#malware-analysis — Public Fediverse posts

We're excited to announce that the Call for Trainers is now OPEN for DEF CON Training Middle East!

Are you passionate about cybersecurity, hacking, and hands-on learning? Do you have expertise in emerging threats, defensive strategies, or cutting-edge security techniques? We want to hear from you!

Visit training.defcon.org to submit your trainer application for a two-day or three-day course by May 9, 2026.
https://training.defcon.org/pages/2026-middle-east-call-for-trainers

#DEFCON #DEFCONTraining #Cybersecurity #Training #Hacking #InfoSec #SecurityCommunity #DEFCONMiddleEast #AI #RedTeam #BlueTeam #DigitalForensics #CyberTalent #MalwareAnalysis

Tried to book a bar. Ended up reverse engineering a malware campaign instead.

A fake "Cloudflare verify" page copied an obfuscated PowerShell loader to my clipboard. So I broke it down:

XOR-obfuscated script
Payload delivery
RedCap infostealer analysis
REMnux, Ghidra & Hybrid Analysis

Also watched the infrastructure get taken down mid-write-up.

First time doing any RE

https://blog.michaelrbparker.com/post/17

(Still haven't booked that drink.)

#CyberSecurity #MalwareAnalysis #ThreatAnalysis

🚀 Just released smali-lsp!

A Language Server for Smali with:
• Goto definition
• Cross-references
• Symbols & hover
• Works with any IDE (minimal setup)

Also includes an MCP server → plug into AI agents for faster APK analysis 🤖

🔗 https://github.com/Surendrajat/smali-lsp

#AndroidDev #ReverseEngineering #MalwareAnalysis #LSP #InfoSec #RE #security #dalvik

#ReverseEngineering mit #KI? @martin_fmi erklärt, wie #LLMs Malware-Muster erkennen, externe Systemaufrufe rekonstruieren & versteckte Architekturen sichtbar machen. Selbst bei obfuskiertem Code.

Lesen & auf den Ernstfall vorbereiten: https://javapro.io/de/ki-gesteuertes-reverse-engineering-von-java-anwendungen/

#MalwareAnalysis

APT37’s Ruby Jumper campaign demonstrates a mature approach to air-gap traversal.

Observed tradecraft includes:
• LNK-based initial execution
• Embedded PowerShell payload extraction
• Ruby interpreter abuse (v3.3.0)
• Scheduled task persistence (5-minute interval)
• USB-based covert bidirectional C2
• Multi-stage backdoor deployment
Toolset: RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, FOOTWINE, BLUELIGHT.

The removable media relay model enables:
– Command staging offline
– Data exfiltration without internet access
– Lateral spread across isolated systems
– Surveillance via Windows spyware
This reinforces a critical point:
Air-gap controls must extend beyond physical disconnection — including USB governance, device auditing, behavioral monitoring, and strict runtime execution policies.

Are critical infrastructure operators prepared for USB-mediated C2 relays?

Source: https://www.bleepingcomputer.com/news/security/apt37-hackers-use-new-malware-to-breach-air-gapped-networks/

Engage below.

Follow TechNadu for high-signal threat intelligence insights.
Repost to elevate awareness.

#Infosec #APT37 #AirGapSecurity #ThreatModeling #MalwareAnalysis #NationStateThreats #USBExfiltration #SOC #DetectionEngineering #CyberDefense #OperationalSecurity #ThreatHunting #ZeroTrustArchitecture

RE: https://infosec.exchange/@washi/116109971111061839

MY MORTAL ENEMY IS THAT ONE zgRAT YARA RULE IT SHOWS UP FREAKING EVERYWHERE AND IS SO WRONG ASDHFJDSHFHASFHSDJAH

thank you for this Washi! I learned some things about .NET from this post as well!

popping on the #ReverseEngineering #MalwareAnalysis tags too

REMnux 8 è la nuova versione della distribuzione Linux dedicata all’analisi di malware, con strumenti aggiornati, container ottimizzati e un ambiente più stabile per ricercatori e analisti. #REMnux #MalwareAnalysis #Forensics #CyberSecurity #Linux

https://www.linuxeasy.org/remnux-8-la-nuova-versione-della-distro-per-lanalisi-di-malware-e-la-sicurezza-digitale/?utm_source=mastodon&utm_medium=jetpack_social

