Hey ! I published a large part of my notes, and I hope you will find something new to learn in it. It goes from simple #OSCP notes to #Malware development (#COFFLoader, #ModuleStomping, #ReflectiveDLLInjection...). otterhacker.github.io

I tried to credit the posts. If you think I forgot you please feel free to PM me. For the malware dev post, all the credit goes to the one I've learned from through their blogs or github : - Ahmed Hesham - dylan - ☠️ Brandon - Rad - 5pider - TrustedSec - BINARLY🔬

I'm glad to release with yxel a new sleep obfuscation technique based on 5pider's Ekko named Cronos. This technique is using waitable timers, highly stable and very easy to use. You can check it out at github.com/Idov31/Cronos #infosec #CyberSecurity

In the second part of the memory scanners #blog post from ☠️ Brandon, learn how to determine if threads contain nefarious qualities. hubs.la/Q01rnsTz0

The Maelstorm C2 Series has been summarised: mez0.cc/posts/maelstro… We don't have time at the moment to carry on with the series, so we put it all together in one place. However, let us know if there are any gaps you think we could expand on and we could pick it back up!

[BLOG POST] And as promised, this is a brief article the describing the technique used within SilentMoonwalk. Might be a good weekend read! klezvirus.github.io/RedTeaming/AV_…

Graham Helton (too much for zblock) ☠️ Brandon + pre.empt + Meelo + x86matthew + secret club are some of my absolute favourites 💪⭐

Been accepted for my first talk! Let the nerves begin… 🙃🫡

Somehow all of our blog images died on Gitbook, we've gone back through and fixed them. Some of the older ones are still broken but the Maelstrom series is fixed. With that said, are there any other series of blogs that would be of interest? 👀👀 pre.empt.blog

*6 months later*

I wanted an excuse to play with an LLM API and ended up using ChatGPT to categorise a ton of WinAPI functions to (kind of) expand on malapi.io. Here is the post: pre.empt.blog/2024/catergori…

I put together a blog on LLMs and RAGs for offsec. A particular usecase I found interesting was ingesting engagement data like Confluence, Jira, etc, and asking things like "How does X onboard new starters"? The backend LLM really varied the responses, though.

Last summer we spent some time collecting both benign and malicious applications. We picked it back up and put together a preliminary exploration of that dataset: pre.empt.blog/posts/static-d…

We procrastinated this for a few months, but ember 2024 released inspired us to pick this back up. Right now, it’s just exploratory of our dataset and idea, we’ll do more in the future ❤️cc: Michael Ranaldo pre.empt

🧵 since the rise of AI, we’ve seen a lot of people pick up papers and not really understand how to read them. In my experience, I’ve found the Birds Eye approach the easiest. You don’t need to sit and read it end to end immediately 1/3

Impressive analysis of goodware and malware static artifacts, identifying some gaps offensive devs fall into during the development process. Research conducted by Michael Ranaldo (@michaeljranaldo) and Brandon (☠️ Brandon) of pre.empt. Great work, gents! Side note: binary

Under-the-hood, Ember uses LightGBM to score a sample from 0 to 1. I added this functionality into Citadel so any binaries added to the framework are now summarised and scored as well as the rest of the Citadel analysis. Read it here: mez0.cc/posts/citadel-…

For those in the UK who remember "backslang", this kind of thing works with ChatGPT too.

throwback to our first blog in 2022. still fun, relevant, and still a headache to detect - despite the meme: pre.empt.blog/posts/bluffy/

1/2 Over the past few weeks I've used the EMBER2024 model to try and figure out how to make implants less likely to be hit by ML. I wrote about the process here: mez0.cc/posts/evaluati…