#Article #MalwareAnalysis #Radare2
📗 Intro to Cutter for Malware Analysis
🌐Article Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
📗 Intro to Cutter for Malware Analysis
🌐Article Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Article #MalwareAnalysis
📗 Defeating Macro Document Static Analysis with Pictures of My Ca
Over the past few weeks I’ve spent some time learning Visual Basic for Applications (VBA), specifically for creating malicious Word documents to act as an initial stager. When taking operational security into consideration and brainstorming ways of evading macro detection, I had the question, how does anti-virus detect a malicious macro?
🌐Article Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
📗 Defeating Macro Document Static Analysis with Pictures of My Ca
Over the past few weeks I’ve spent some time learning Visual Basic for Applications (VBA), specifically for creating malicious Word documents to act as an initial stager. When taking operational security into consideration and brainstorming ways of evading macro detection, I had the question, how does anti-virus detect a malicious macro?
🌐Article Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Article #MalwareAnalysis
📗 Anti Analysis using API hashing
Malware authors are always using different tricks and techniques to try and stop malware analysts from analysing their malware. One common technique a malware analyst will do is take a look at the Import Address Table (IAT) once they have unpacked sample and see if the IAT gives any clues as to how the malware may behave.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
📗 Anti Analysis using API hashing
Malware authors are always using different tricks and techniques to try and stop malware analysts from analysing their malware. One common technique a malware analyst will do is take a look at the Import Address Table (IAT) once they have unpacked sample and see if the IAT gives any clues as to how the malware may behave.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Misc #Github #MalwareAnalysis
📗MalwareAnalysis101
Some malware samples or suspicious files I found and their reports.
🌐 Project Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
📗MalwareAnalysis101
Some malware samples or suspicious files I found and their reports.
🌐 Project Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Article #MalwareAnalysis
📗Diving into sandbox-captured malware data
I’m sure at some point you’ve received a report or alert from some entity — US-CERT, DHS, someone on Twitter retweeting a security researcher or an anti-virus company, maybe even your bank or credit union? — about a specific threat actor and the malware they may wield against your organization’s network.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
📗Diving into sandbox-captured malware data
I’m sure at some point you’ve received a report or alert from some entity — US-CERT, DHS, someone on Twitter retweeting a security researcher or an anti-virus company, maybe even your bank or credit union? — about a specific threat actor and the malware they may wield against your organization’s network.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Article #MalwareAnalysis #OSX
📗How to Reverse Malware on macOS Without Getting Infected - Part 1-3
Resources for learning malware analysis and reverse engineering abound for the Windows platform and PE files, but by comparison there’s very little literature or tutorials for those who want to learn specifically about how to reverse macOS malware and macOS malware analysis techniques.
🌐 Artcle Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
📗How to Reverse Malware on macOS Without Getting Infected - Part 1-3
Resources for learning malware analysis and reverse engineering abound for the Windows platform and PE files, but by comparison there’s very little literature or tutorials for those who want to learn specifically about how to reverse macOS malware and macOS malware analysis techniques.
🌐 Artcle Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Article #MalwareAnalysis #Android
How to analyze mobile malware: a Cabassous/FluBot Case study
This blogpost explains all the steps I took while analyzing the Cabassous/FluBot malware.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
How to analyze mobile malware: a Cabassous/FluBot Case study
This blogpost explains all the steps I took while analyzing the Cabassous/FluBot malware.
🌐 Article Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Tutorial #MalwareAnalysis
Materials for Windows Malware Analysis training (volume 1) by hasherezade
🌐 Tutorial Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
Materials for Windows Malware Analysis training (volume 1) by hasherezade
🌐 Tutorial Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
👍1
#Article #MalwareAnalysis
Process Ghosting, a new executable image tampering attack
PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
🌐 Articles Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
Process Ghosting, a new executable image tampering attack
PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
🌐 Articles Link
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
👍1
#Article #MalwareAnalysis #Concepts
MalAPI.io - Interesting APIs For Malware Hunters.
🌐 Website Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
MalAPI.io - Interesting APIs For Malware Hunters.
🌐 Website Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
#Article #MalwareAnalysis
Anti-Disassembly techniques used by malware (a primer) Part 1-2
There are chances that malware authors implement some kind of trolling so that a malware analyst has a hard time figuring out code during static analysis (IDA Pro ?)
