clibm079
@clibm079
Independent Malware Analyst & Researcher,Notes (Philosophy & Poetry) — The Path of Clarity & Poems of Malware Analysis. Blog: http://malwareanalysisspace.blogspot.com
You might like
"To truly understand an adversary, you must rise to — or beyond — their depth.Because only depth reveals intent." #CyberSecurity #MalwareAnalysis #APT #NationalLevelAPT #ThreatIntel #ReverseEngineering
Interesting FUD 'setup.pkg' @abuse_ch bazaar.abuse.ch/sample/45f9b2a… C2: 151.242.170(.)228 @500mk500 @skocherhan @clibm079
I had some questions about my career and stuff. I'll answer them. 1. I got into programming really young (about 13 years old). I think I was sufficiently skilled to get an entry level programming job as young as 17, but nobody wanted to hire me or take a risk due to my age.…
My positions and pay: Helpdesk: $10.50/hr Computer Technician: $11.50/hr Helpdesk (again): $16/hr Software Engineer: $42,000/yr Software Engineer: $65,000/yr Software Engineer: $90,000/yr Malware Researcher: $165,000/yr Malware Researcher: $350,000/yr My first computer job I…
Wrote a new blog post on defeating string obfuscation in an obfuscated NodeJS malware sample using AST: dinohacks.com/posts/2025/202…
EvilAI exfiltrates browser data and maintains encrypted command-and-control comms, making visibility and response critical. Find out how Trend Vision One™ helps mitigate this threat: research.trendmicro.com/468BdSR
Welcome back Hasherezade (@hasherezade) to our RE//verse review board! Hasherezade, a malware analyst and software engineer from Poland, is known for her impactful work in cybersecurity and reverse engineering. @hasherezade has created several open source tools including PE-bear,…
I have been closely following all identifiable samples of #APT28 for two years now. @s2grupo's @LAB52io group just released a report about #NotDoor backdoor variant: lab52.io/blog/analyzing… You can find the sample in my "usual" place @abuse_ch bazaar.abuse.ch/browse/tag/APT……
Going live with @Amr_Thabet on October 14th to talk about PowerShell persistence (something I see attackers use constantly to stay hidden in environments) 🎙 I’ll share my approach to hunting for these techniques (baseline → spot anomalies → correlate → validate) and forensic…
Excited to share our latest research on APT37(a.k.a ScarCruft, Ruby Sleet, and Velvet Chollima)’s new infection chain and C2 operation: 1⃣ Initial Access: Leveraging LNK and CHM files to deliver Rust-based and PowerShell-based malware. 2⃣ Post-Recon: Deployment of FadeStealer…
'balah.bat' dropper from Australia with 0 detection on VT @abuse_ch bazaar.abuse.ch/sample/e96b197… Drops #QuasarRAT from here: hxxps://raw.githubusercontent(.)com/boucegame/ScamBaiting-Updated/refs/heads/main/ChromeUpdater.exe Domain: amyuni(.)com
🤔 145[.]223[.]124[.]175 88[.]223[.]87[.]97 91[.]108[.]123[.]228 77[.]37[.]55[.]170 147[.]79[.]72[.]219 147[.]79[.]72[.]43 147[.]79[.]72[.]42 147[.]79[.]79[.]216 88[.]223[.]87[.]32 145[.]223[.]124[.]208 147[.]79[.]72[.]229 77[.]37[.]53[.]5 77[.]37[.]83[.]211 147[.]79[.]72[.]163…
![skocherhan's tweet image. 🤔
145[.]223[.]124[.]175
88[.]223[.]87[.]97
91[.]108[.]123[.]228
77[.]37[.]55[.]170
147[.]79[.]72[.]219
147[.]79[.]72[.]43
147[.]79[.]72[.]42
147[.]79[.]79[.]216
88[.]223[.]87[.]32
145[.]223[.]124[.]208
147[.]79[.]72[.]229
77[.]37[.]53[.]5
77[.]37[.]83[.]211
147[.]79[.]72[.]163…](https://pbs.twimg.com/media/G2iFwjxWUAAdx_s.jpg)
'B30c.bat' FUD @abuse_ch bazaar.abuse.ch/sample/f2acb59… Drops: hxxps://seagreen-capybara-853936.hostingersite(.)com/base.ps1 bazaar.abuse.ch/sample/75130de… @skocherhan
It's been a busy week so I almost missed this interesting unfolding story. The newly created GitHub repository "KittenBusters/CharmingKitten" appears to be part of an exposure campaign against the Iranian Advanced Persistent Threat (APT) group Charming Kitten, aka APT35. The…
