#malwareanalysis — Public Fediverse posts

We're excited to announce that the Call for Trainers is now OPEN for DEF CON Training Middle East!

Are you passionate about cybersecurity, hacking, and hands-on learning? Do you have expertise in emerging threats, defensive strategies, or cutting-edge security techniques? We want to hear from you!

Visit training.defcon.org to submit your trainer application for a two-day or three-day course by May 9, 2026.
https://training.defcon.org/pages/2026-middle-east-call-for-trainers

#DEFCON #DEFCONTraining #Cybersecurity #Training #Hacking #InfoSec #SecurityCommunity #DEFCONMiddleEast #AI #RedTeam #BlueTeam #DigitalForensics #CyberTalent #MalwareAnalysis

Tried to book a bar. Ended up reverse engineering a malware campaign instead.

A fake "Cloudflare verify" page copied an obfuscated PowerShell loader to my clipboard. So I broke it down:

XOR-obfuscated script
Payload delivery
RedCap infostealer analysis
REMnux, Ghidra & Hybrid Analysis

Also watched the infrastructure get taken down mid-write-up.

First time doing any RE

https://blog.michaelrbparker.com/post/17

(Still haven't booked that drink.)

#CyberSecurity #MalwareAnalysis #ThreatAnalysis

🚀 Just released smali-lsp!

A Language Server for Smali with:
• Goto definition
• Cross-references
• Symbols & hover
• Works with any IDE (minimal setup)

Also includes an MCP server → plug into AI agents for faster APK analysis 🤖

🔗 https://github.com/Surendrajat/smali-lsp

#AndroidDev #ReverseEngineering #MalwareAnalysis #LSP #InfoSec #RE #security #dalvik

🚀 Just released smali-lsp!

A Language Server for Smali with:
• Goto definition
• Cross-references
• Symbols & hover
• Works with any IDE (minimal setup)

Also includes an MCP server → plug into AI agents for faster APK analysis 🤖

🔗 https://github.com/Surendrajat/smali-lsp

#AndroidDev #ReverseEngineering #MalwareAnalysis #LSP #InfoSec #RE #security #dalvik

🚀 Just released smali-lsp!

A Language Server for Smali with:
• Goto definition
• Cross-references
• Symbols & hover
• Works with any IDE (minimal setup)

Also includes an MCP server → plug into AI agents for faster APK analysis 🤖

🔗 https://github.com/Surendrajat/smali-lsp

#AndroidDev #ReverseEngineering #MalwareAnalysis #LSP #InfoSec #RE #security #dalvik

#ReverseEngineering mit #KI? @martin_fmi erklärt, wie #LLMs Malware-Muster erkennen, externe Systemaufrufe rekonstruieren & versteckte Architekturen sichtbar machen. Selbst bei obfuskiertem Code.

Lesen & auf den Ernstfall vorbereiten: https://javapro.io/de/ki-gesteuertes-reverse-engineering-von-java-anwendungen/

#MalwareAnalysis

APT37’s Ruby Jumper campaign demonstrates a mature approach to air-gap traversal.

Observed tradecraft includes:
• LNK-based initial execution
• Embedded PowerShell payload extraction
• Ruby interpreter abuse (v3.3.0)
• Scheduled task persistence (5-minute interval)
• USB-based covert bidirectional C2
• Multi-stage backdoor deployment
Toolset: RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, FOOTWINE, BLUELIGHT.

The removable media relay model enables:
– Command staging offline
– Data exfiltration without internet access
– Lateral spread across isolated systems
– Surveillance via Windows spyware
This reinforces a critical point:
Air-gap controls must extend beyond physical disconnection — including USB governance, device auditing, behavioral monitoring, and strict runtime execution policies.

Are critical infrastructure operators prepared for USB-mediated C2 relays?

Source: https://www.bleepingcomputer.com/news/security/apt37-hackers-use-new-malware-to-breach-air-gapped-networks/

Engage below.

Follow TechNadu for high-signal threat intelligence insights.
Repost to elevate awareness.