🌐 Part1 - 🌐 Part2
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
Anti-Disassembly techniques used by malware (a primer) Part 1-2
There are chances that malware authors implement some kind of trolling so that a malware analyst has a hard time figuring out code during static analysis (IDA Pro ?)
🌐 Part1 - 🌐 Part2
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
🎉5👎2🔥2👍1
#Project #MalwareAnalysis
YaraDbg
Is a free web-based Yara debugger to help security analysts to write hunting or detection rules with less effort and more confidence.
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
YaraDbg
Is a free web-based Yara debugger to help security analysts to write hunting or detection rules with less effort and more confidence.
🌐 Website
Telegram Channel : @securebyte
Our Public Group : https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
🔥3
#Article #MalwareAnalysis #Android
Analyzing MSFVenom Android Payload By Kousha
MSFVenom is one of the most popular frameworks to create payloads, shellcodes, etc. I want to analyze a little bit of MSFVenom Android payload.
تحلیل پیلود اندرویدی ساخته شده با فریم ورک MSFVenom توسط کوشا
🌐 Article Link
🔗لینک گروه عمومی بایت امن :
https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
Analyzing MSFVenom Android Payload By Kousha
MSFVenom is one of the most popular frameworks to create payloads, shellcodes, etc. I want to analyze a little bit of MSFVenom Android payload.
تحلیل پیلود اندرویدی ساخته شده با فریم ورک MSFVenom توسط کوشا
🌐 Article Link
🔗لینک گروه عمومی بایت امن :
https://t.me/joinchat/8IAKs9HaoGU2NmE0
_
👍11
#Tools #MalwareAnalysis
▪️YAMA is a system for generating scanner that can inspect specific malware during incident response.
برنامه YAMA به عنوان یک برنامه کاربردی در یوزر مد عمل خواهد کرد و فضای حافظه سایر پروسس ها رو از نظر فعالیت های مشکوک اسکن میکنه و میتونه بدافزار ها رو شناسایی کنه.
🦅 کانال بایت امن | گروه بایت امن
_
▪️YAMA is a system for generating scanner that can inspect specific malware during incident response.
برنامه YAMA به عنوان یک برنامه کاربردی در یوزر مد عمل خواهد کرد و فضای حافظه سایر پروسس ها رو از نظر فعالیت های مشکوک اسکن میکنه و میتونه بدافزار ها رو شناسایی کنه.
_
Please open Telegram to view this post
VIEW IN TELEGRAM
❤6👍6🔥4
#Tools #MalwareAnalysis
▪️Automated Linux Malware Analysis Sandbox
ELFEN is a dockerized sandbox for analyzing Linux (file type: ELF) malware. It leverages an array of open-source technologies to perform both static and dynamic analysis. Results are available through both the GUI and API.
🦅 @SecureByte
_
▪️Automated Linux Malware Analysis Sandbox
ELFEN is a dockerized sandbox for analyzing Linux (file type: ELF) malware. It leverages an array of open-source technologies to perform both static and dynamic analysis. Results are available through both the GUI and API.
_
Please open Telegram to view this post
VIEW IN TELEGRAM
❤8🔥3🎉3👍1
#Video #MalwareAnalysis
▪️Reversing in action: Golang malware used in the SolarWinds attack. Part 1 and Part 2
در این دو ویدیو به تحلیل بدافزاری که در زبان برنامه نویسی Go نوشته شده بود و در حمله به SolarWinds استفاده شد، پرداخته میشود.
🦅 کانال بایت امن | گروه بایت امن
_
▪️Reversing in action: Golang malware used in the SolarWinds attack. Part 1 and Part 2
در این دو ویدیو به تحلیل بدافزاری که در زبان برنامه نویسی Go نوشته شده بود و در حمله به SolarWinds استفاده شد، پرداخته میشود.
_
Please open Telegram to view this post
VIEW IN TELEGRAM
❤6👍6🔥4🤩1
#Tutorial #MalwareAnalysis
Real-world Android Malware Analysis
Part1 - Part2 - Part3 - Part4
تو این آموزش 4 قسمتی، نحوه تحلیل بدافزارهای اندروید رو با نمونه های واقعی یاد میگیرید
🦅 کانال بایت امن | گروه بایت امن
_
Real-world Android Malware Analysis
Part1 - Part2 - Part3 - Part4
تو این آموزش 4 قسمتی، نحوه تحلیل بدافزارهای اندروید رو با نمونه های واقعی یاد میگیرید
_
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥10❤8👍7🤩2
#MalwareAnalysis
Agent Tesla is a popular info stealer coded in C# that consistently makes lists as one of the most prevalent malware strains. (Update Post)
آنالیز بدافزار Stealer (Tesla)
بدافزار محبوب Tesla، که به زبان برنامهنویسی #C نوشته شده، اخیراً با هدف قرار دادن کاربران در ایالات متحده آمریکا و استرالیا مجدداً مشاهده شده است. این مقالات بهروزرسانی شده و پیرامون آنپک کردن این بدافزار میباشد.
https://ryan-weil.github.io/posts/AGENT-TESLA-1/
https://ryan-weil.github.io/posts/AGENT-TESLA-2/
https://research.checkpoint.com/2024/agent-tesla-targeting-united-states-and-australia/
🦅 کانال بایت امن | گروه بایت امن
_
Agent Tesla is a popular info stealer coded in C# that consistently makes lists as one of the most prevalent malware strains. (Update Post)
آنالیز بدافزار Stealer (Tesla)
بدافزار محبوب Tesla، که به زبان برنامهنویسی #C نوشته شده، اخیراً با هدف قرار دادن کاربران در ایالات متحده آمریکا و استرالیا مجدداً مشاهده شده است. این مقالات بهروزرسانی شده و پیرامون آنپک کردن این بدافزار میباشد.
https://ryan-weil.github.io/posts/AGENT-TESLA-1/
https://ryan-weil.github.io/posts/AGENT-TESLA-2/
https://research.checkpoint.com/2024/agent-tesla-targeting-united-states-and-australia/
_
Please open Telegram to view this post
VIEW IN TELEGRAM
❤17👍4🔥3
#Article #MalwareAnalysis #ReverseEngineering
Mobile Malware Analysis Series
1. Leveraging Accessibility Features to Steal Crypto Wallet
2. MasterFred
3. Pegasus
4. Intro to iOS Malware Detection
5. Analyzing an Infected Device
6. Xenomorph
7. Blackrock
مجموعه مقالات تحلیل بدافزار های موبایل از وب سایت 8ksec
سایر آموزش ها :
1. Advanced Frida Series for mobile security Enthusiasts
2. ARM64 Reversing and Exploitation Blog Series
3. Dissecting Windows Malware Series
🦅 کانال بایت امن | گروه بایت امن
_
Mobile Malware Analysis Series
1. Leveraging Accessibility Features to Steal Crypto Wallet
2. MasterFred
3. Pegasus
4. Intro to iOS Malware Detection
5. Analyzing an Infected Device
6. Xenomorph
7. Blackrock
مجموعه مقالات تحلیل بدافزار های موبایل از وب سایت 8ksec
سایر آموزش ها :
1. Advanced Frida Series for mobile security Enthusiasts
2. ARM64 Reversing and Exploitation Blog Series
3. Dissecting Windows Malware Series
_
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥16❤1👍1
#Article #MalwareAnalysis
Understanding RedLine Stealer: The Trojan Targeting Your Data
در این پست بهصورت مرحلهبهمرحله به آنالیز تروجان RedLine Stealer پرداخته شده است.
این تروجان پس از نصب در سیستم قربانی، شروع به جمعآوری اطلاعاتی نظیر Login Credentials، تمامی اطلاعاتی که در فرمهای مرورگر بهصورت AutoFill ذخیره شدهاند، کلیدهای کیف پولهای ارزهای دیجیتال، اطلاعات مربوط به سیستمعامل و سختافزار، و همچنین فایلها و اسناد موجود میکند.
🦅 کانال بایت امن | گروه بایت امن
_
Understanding RedLine Stealer: The Trojan Targeting Your Data
در این پست بهصورت مرحلهبهمرحله به آنالیز تروجان RedLine Stealer پرداخته شده است.
این تروجان پس از نصب در سیستم قربانی، شروع به جمعآوری اطلاعاتی نظیر Login Credentials، تمامی اطلاعاتی که در فرمهای مرورگر بهصورت AutoFill ذخیره شدهاند، کلیدهای کیف پولهای ارزهای دیجیتال، اطلاعات مربوط به سیستمعامل و سختافزار، و همچنین فایلها و اسناد موجود میکند.
_
Please open Telegram to view this post
VIEW IN TELEGRAM
❤17👍2🔥2