great Sascha Steinbiss satta. 👏 We wouldn't be able to do as much without our community. BIG THANKS!!!

Docs: docs.suricata.io/en/latest/sear…

Google Chrome sends an ETW event when someone tries to read your passwords.
You should enable these events and monitor them.

For people asking me if I will publish a new version of Malwoverview, the answer is YES, and more details will be released in the coming weeks. Even if I am forever away from malware analysis, I will maintain the project.

github.com/alexandreborge…

#malware #threathunting

My stream with Pavel Yosifovich is now live here: youtube.com/watch?v=7Trgnw…

The description has a link to the slides and the code for a 20% discount for Pavel's training!

It was an awesome stream! Pavel is a legend!

Join me tomorrow on the Off By One Security stream with special guest Pavel Yosifovich Pavel Yosifovich for a session on Windows Device Drivers Internals, ...and Some Additional Reversing! 19-April at 11AM PT. Looking forward to this one!

youtube.com/watch?v=7Trgnw…

Remember kids:

In December 2023, we received a report of a false positive detection on an executable signed by a valid Microsoft Hardware Publisher Certificate. However, the file looked suspicious:

🚨 I've put together my first #cheat #sheet around #maldocs , you can download a PDF version from 👇

✅ thecyberyeti.com/quick-referenc…

Covers the tools, common commands, and other information you need to know when analyzing malicious documents, such as Word, OneNote and PDF.

Windows 11 has a simple and useful sandbox feature, great for creating disposable virtual machines, where you can run and analyze binaries for vulnerability research and malware analysis. Apparently, it's still a little-known feature.

#windows #sandbox

We dug into the mystery of 'Jia Tan,' the polite, conscientious volunteer coder who inserted a surprisingly sophisticated backdoor into XZ Utils—and is most likely the persona of a state-sponsored hacking group based in an Eastern European time zone. wired.com/story/jia-tan-…

Life is short, so stop worrying about dumb shit and do whatever the fuck makes you happy.

I regularly upload content to #youtube around malware anlaysis, reverse engineering and threat hunting. Consider checking out my channel - subscribes are always appreciated! 🙏

✅ youtube.com/channel/UCI8zw…

A security backdoor was recently discovered in liblzma 5.6.0 and 5.6.1. #Wireshark 's Windows and macOS installers ship with liblzma, but not with those versions.

Binarly has released a free scanner to detect signs of the #XZbackdoor implantation xz.fail

Here is my #Friday #giveaways !

Like, retweet and share with your network... I'll randomly choose on Monday 4/1 two winners to get the full 'C5W Certified Malware Analysis' course and certification for FREE... You should not miss this! #DFIR #Malware

academy.cyber5w.com/courses/C5W-Ce…

For people asking me for guidelines for vulnerability research and exploit development, I think an initial and general path forward, based on my journey so far, could be summarized as below:

1. Choose one or more topics that you really like.
2. Obtain and read all available…

GIVEAWAY ALERT!
we are giving away our latest course 'Win32 Shellcoding' for 5 people who like and retweet this tweet.
winners will be picked on wednesday this week.

udemy.com/course/win32-s…

#infosec #malware #shellcoding #redteam

Check out the recorded Off By One Security stream with Duncan Ogilvie 🍍 !! The slides and files used for debugging are available in the video description. Thanks again for joining as a guest, Duncan!

youtube.com/watch?v=AKcADa…

Threat actors actively leverage COM object hijacking for persistence and privilege escalation. We identified the most commonly abused COM objects and CLSIDs to help you stay safe by Joseliyo:
blog.virustotal.com/2024/03/com-ob…