Remember: debugging Windows kernel with IDA Pro is simpler than might think. #idapro #reversing #windows
New release: #PEbear 0.6.5: github.com/hasherezade/pe… - several new features, fixes and improvements - check it out!
#BREAKING On January 25th #ESETResearch discovered a new cyberattack in 🇺🇦 Ukraine. Attackers deployed a new wiper we named #SwiftSlicer using Active Directory Group Policy. The #SwiftSlicer wiper is written in Go programing language. We attribute this attack to #Sandworm. 1/3
2023-01-20 (Friday) - #TridentUrsa / #Gamaredon uses new IP, 89.185.84[.]43, to phish Ukrainian allies with lures titled "List_of_necessary_humanitarian_assistance.html." Recent samples from Poland: MD5 7dddc5e74280f772942a222d03c48582, 26ad705f126d0c1568fc247ee9a3a694
![Unit42_Intel's tweet image. 2023-01-20 (Friday) - #TridentUrsa / #Gamaredon uses new IP, 89.185.84[.]43, to phish Ukrainian allies with lures titled "List_of_necessary_humanitarian_assistance.html."
Recent samples from Poland:
MD5 7dddc5e74280f772942a222d03c48582, 26ad705f126d0c1568fc247ee9a3a694](https://pbs.twimg.com/media/Fm7STT7WAAAgw50.jpg)
2023-01-18 (Wednesday) - Suspected #TridentUrsa / #Gamaredon targets Lithuanian government with Ukraine-themed lure. MD5 9f78eda28ac4d573467576a3942e8fa7 --> de4ecd1c85321f9f52e7993db7e8fae8 --> b8eee4ae87d45d698a7a08ed61b32451 --> hxxp://194.180.174[.]158/18.01/released.rtf
![Unit42_Intel's tweet image. 2023-01-18 (Wednesday) - Suspected #TridentUrsa / #Gamaredon targets Lithuanian government with Ukraine-themed lure.
MD5 9f78eda28ac4d573467576a3942e8fa7 --> de4ecd1c85321f9f52e7993db7e8fae8 --> b8eee4ae87d45d698a7a08ed61b32451 --> hxxp://194.180.174[.]158/18.01/released.rtf](https://pbs.twimg.com/media/FmxdVdiWQAktGAg.jpg)
![Unit42_Intel's tweet image. 2023-01-18 (Wednesday) - Suspected #TridentUrsa / #Gamaredon targets Lithuanian government with Ukraine-themed lure.
MD5 9f78eda28ac4d573467576a3942e8fa7 --> de4ecd1c85321f9f52e7993db7e8fae8 --> b8eee4ae87d45d698a7a08ed61b32451 --> hxxp://194.180.174[.]158/18.01/released.rtf](https://pbs.twimg.com/media/FmxdWrBWQA8k5tT.jpg)
New blog post "Analyzing Malicious OneNote Documents" blog.didierstevens.com/2023/01/22/ana…
The sixth article in the Malware Analysis Series (MAS) is available: exploitreversing.com/2022/11/24/mal… The C2 configuration extractor is slightly less trivial than expected. Thank you @ilfak and @HexRaysSA for supporting and providing me with IDA Pro. #malwareanalysis #malware
IDA Pro is even more powerful with these plugins youtube.com/watch?v=xO6wWP…
youtube.com
YouTube
Top 5 Best Ida Pro Plugins For Malware Analysis
Cobalt Strike, a Defender's Guide - Part 2 ➡️In this report we talk about domain fronting, SOCKS proxy, C2 traffic, Sigma rules, JARM, JA3/S, RITA & more. Big shout-out to @Kostastsale for helping put this together! thedfirreport.com/2022/01/24/cob…
#Emotet is reborn again! The botnet delivers both malicious documents and payloads from C2 right now. The maldocs for distribution are Excel and Word files. But there is no sign for active spam yet. Don't miss the latest news about #Emotet with ANYRUN! app.any.run/tasks/a6801f1b…
We just added support to crack Windows "Hello" PIN/Password authentication in hashcat! Regarding all technical details, please have a look at this forum thread: hashcat.net/forum/thread-1… Thanks to @tijldeneut and @banaanhangwagen for all the intense preparational work
United States Trends
- 1. Purdy 22.6K posts
- 2. #WWERaw 44.5K posts
- 3. Panthers 28.2K posts
- 4. Mac Jones 4,335 posts
- 5. Penta 6,716 posts
- 6. 49ers 30.3K posts
- 7. Jaycee Horn 2,191 posts
- 8. Gunther 12.2K posts
- 9. #KeepPounding 4,500 posts
- 10. Canales 10.5K posts
- 11. Melo 17.1K posts
- 12. #FTTB 4,080 posts
- 13. Niners 4,294 posts
- 14. #RawOnNetflix 1,699 posts
- 15. #MondayNightFootball N/A
- 16. Mark Kelly 158K posts
- 17. Kittle 3,110 posts
- 18. 3 INTs 2,030 posts
- 19. Joe Buck N/A
- 20. Rico Dowdle 1,127 posts
Something went wrong.
Something went wrong.