🏋️ 𝗡𝗼𝗿𝘁𝗵𝗦𝗲𝗰 𝟮𝟬𝟮𝟲 𝗙𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻𝘀/𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴𝘀 (5/12): "Deconstructing Rust Binaries" 𝗽𝗮𝗿/𝗯𝘆 Cindy Xiao

📅 Dates: May 11, 12 and 13, 2026 (3 days)
📊 Difficulty: Medium
🖥️ Mode: Hybrid (on-site & remote)

Description:
"𝘙𝘶𝘴𝘵-𝘣𝘢𝘴𝘦𝘥 𝘮𝘢𝘭𝘸𝘢𝘳𝘦 𝘪𝘴 𝘢 𝘨𝘳𝘰𝘸𝘪𝘯𝘨 𝘵𝘩𝘳𝘦𝘢𝘵. 𝘋𝘦𝘤𝘰𝘯𝘴𝘵𝘳𝘶𝘤𝘵𝘪𝘯𝘨 𝘙𝘶𝘴𝘵 𝘉𝘪𝘯𝘢𝘳𝘪𝘦𝘴 𝘦𝘲𝘶𝘪𝘱𝘴 𝘳𝘦𝘷𝘦𝘳𝘴𝘦 𝘦𝘯𝘨𝘪𝘯𝘦𝘦𝘳𝘴 𝘢𝘯𝘥 𝘮𝘢𝘭𝘸𝘢𝘳𝘦 𝘢𝘯𝘢𝘭𝘺𝘴𝘵𝘴 𝘸𝘪𝘵𝘩 𝘦𝘴𝘴𝘦𝘯𝘵𝘪𝘢𝘭 𝘴𝘬𝘪𝘭𝘭𝘴 𝘧𝘰𝘳 𝘵𝘢𝘤𝘬𝘭𝘪𝘯𝘨 𝘢 𝘯𝘦𝘸 𝘤𝘩𝘢𝘭𝘭𝘦𝘯𝘨𝘦. 𝘋𝘺𝘯𝘢𝘮𝘪𝘤 𝘣𝘪𝘯𝘢𝘳𝘪𝘦𝘴 𝘢𝘳𝘦 𝘪𝘯𝘤𝘳𝘦𝘢𝘴𝘪𝘯𝘨𝘭𝘺 𝘮𝘰𝘷𝘪𝘯𝘨 𝘵𝘰𝘸𝘢𝘳𝘥𝘴 𝘙𝘶𝘴𝘵, 𝘺𝘦𝘵 𝘳𝘦𝘷𝘦𝘳𝘴𝘦 𝘦𝘯𝘨𝘪𝘯𝘦𝘦𝘳𝘴 𝘭𝘢𝘤𝘬 𝘵𝘩𝘦 𝘴𝘱𝘦𝘤𝘪𝘢𝘭𝘪𝘻𝘦𝘥 𝘬𝘯𝘰𝘸𝘭𝘦𝘥𝘨𝘦 𝘵𝘰 𝘥𝘦𝘤𝘰𝘥𝘦 𝘵𝘩𝘦𝘮. 𝘛𝘩𝘪𝘴 𝘧𝘪𝘳𝘴𝘵-𝘰𝘧-𝘪𝘵𝘴-𝘬𝘪𝘯𝘥 𝘤𝘰𝘶𝘳𝘴𝘦 𝘣𝘳𝘪𝘥𝘨𝘦𝘴 𝘵𝘩𝘢𝘵 𝘤𝘳𝘪𝘵𝘪𝘤𝘢𝘭 𝘨𝘢𝘱. 𝘛𝘩𝘳𝘰𝘶𝘨𝘩 𝘢 𝘭𝘢𝘯𝘨𝘶𝘢𝘨𝘦-𝘤𝘦𝘯𝘵𝘳𝘪𝘤 𝘢𝘱𝘱𝘳𝘰𝘢𝘤𝘩, 𝘺𝘰𝘶'𝘭𝘭 𝘭𝘦𝘢𝘳𝘯 𝘙𝘶𝘴𝘵 𝘧𝘶𝘯𝘥𝘢𝘮𝘦𝘯𝘵𝘢𝘭𝘴, 𝘶𝘯𝘥𝘦𝘳𝘴𝘵𝘢𝘯𝘥 𝘩𝘰𝘸 𝘙𝘶𝘴𝘵 𝘤𝘰𝘯𝘴𝘵𝘳𝘶𝘤𝘵𝘴 𝘵𝘳𝘢𝘯𝘴𝘭𝘢𝘵𝘦 𝘵𝘰 𝘢𝘴𝘴𝘦𝘮𝘣𝘭𝘺, 𝘢𝘯𝘥 𝘮𝘢𝘴𝘵𝘦𝘳 𝘱𝘳𝘢𝘤𝘵𝘪𝘤𝘢𝘭 𝘵𝘳𝘪𝘢𝘨𝘦 𝘵𝘦𝘤𝘩𝘯𝘪𝘲𝘶𝘦𝘴. 𝘠𝘰𝘶'𝘭𝘭 𝘵𝘳𝘢𝘤𝘦 𝘥𝘢𝘵𝘢 𝘧𝘭𝘰𝘸𝘴, 𝘪𝘥𝘦𝘯𝘵𝘪𝘧𝘺 𝘧𝘶𝘯𝘤𝘵𝘪𝘰𝘯𝘢𝘭𝘪𝘵𝘺, 𝘢𝘯𝘥 𝘥𝘦𝘤𝘰𝘯𝘴𝘵𝘳𝘶𝘤𝘵 𝘳𝘦𝘢𝘭 𝘙𝘶𝘴𝘵 𝘮𝘢𝘭𝘸𝘢𝘳𝘦 𝘴𝘢𝘮𝘱𝘭𝘦𝘴 𝘪𝘯 𝘢 𝘴𝘵𝘳𝘶𝘤𝘵𝘶𝘳𝘦𝘥, 𝘦𝘧𝘧𝘪𝘤𝘪𝘦𝘯𝘵 𝘸𝘢𝘺. 𝘞𝘩𝘦𝘵𝘩𝘦𝘳 𝘺𝘰𝘶'𝘳𝘦 𝘢𝘯𝘢𝘭𝘺𝘻𝘪𝘯𝘨 𝘳𝘢𝘯𝘴𝘰𝘮𝘸𝘢𝘳𝘦 𝘰𝘳 𝘢𝘯𝘢𝘭𝘺𝘻𝘪𝘯𝘨 𝘭𝘦𝘨𝘪𝘵𝘪𝘮𝘢𝘵𝘦 𝘙𝘶𝘴𝘵-𝘣𝘢𝘴𝘦𝘥 𝘴𝘺𝘴𝘵𝘦𝘮𝘴, 𝘺𝘰𝘶'𝘭𝘭 𝘥𝘦𝘷𝘦𝘭𝘰𝘱 𝘵𝘩𝘦 𝘵𝘳𝘢𝘥𝘦𝘤𝘳𝘢𝘧𝘵 𝘯𝘦𝘦𝘥𝘦𝘥 𝘵𝘰 𝘲𝘶𝘪𝘤𝘬𝘭𝘺 𝘶𝘯𝘥𝘦𝘳𝘴𝘵𝘢𝘯𝘥 𝘢𝘯𝘥 𝘣𝘳𝘦𝘢𝘬 𝘥𝘰𝘸𝘯 𝘙𝘶𝘴𝘵 𝘣𝘪𝘯𝘢𝘳𝘪𝘦𝘴 𝘸𝘪𝘵𝘩 𝘤𝘰𝘯𝘧𝘪𝘥𝘦𝘯𝘤𝘦."

About the trainer:
Cindy Xiao is an experienced malware reverse engineer with specialized expertise in analyzing Rust binaries. She brings real-world knowledge of emerging Rust-based threats and combines technical depth with practical, hands-on instruction to help security professionals rapidly upskill in this critical domain.

🔗 Training details: https://nsec.io/training/2026-deconstructing-rust-binaries/

#NorthSec #cybersecurity #infosec #malwareanalysis #reverseengineering

The new REMnux MCP server connects AI agents to 200+ malware analysis tools. I was surprised at the depth of investigation it can deliver: https://zeltser.com/ai-malware-analysis-remnux

Most of my time on this project went into capturing how I approach malware analysis and making sure the server provides the right guidance at the right time, so that AI can think and adapt as it creates the workflow. The post includes interactive replays of real analysis sessions.

#malware #malwareanalysis #infosec #cybersecurity #tools #artificialintelligence #AI

Malware W32/SkyAI uses AI? So do I.
#malwareanalysis #reverseengineering

https://cryptax.medium.com/w32-skyai-uses-ai-so-do-i-d33f04d63534

Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).

1. --export-png images lets you export images of the analysis

2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file

3. couple of small bug fixes and debugging related command line options

You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)

- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer

#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules