Wanna analyze Malicious #OneNote documents? Check out my new C# based tool "OneNoteAnalyzer" for analyzing malicious OneNote documents Link: #malwareanalysis #reverseengineering #threathunting #infosec #cybersecurity #threatintel #threathunt #malware

Initial infection chain of the new #Lazarus Willo Video Interview campaign is outlined in detail within the infographic Releasing an in-depth blog abt the campaign soon. Happy New Year! @banthisguy9349 #cyber #dfir #infosec #cybersecurity #malware #threatintel #cti #dprk #apt

@TuringAlex @banthisguy9349 @cyberwar_15 @Cyber0verload @Gi7w0rm @0xmh1 @StrikeReadyLabs @RakeshKrish12 @k3yp0d @Jane_0sint @RexorVc0 @byrne_emmy12099 @suyog41 @lontze7 @bofheaded yo my broo haha 🤘

@banthisguy9349 @cyberwar_15 @Cyber0verload @Gi7w0rm @0xmh1 @StrikeReadyLabs @TuringAlex @RakeshKrish12 @k3yp0d @Jane_0sint @RexorVc0 @byrne_emmy12099 @suyog41 @lontze7 @bofheaded Thankyou so much this means a lot :) Love your research as well! Cheers

This was a sarcastic post 😂 nothing's “highly interesting” abt computer name check. In fact the check is never executed as the strstr() call always returns a ptr to main str since the substr is in the main str, so the if condition is never met. Likely a dev mistake or junk code.

#APT maldoc utilizes TryCloudFlare to download a LNK, which loads a Rust-based DLL backdoor via rundll32, the backdoor then leverages VSCode Remote Tunnel for gaining remote access to the compromised machine #cyber #dfir #infosec #cybersecurity #malware #threatintel #cti

The persistent #XSS vuln (CVE-2023-43770) I reported in RoundCube was successfully exploiting by #APT28 💀 Anybody having the XSS payload please send it across =) #cyber #dfir #infosec #informationsecurity #cybersecurity #malware #threatintel #cti

Identified additional #BlackSuit #Ransomware related #CobaltStrike infrastructure based on the recent @TheDFIRReport report. Infra: #dfir #cyber #infosec #informationsecurity #cybersecurity #malware #threatintel #cti

A PoC video demonstrating the use of TryCloudflare reverse proxy tunnel, which is abused by TAs globally in recent campaigns to conceal their C2 servers, distribute payloads and more. #cyber #redteam #dfir #infosec #informationsecurity #cybersecurity #malware #threatintel #cti

#Kimsuky employs anti-forensics by deleting the PowerShell "ConsoleHost_history.txt" file which stores the PS console command history. #apt #apt43 #cyber #dfir #infosec #cybersecurity #malware #threatintel #cti #malwareanalysis #malwareresearch #threathunting

Wrote a PoC for OnMouseMove #HTML file used in the #Russian #APT group campaign targeting Ukraine. A classic Anti-Sandbox technique =) #apt #cyber #dfir #infosec #cybersecurity #malware #threatintel #cyberthreatintelligence #cti #malwareanalysis

Forest Blizzard (#APT28) GooseEgg's help command. Use the command line arguments "-?" or "--help" #APT #GooseEgg #cyber #dfir #infosec #cybersecurity #malware #threatintel #russia #security #cyberthreatintelligence #cti #malwareanalysis #malwareresearch #threathunting

Forest Blizzard's (#APT28) GooseEgg batch script dumps SAM and LSA secrets, it also contains a remark indicating future script updates might include #LSASS Dumping. #apt #cyber #dfir #infosec #cybersecurity #malware #threatintel #cyberthreatintelligence #cti #malwareanalysis

Legitimate binaries patched with #ArguePatch loader by #Sandworm aka #APT44 Patched func vs Original func shown in image. #cyber #dfir #infosec #apt #intel #cybersecurity #malware #threatintel #cti #malwareanalysis #malwareresearch #threathunting #reverseengineering #analysis

The tool I developed to analyze #OneNote documents - "OneNoteAnalyzer" is now a part of the #Flare VM. Flare VM: GitHub: #cyber #dfir #infosec #cybersecurity #malware #threatintel #malwareanalysis #malwareresearch #threathunting

The site module appends new module search paths to sys.path by reading the .pth file, if the line in the .pth file starts with an "import ", it is executed via exec(line). The module is automatically imported at Python startup

@RustyNoob619 Nice one brother! 💪

RT @RustyNoob619: #100DaysofYARA Day87: Detecting OCEANMAP Backdoor used by Russian APT28 Checkout @knight0x07 Te…

Analyzed the #Kimsuky PowerShell Backdoor & published the commented enum detailing the backdoor commands & few notes. Link: #APT #APT43 #cyber #dfir #infosec #cybersecurity #malware #threatintel #cti #malwareanalysis #malwareresearch #threathunting