My Top Phrases💙🙏:
➡️ It is, what it is! (Stop trying to change things, complaining, and crying but either accept them or adapt to find a way)
➡️ Never say never! (There are always situations where you would do something you'd never even think of)
➡️ Enjoy your life! (You live

CPR recently discovered a dating app with over 10 million downloads that had vulnerabilities, allowing precise location determination of their users, even with distance display being disabled.
research.checkpoint.com/2024/the-illus…

As the filter driver is super-sophisticated 😊, it seems to be enough to copy out 'powershell.exe' + rename it and all those registry changes restrictions are bypassed (process blacklist, MS signing).
Just before running, rename it to something different than:

RussianPanda 🐼 🇺🇦 So true, needed 15mins for this 😄🤓
'rule SUSP_Panda{strings:$='Yara'wide$='false positives'wide$='low quality'wide$='5-minute job'wide condition:all of them}'|sc .\p.yar;start 'twitter.com/RussianPanda9x…';sleep 2;(ps 'firefox').ForEach{.\yara64.exe .\p.yar $_.Id};rm .\p.yar

It's pretty funny when people complain about recruiters reaching out to them on #LinkedIn . 😄
But really, that's what #LinkedIn is for – to connect with people, including recruiters, and show off a bit (maybe even to make your ego happy). You put up all your achievements and

This is so cool

I am done 😄☹️ Writing a Live Hunt #VirusTotal Rule that needs to check Windows #drivers loading...
I was so naive to check for setting values of services key, till I found this is perfectly fine for Windows to load Kernel driver via #NtLoadDriver 😥

A few days ago I posted an example of #Harmony Library hooking via #PowerShell . Some feedbacks were like 'Ok, but what is the usage?'
I am a Researcher and for the first time in my life I am actually appreciated and paid for thinking differently (being different), and my company

Our new research reveals how AI shapes election campaigns globally, from deepfakes to disinformation.

Dive into our latest analysis on the the contentious role of AI in politics :

research.checkpoint.com/2024/beyond-im…

In our recent publication, we look at Agent Tesla campaigns behind the scenes and reveal the identities of the actors responsible for the attacks against US and AU customers.👇
research.checkpoint.com/2024/agent-tes…

Malware spotlight: Meet the latest version of Linodas, the Linux sister RAT to DinodasRAT/XDelear
🐧 V11 of the extensive and well-developed Linux RAT
🕵️ New and unique filter module, hiding malware traces
Read more research.checkpoint.com/2024/29676/

So far not so bad... if you consider that I am using pure #PowerShell Method defined in #PowerShell class via reflection as a patch for pure .NET method with #Harmony library 🤓😄🤟

But a loot of limitation actually sucks in wide usage☹️
#Hooking #Harmony #dotnet #PowerShell

Wrote a little tool to generate a proxy for DLL hijacking. ASM stubs are often used for this purpose, but with some trickery you can use forwards with absolute paths! github.com/mrexodia/perfe… #infosec #redteam #Memes

As I found this IDA plugin idea pretty cool and useful, I ported it to support Python2/3 and IDA>=7.4 (tested IDA 7.7, 8.4) ➡️ available Here:
gist.github.com/Dump-GUY/be133…

It is a modified version of Willi Ballenthin IDA Plugin 'hint_calls.py''. Enjoy, and thank you Willi 💙😊🙏