暁は集った 🚨 NEW RESEARCH: How $81M vanished from Iran's largest crypto exchange akatsukilegion.netlify.app/nobitex_breach… Special thanks goes to @ValidinLLC @Huntio for supporting us Researchers: @TIE__SUN @Sh4dow3x3 #ThreatHunting #DFIR #Stealers #Crypto #Blockchain
The new VirusTotal plugin for IDA Pro now integrates Code Insight into your reversing workflow, allowing you to save and use relevant analyses to contextualize other functions. blog.virustotal.com/2025/08/integr…
Part 1: Introduce rootkits and their history and a few example implementations of rootkits and mitigation strategies. Part 2: Introducing two case studies of rootkits found in the wild and hunting skills. I appreciated it; thanks for sharing. @rotemsalinas
My new blog about rootkits is out! cyberark.com/resources/thre…
Costin Raiu: The GReAT exit interview youtu.be/bUMqkkXj5eA?si… via @YouTube . The security conversations from @ryanaraine and @craiu were intriguing and significant; thanks for sharing. 💙
youtube.com
YouTube
Costin Raiu: The GReAT exit interview
My malware development works and practices for [April 2025]: * Waiting thread hijacking: github.com/Whitecat18/Rus… * My Custom Shellcode: github.com/Whitecat18/Rus… * ApiHooking using Trampoline: github.com/Whitecat18/Rus… * Fixed Direct Syscall Issues: github.com/Whitecat18/Rus… *…
![5mukx's tweet image. My malware development works and practices for [April 2025]:
* Waiting thread hijacking: github.com/Whitecat18/Rus…
* My Custom Shellcode: github.com/Whitecat18/Rus…
* ApiHooking using Trampoline: github.com/Whitecat18/Rus…
* Fixed Direct Syscall Issues: github.com/Whitecat18/Rus…
*…](https://pbs.twimg.com/media/GpyJBxnWoAAl5e4.png)
![5mukx's tweet image. My malware development works and practices for [April 2025]:
* Waiting thread hijacking: github.com/Whitecat18/Rus…
* My Custom Shellcode: github.com/Whitecat18/Rus…
* ApiHooking using Trampoline: github.com/Whitecat18/Rus…
* Fixed Direct Syscall Issues: github.com/Whitecat18/Rus…
*…](https://pbs.twimg.com/media/GpyJFITXUAAnRoF.png)
![5mukx's tweet image. My malware development works and practices for [April 2025]:
* Waiting thread hijacking: github.com/Whitecat18/Rus…
* My Custom Shellcode: github.com/Whitecat18/Rus…
* ApiHooking using Trampoline: github.com/Whitecat18/Rus…
* Fixed Direct Syscall Issues: github.com/Whitecat18/Rus…
*…](https://pbs.twimg.com/media/GpyJG8_XUAAyP-o.png)
![5mukx's tweet image. My malware development works and practices for [April 2025]:
* Waiting thread hijacking: github.com/Whitecat18/Rus…
* My Custom Shellcode: github.com/Whitecat18/Rus…
* ApiHooking using Trampoline: github.com/Whitecat18/Rus…
* Fixed Direct Syscall Issues: github.com/Whitecat18/Rus…
*…](https://pbs.twimg.com/media/GpyJWJEWwAAeadP.jpg)
My new blog for Check Point Research - check it out! 💙 // #ProcessInjection : #WaitingThreadHijacking
Thread Execution Hijacking is one of the well-known methods that can be used to run implanted code. In this blog we introduce a new injection method, that is based on this classic technique, but much stealthier - Waiting Thread Hijacking. Read More : research.checkpoint.com/2025/waiting-t…
United States Trends
- 1. Jets 77.9K posts
- 2. Jets 77.9K posts
- 3. Justin Fields 7,917 posts
- 4. Aaron Glenn 4,210 posts
- 5. #HardRockBet 3,285 posts
- 6. Sean Payton 1,859 posts
- 7. London 200K posts
- 8. Garrett Wilson 3,152 posts
- 9. Bo Nix 2,951 posts
- 10. HAPPY BIRTHDAY JIMIN 138K posts
- 11. Tyrod 1,515 posts
- 12. #OurMuseJimin 185K posts
- 13. #DENvsNYJ 2,044 posts
- 14. #JetUp 1,890 posts
- 15. Peart 1,884 posts
- 16. #30YearsofLove 162K posts
- 17. Bam Knight N/A
- 18. Kurt Warner N/A
- 19. Hail Mary 2,379 posts
- 20. Rich Eisen N/A
You might like
-
Ransom Diary
@Ransom_Diary -
illy…nr🇵🇸
@nabnab0130 -
jeffrey brower
@jeffreybrower5 -
aymd 𓂆 🍉🇵🇸 🔻🏴
@7aymd7 -
hacksys
@flopyash -
#PMInc
@pmnp -
Vondechii
@Vondechiii -
Tony Virelli
@virelli -
Rick Zabel -- ⚡️
@RickZabel_WNY -
Tera
@Tera0017 -
Renaud Bidou
@rbidou -
Dlamini M.P.
@IAmDlaminiMP -
Software Testing Material
@STMWebsite -
jEEVA
@imgva -
Boris
@xitec75
Something went wrong.
Something went wrong.