Karsten Hahn
@struppigel
Followers
23K
Following
25K
Statuses
9K
MalwareAnalysisForHedgehogs, Principal Malware Researcher at GDATA, he/him π¦ππ³οΈββ§οΈ
Germany
Joined May 2014
My beginner's course for malware analysis is finally ready. ππ¦π¦π§«π§βπ¬ Get access for free for the next 5 days by using the link below:
34
246
1K
CISA found a backdoor in a patient monitor. Direct link to PDF:
1
15
51
@huettenhain Thanks, I was not aware of the snip -r option. The rest I actually could have done better X)
0
0
0
RT @vxunderground: Mildly irritating things seen by malware nerds: - Person saying {thing} evades EDR and/or AV, but they've never performβ¦
0
60
0
RT @_montysecurity: Dropped a new tool for malware researchers. It is used to continuously ingest, analyze, and alert on samples given a seβ¦
0
32
0
0
0
2
RT @x86matthew: I created a hypervisor-based emulator for Windows x64 binaries. This project uses Windows Hypervisor Platform to build a viβ¦
0
346
0
@decalage2 MSI which are also .JAR have been abused. MSI part is legit and validly signed. JAR is malicious.
0
1
11
Articles make it often seem easier than it actually is. So choosing one that looks do-able, should have the right difficulty to feel challenged but not too much. The article also serves as feedback mechanism, you can compare whether you came to the same results.
2
0
9
Juicy bits in Lumma Stealer dev Q&A
The people have spoken, you asked and them replied Lumma Stealer Questions & Answers ποΈ ποΈ clickbait content: "we will PROBABLY cease operations" Read it here:
1
2
28
0
0
1
@ShanHolo @lontze7 @RexorVc0 @DaveLikesMalwre @JAMESWT_MHT This decodes it sample | snip 27:209493 | rex "(..)." {1} | hex | carve -sd intarray [| alu B-147 ]| carve -sd b64 | recode | rex \".+?\" | carve -sd b64 | decompress
3
0
15
We would have less fake news about malware on USB adapters and analysis time wasted if sandboxes changed their wording from "malicious" to "interesting to look at"--which is how they are actually understood by analysts.
2
25
65
RT @dodo_sec: As promised, my Ida script for finding a common string encryption algorithm in Delphi samples has been improved and I've releβ¦
0
5
0