#Infosec #APT37 #AirGapSecurity #ThreatModeling #MalwareAnalysis #NationStateThreats #USBExfiltration #SOC #DetectionEngineering #CyberDefense #OperationalSecurity #ThreatHunting #ZeroTrustArchitecture

RE: https://infosec.exchange/@washi/116109971111061839

MY MORTAL ENEMY IS THAT ONE zgRAT YARA RULE IT SHOWS UP FREAKING EVERYWHERE AND IS SO WRONG ASDHFJDSHFHASFHSDJAH

thank you for this Washi! I learned some things about .NET from this post as well!

popping on the #ReverseEngineering #MalwareAnalysis tags too

REMnux 8 è la nuova versione della distribuzione Linux dedicata all’analisi di malware, con strumenti aggiornati, container ottimizzati e un ambiente più stabile per ricercatori e analisti. #REMnux #MalwareAnalysis #Forensics #CyberSecurity #Linux

https://www.linuxeasy.org/remnux-8-la-nuova-versione-della-distro-per-lanalisi-di-malware-e-la-sicurezza-digitale/?utm_source=mastodon&utm_medium=jetpack_social

🏋️ 𝗡𝗼𝗿𝘁𝗵𝗦𝗲𝗰 𝟮𝟬𝟮𝟲 𝗙𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻𝘀/𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴𝘀 (5/12): "Deconstructing Rust Binaries" 𝗽𝗮𝗿/𝗯𝘆 Cindy Xiao

📅 Dates: May 11, 12 and 13, 2026 (3 days)
📊 Difficulty: Medium
🖥️ Mode: Hybrid (on-site & remote)

Description:
"𝘙𝘶𝘴𝘵-𝘣𝘢𝘴𝘦𝘥 𝘮𝘢𝘭𝘸𝘢𝘳𝘦 𝘪𝘴 𝘢 𝘨𝘳𝘰𝘸𝘪𝘯𝘨 𝘵𝘩𝘳𝘦𝘢𝘵. 𝘋𝘦𝘤𝘰𝘯𝘴𝘵𝘳𝘶𝘤𝘵𝘪𝘯𝘨 𝘙𝘶𝘴𝘵 𝘉𝘪𝘯𝘢𝘳𝘪𝘦𝘴 𝘦𝘲𝘶𝘪𝘱𝘴 𝘳𝘦𝘷𝘦𝘳𝘴𝘦 𝘦𝘯𝘨𝘪𝘯𝘦𝘦𝘳𝘴 𝘢𝘯𝘥 𝘮𝘢𝘭𝘸𝘢𝘳𝘦 𝘢𝘯𝘢𝘭𝘺𝘴𝘵𝘴 𝘸𝘪𝘵𝘩 𝘦𝘴𝘴𝘦𝘯𝘵𝘪𝘢𝘭 𝘴𝘬𝘪𝘭𝘭𝘴 𝘧𝘰𝘳 𝘵𝘢𝘤𝘬𝘭𝘪𝘯𝘨 𝘢 𝘯𝘦𝘸 𝘤𝘩𝘢𝘭𝘭𝘦𝘯𝘨𝘦. 𝘋𝘺𝘯𝘢𝘮𝘪𝘤 𝘣𝘪𝘯𝘢𝘳𝘪𝘦𝘴 𝘢𝘳𝘦 𝘪𝘯𝘤𝘳𝘦𝘢𝘴𝘪𝘯𝘨𝘭𝘺 𝘮𝘰𝘷𝘪𝘯𝘨 𝘵𝘰𝘸𝘢𝘳𝘥𝘴 𝘙𝘶𝘴𝘵, 𝘺𝘦𝘵 𝘳𝘦𝘷𝘦𝘳𝘴𝘦 𝘦𝘯𝘨𝘪𝘯𝘦𝘦𝘳𝘴 𝘭𝘢𝘤𝘬 𝘵𝘩𝘦 𝘴𝘱𝘦𝘤𝘪𝘢𝘭𝘪𝘻𝘦𝘥 𝘬𝘯𝘰𝘸𝘭𝘦𝘥𝘨𝘦 𝘵𝘰 𝘥𝘦𝘤𝘰𝘥𝘦 𝘵𝘩𝘦𝘮. 𝘛𝘩𝘪𝘴 𝘧𝘪𝘳𝘴𝘵-𝘰𝘧-𝘪𝘵𝘴-𝘬𝘪𝘯𝘥 𝘤𝘰𝘶𝘳𝘴𝘦 𝘣𝘳𝘪𝘥𝘨𝘦𝘴 𝘵𝘩𝘢𝘵 𝘤𝘳𝘪𝘵𝘪𝘤𝘢𝘭 𝘨𝘢𝘱. 𝘛𝘩𝘳𝘰𝘶𝘨𝘩 𝘢 𝘭𝘢𝘯𝘨𝘶𝘢𝘨𝘦-𝘤𝘦𝘯𝘵𝘳𝘪𝘤 𝘢𝘱𝘱𝘳𝘰𝘢𝘤𝘩, 𝘺𝘰𝘶'𝘭𝘭 𝘭𝘦𝘢𝘳𝘯 𝘙𝘶𝘴𝘵 𝘧𝘶𝘯𝘥𝘢𝘮𝘦𝘯𝘵𝘢𝘭𝘴, 𝘶𝘯𝘥𝘦𝘳𝘴𝘵𝘢𝘯𝘥 𝘩𝘰𝘸 𝘙𝘶𝘴𝘵 𝘤𝘰𝘯𝘴𝘵𝘳𝘶𝘤𝘵𝘴 𝘵𝘳𝘢𝘯𝘴𝘭𝘢𝘵𝘦 𝘵𝘰 𝘢𝘴𝘴𝘦𝘮𝘣𝘭𝘺, 𝘢𝘯𝘥 𝘮𝘢𝘴𝘵𝘦𝘳 𝘱𝘳𝘢𝘤𝘵𝘪𝘤𝘢𝘭 𝘵𝘳𝘪𝘢𝘨𝘦 𝘵𝘦𝘤𝘩𝘯𝘪𝘲𝘶𝘦𝘴. 𝘠𝘰𝘶'𝘭𝘭 𝘵𝘳𝘢𝘤𝘦 𝘥𝘢𝘵𝘢 𝘧𝘭𝘰𝘸𝘴, 𝘪𝘥𝘦𝘯𝘵𝘪𝘧𝘺 𝘧𝘶𝘯𝘤𝘵𝘪𝘰𝘯𝘢𝘭𝘪𝘵𝘺, 𝘢𝘯𝘥 𝘥𝘦𝘤𝘰𝘯𝘴𝘵𝘳𝘶𝘤𝘵 𝘳𝘦𝘢𝘭 𝘙𝘶𝘴𝘵 𝘮𝘢𝘭𝘸𝘢𝘳𝘦 𝘴𝘢𝘮𝘱𝘭𝘦𝘴 𝘪𝘯 𝘢 𝘴𝘵𝘳𝘶𝘤𝘵𝘶𝘳𝘦𝘥, 𝘦𝘧𝘧𝘪𝘤𝘪𝘦𝘯𝘵 𝘸𝘢𝘺. 𝘞𝘩𝘦𝘵𝘩𝘦𝘳 𝘺𝘰𝘶'𝘳𝘦 𝘢𝘯𝘢𝘭𝘺𝘻𝘪𝘯𝘨 𝘳𝘢𝘯𝘴𝘰𝘮𝘸𝘢𝘳𝘦 𝘰𝘳 𝘢𝘯𝘢𝘭𝘺𝘻𝘪𝘯𝘨 𝘭𝘦𝘨𝘪𝘵𝘪𝘮𝘢𝘵𝘦 𝘙𝘶𝘴𝘵-𝘣𝘢𝘴𝘦𝘥 𝘴𝘺𝘴𝘵𝘦𝘮𝘴, 𝘺𝘰𝘶'𝘭𝘭 𝘥𝘦𝘷𝘦𝘭𝘰𝘱 𝘵𝘩𝘦 𝘵𝘳𝘢𝘥𝘦𝘤𝘳𝘢𝘧𝘵 𝘯𝘦𝘦𝘥𝘦𝘥 𝘵𝘰 𝘲𝘶𝘪𝘤𝘬𝘭𝘺 𝘶𝘯𝘥𝘦𝘳𝘴𝘵𝘢𝘯𝘥 𝘢𝘯𝘥 𝘣𝘳𝘦𝘢𝘬 𝘥𝘰𝘸𝘯 𝘙𝘶𝘴𝘵 𝘣𝘪𝘯𝘢𝘳𝘪𝘦𝘴 𝘸𝘪𝘵𝘩 𝘤𝘰𝘯𝘧𝘪𝘥𝘦𝘯𝘤𝘦."

About the trainer:
Cindy Xiao is an experienced malware reverse engineer with specialized expertise in analyzing Rust binaries. She brings real-world knowledge of emerging Rust-based threats and combines technical depth with practical, hands-on instruction to help security professionals rapidly upskill in this critical domain.

🔗 Training details: https://nsec.io/training/2026-deconstructing-rust-binaries/

#NorthSec #cybersecurity #infosec #malwareanalysis #reverseengineering

The new REMnux MCP server connects AI agents to 200+ malware analysis tools. I was surprised at the depth of investigation it can deliver: https://zeltser.com/ai-malware-analysis-remnux

Most of my time on this project went into capturing how I approach malware analysis and making sure the server provides the right guidance at the right time, so that AI can think and adapt as it creates the workflow. The post includes interactive replays of real analysis sessions.

#malware #malwareanalysis #infosec #cybersecurity #tools #artificialintelligence #AI

Malware W32/SkyAI uses AI? So do I.
#malwareanalysis #reverseengineering

https://cryptax.medium.com/w32-skyai-uses-ai-so-do-i-d33f04d63534

Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).

1. --export-png images lets you export images of the analysis

2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file

3. couple of small bug fixes and debugging related command line options

You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)

- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer

#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules

Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).

1. --export-png images lets you export images of the analysis

2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file

3. couple of small bug fixes and debugging related command line options

You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)

- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer

#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules

Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).

1. --export-png images lets you export images of the analysis

2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file

3. couple of small bug fixes and debugging related command line options

You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)

- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer

#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules

Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).

1. --export-png images lets you export images of the analysis

2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file

3. couple of small bug fixes and debugging related command line options

You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)

- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer

#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules

Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).

1. --export-png images lets you export images of the analysis

2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file

3. couple of small bug fixes and debugging related command line options

You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)

- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer

#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules

Recent research highlights a phishing campaign leveraging tax-related lures to deploy ValleyRAT, a modular RAT with strong persistence and evasion features.

The infection chain demonstrates continued abuse of trusted binaries, DLL sideloading, and plugin-based architectures to enable targeted post-compromise activity. The campaign underscores the importance of monitoring user-facing entry points and low-noise persistence mechanisms.

Open to insights on effective detection and response strategies for similar campaigns.
Follow TechNadu for objective threat intelligence reporting.

#InfoSec #ThreatHunting #MalwareAnalysis #PhishingDefense #EndpointSecurity #CyberThreats

Researchers have documented a campaign abusing GitHub repositories themed as OSINT tools, GPT utilities, and developer resources to deliver PyStoreRAT, a modular, multi-stage remote access trojan.

The operation leverages delayed malicious commits, minimal loader stubs, reputation manipulation, and HTA-based execution to reduce early detection. In parallel, a separate RAT campaign demonstrates region- and language-aware targeting logic.

These cases underscore evolving tradecraft around trust abuse and script-based implants.
How are you adapting repository vetting and execution controls in your environment?

Source: https://thehackernews.com/2025/12/fake-osint-and-gpt-utility-github-repos.html

Engage in the discussion and follow TechNadu for measured infosec reporting.

#InfoSec #ThreatIntel #MalwareAnalysis #GitHubSecurity #OpenSourceRisk #TechNadu

Threat researchers are observing renewed use of unauthorized movie torrents as malware distribution vectors ahead of the Christmas 2025 season.

Recent cases involve fileless malware such as Agent Tesla embedded within torrents labeled as popular Hollywood releases. These campaigns highlight how threat actors often rely on social and behavioral factors rather than technical complexity.

How should security awareness adapt to predictable seasonal threat patterns?
Engage in the discussion, share your insights, and follow us for continued InfoSec coverage.

#InfoSec #ThreatIntelligence #MalwareAnalysis #FilelessMalware #SecurityAwareness #CyberThreats #TechNadu

We're excited to announce that the Call for Trainers is now OPEN for DEF CON Training Las Vegas at DEF CON 34!

Are you passionate about cybersecurity, hacking, and hands-on learning? Do you have expertise in emerging threats, defensive strategies, or cutting-edge security techniques? We want to hear from you!

Visit training.defcon.org to submit your application by January 12, 2026.
https://training.defcon.org/pages/2026-las-vegas-call-for-trainers

#DEFCON #DEFCONTraining #Cybersecurity #Training #Hacking #InfoSec #SecurityCommunity #DEFCON2026 #DEFCON34 #DC34 #AI #RedTeam #BlueTeam #DigitalForensics #CyberTalent #MalwareAnalysis

Could your next software update hide a ticking time bomb? Malicious NuGet packages are now creeping into trusted code—targeting databases and industrial systems with stealthy triggers that only go off on a specific date. How safe is your code, really?

https://thedefendopsdiaries.com/malicious-nuget-packages-how-probabilistic-time-bombs-threaten-the-software-supply-chain/

#nugetsecurity
#softwaresupplychain
#malwareanalysis
#industrialcontrolsystems
#csharpextensionmethods

Could your next software update hide a ticking time bomb? Malicious NuGet packages are now creeping into trusted code—targeting databases and industrial systems with stealthy triggers that only go off on a specific date. How safe is your code, really?

https://thedefendopsdiaries.com/malicious-nuget-packages-how-probabilistic-time-bombs-threaten-the-software-supply-chain/

#nugetsecurity
#softwaresupplychain
#malwareanalysis
#industrialcontrolsystems
#csharpextensionmethods

Could your next software update hide a ticking time bomb? Malicious NuGet packages are now creeping into trusted code—targeting databases and industrial systems with stealthy triggers that only go off on a specific date. How safe is your code, really?

https://thedefendopsdiaries.com/malicious-nuget-packages-how-probabilistic-time-bombs-threaten-the-software-supply-chain/

#nugetsecurity
#softwaresupplychain
#malwareanalysis
#industrialcontrolsystems
#csharpextensionmethods

Could your next software update hide a ticking time bomb? Malicious NuGet packages are now creeping into trusted code—targeting databases and industrial systems with stealthy triggers that only go off on a specific date. How safe is your code, really?

https://thedefendopsdiaries.com/malicious-nuget-packages-how-probabilistic-time-bombs-threaten-the-software-supply-chain/

#nugetsecurity
#softwaresupplychain
#malwareanalysis
#industrialcontrolsystems
#csharpextensionmethods

A trusted Solidity extension turned traitor – the SleepyDuck Trojan used blockchain to stealthily control developers’ tools. Could your favorite extension be hiding a dark secret?

https://thedefendopsdiaries.com/the-sleepyduck-trojan-how-a-malicious-solidity-extension-exploited-open-vsx/

#sleepyduck
#soliditysecurity
#openvsx
#blockchainmalware
#vscodeextension
#cyberthreats
#malwareanalysis
#developersecurity
#infosec

Try our new free web malware scanning service! 🚀

#CyberSecurity
#InfoSec
#MalwareAnalysis
#ThreatDetection
#WebSecurity
#MalwareScanner
#PhishingProtection
#OnlineSecurity
#WebsiteSecurity
#SecurityTools

#AIpowered
#Automation
#CyberAI
#AITools
#TechInnovation
#MachineLearning

There is still time to register to join us for #DEFCONTraining at the Arab International Cybersecurity Conference & Exhibition hosted by the National Cyber Security Center Bahrain.

Still on the fence? Here’s what past students had to say:

“My first DEF CON & training and it was amazing!”

“Exceeded expectations. High-quality content, organized course, well-delivered presentation by an experienced teacher.”

“Fantastic and fun experience. Every single person was nice and approachable.”

“Absolutely killer. Amazing instructors. Top tier after 20+ years of attending trainings.”

Don’t miss your chance to learn from our world-class trainers. Secure your spot today:
https://training.defcon.org/collections/arab-cybersecurity-2025

#defcon #cyber #training #defconbahrain #AICS2025 #Bahrain #UAE #SaudiArabia #cybertraining #infosec #cybersecurity #cyberdefense #AI #pentesting #incidentresponse #cloud #software #supplychain #digitalforensics #cryptography #malwareanalysis #threathunting

Today we have another #DEFCONTraining Bahrain Spotlight - “A Complete Practical Approach to Malware Analysis & Threat Hunting with Memory Forensics, Endpoint Telemetry, & AI-Driven Hunting” with Monnappa K A and Sajan Shetty on November 3-4.

This 2-day intensive, hands-on training teaches the concepts, tools, and techniques required to analyze, investigate, and hunt malware by combining four powerful approaches: malware analysis, reverse engineering, memory forensics, and endpoint telemetry-based threat hunting. The course begins with the foundations of malware analysis, Windows internals, and memory forensics, before moving into advanced concepts of malware investigation and hunting adversary techniques.

What makes this training unique and future-ready is the introduction to the concept of AI-powered autonomous hunting with the Garuda Threat Hunting Framework.

Take a deeper look and register for this course today: https://training.defcon.org/collections/arab-cybersecurity-2025/products/monnappa-k-a-a-complete-practical-approach-to-malware-analysis-threat-hunting-using-memory-forensics-dctlv2025-copy

Explore the full list of offerings in Bahrain at https://training.defcon.org/collections/arab-cybersecurity-2025

#defcon #cyber #training #defconbahrain #AICS2025 #Bahrain #UAE #SaudiArabia #cybertraining #infosec #cybersecurity #cyberdefense #malwareanalysis #threathunting #memoryforensics #AI #endpointtelemetry

Used some #AI to jury rig a basic API documentation site for The Yaralyzer, my unexpectedly popular tool for visualizing and forcibly decoding #YARA matches in binary data.

* GitHub: https://github.com/michelcrypt4d4mus/yaralyzer
* PyPi: https://pypi.org/project/yaralyzer/
* API documentation: https://michelcrypt4d4mus.github.io/yaralyzer/api/
* Can also be installed (indirectly) via homebrew if you install The #Pdfalyzer (different tool)

#ascii #asciiArt #blueteam #cybersecurity #detectionengineering #DFIR #forensics #FOSS #hacking #infosec #KaliLinux #malware #malwareDetection #malwareAnalysis #openSource #pdfalyzer #redteam #reverseEngineering #reversing #threathunting #yaralyze #yaralyzer #YARA #YARArule #YARArules

Just released version 1.16.8 of The Pdfalyzer with a bunch of new and updated #YARA rules to scan #PDF files for malicious content. Links in the quoted toot below.

https://universeodon.com/@cryptadamist/114768170683991686

#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #hacking #homebrew #infosec #KaliLinux #malware #malwareDetection #malwareAnalysis #openSource #pdf #pdfs #pdfalyzer #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #yaralyze #yaralyzer #YARA #YARArule #YARArules

just released version 1.0.1 of The Yaralyzer, my unexpectedly popular tool for visualizing and forcibly decoding #YARA matches in binary data. Fixes a small bug when trying to choose a byte offset to force a UTF-16 or UTF-32 decoding of matched bytes.

someone set up Yaralyzer as a #Kali package; not sure if that's made it into a release yet but if not the links are below.

https://universeodon.com/@cryptadamist/113642071681749608

#ascii #asciiArt #blueteam #cybersecurity #detectionengineering #DFIR #forensics #FOSS #hacking #infosec #KaliLinux #malware #malwareDetection #malwareAnalysis #openSource #pdfalyzer #redteam #reverseEngineering #reversing #threathunting #yaralyze #yaralyzer #YARA #YARArule #YARArules

Analysis of #Koske #miner.

It is an AI-generated #Linux #malware which was hidden in images with pandas. It supports wide variety of coinminers for various cryptocurrencies and for GPU and different CPU architectures. Its another component, #rootkit #hideproc, tries to hide the Koske miner from file listings and processes.

https://malwarelab.eu/posts/koske-panda-ai/

Video from #anyrun analysis:

https://www.youtube.com/watch?v=1OSPp996XQ4

#koskeminer #coinminer #blueteam #cybersecurity #dfir #malwareanalysis #infosec #reverseengineering

MalChela v3.0 enhances investigative workflows by introducing cases for organization, replacing MismatchMiner with FileMiner for improved file analysis, and suggesting tools based on file characteristics, streamlining the analysis process. #MalChela #DFIR #MalwareAnalysis

http://bakerstreetforensics.com/2025/06/20/malchela-v3-0-case-management-fileminer-and-smarter-triage/

Hashes for the Masses: Finding What Matters in a Sea of Samples #DFIR #MalwareAnalysis #Hash #MalChela

http://bakerstreetforensics.com/2025/05/26/hashes-for-the-masses-finding-what-matters-in-a-sea-of-samples/

MalChela 2.2 “REMnux” Release
More tools. More Docs. More Power.
#DFIR #MalwareAnalysis #YaraX #Volatility #Tshark #MalChela

http://bakerstreetforensics.com/2025/05/21/malchela-2-2-remnux-release/

MalChela 2.2 “REMnux” Release

MalChela’s 2.2 update is packed with practical and platform-friendly improvements. It includes native support for REMnux, better tool settings, and deeper integrations with analysis tools like YARA-X, Tshark, Volatility3, and the newly improved fileanalyzer module.

🦀 REMnux Edition: Built-In Support, Zero Tweaks

When the GUI loads a REMnux-specific tools.yaml profile, it enters REMnux mode.

Native binaries and Python scripts like capa, oledump.py, olevba, and FLOSS are loaded into the MalChela tools menu, allowing you to mix and match operations with the embedded MalChela utilities and the full REMnux tool stack. No manual configuration needed—just launch and go. MalChela currently supports the following REMnux programs right out of the box:

If you only need a subset of tools you can easily save and restore that a custom profile.

TShark Panel with Built-In Reference

A new TShark integration exposes features including:

• A filter builder panel
• Commonly used fields reference
• Tooltip hints for each example (e.g., `ip.addr == 192.168.1.1` shows “Any traffic to or from 192.168.1.1”)
• One-click copy support

This helps analysts build and understand filters quickly—even if TShark isn’t something they use every day. Using the syntax builder in MalChela you can use the exact commands directly in Tshark or Wireshark.

YARA-X Support (Install Guide Included)

Support for YARA-X (via the `yr` binary) is now built in. YARA-X is not bundled with REMnux by default, but install instructions are included in the User Guide for both macOS and Linux users.

Once installed, MalChela allows for rule-based scanning from the GUI,and with YARA-X, it’s faster than ever.

fileanalyzer: Fuzzy Hashing, PE Metadata, and More

MalChela’s fileanalyzer tool has also been updated to include:

• Fuzzy hashing support via `ssdeep`
• BLAKE3 hashing for fast, secure fingerprints
• Expanded PE analysis, including:
• Import and Export Table parsing (list of imported and exported functions)
• Compilation Timestamp (for detection of suspicious or forged build times)
• Section Characteristics (flags like IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, etc., for detecting anomalous sections)

These improvements provide deeper insight into executable structure, helping analysts detect anomalies such as packers, suspicious timestamps, or unexpected imports/exports. Useful for everything from sample triage to correlation, fileanalyzer now digs deeper—without slowing down.

Memory Forensics Gets a Boost: Volatility 3 Now Supported

With the 2.2 release, MalChela introduces support for Volatility 3, the modern Python-based memory forensics framework. Whether you’re running MalChela in REMnux or on a customized macOS or Linux setup, you can now access the full power of Volatility directly from the MalChela GUI.

There’s an intuitive plugin selector that dynamically adjusts available arguments based on your chosen plugin,. You can search, sort, and browse available plugins, and even toggle output options like –dump-dir with ease.

Like Tshark, there is an added plugin reference panel with searchable descriptions and argument overviews — a real time-saver when navigating Volatility’s deep and often complex toolset.

Smarter Tool Configuration via YAML

The tool configuration system continues to evolve:

• Tools now declare their input type (file, folder, or hash)
• The GUI dynamically adjusts the interface to match
• Alternate profiles (like REMnux setups) can be managed simply by swapping `tools.yaml` files via the GUI
• Easily backup or restore your custom setups
• Restore the default toolset to get back to basics

This structure helps keep things clean—whether you’re testing, teaching, or deploying in a lab environment.

Embedded Documentation Access

The GUI now includes a link to the full MalChela User Guide in PDF. You can also access the documentation online.

From tool usage and CLI flags to configuration tips and install steps, it’s all just a click away—especially useful in offline environments or when onboarding new analysts. I’ll be honest, this is likely the most comprehensive user guide I’ve ever written.

Whether you’re reviewing binaries, building hash sets, or exploring network captures—MalChela 2.2 is designed bring together the tools you need, and make it easier to interoperate between them.

The new REMnux mode makes it even easier to get up and running with dozens of third party integrations.

Have an idea for a feature or application you’d like to see supported — reach out to me.

GitHub: REMnux Release

MalChela User Guide: Online, PDF, Web

Shop: T-shirts, hats, stickers, and more

#DFIR #Github #MalChela #Malware #MalwareAnalysis #Memory #Network #NSRL #PCAP #Python #REMnux #Rust #Tshark #VirusTotal #Volatility #yara

With our team at Stratosphere Laboratory AIC FEE CTU, we are organising this year's Honeynet Project Workshop 2025 in Prague!

It will be a unique space to share your passion for deception technologies, honeypots, and cybersecurity with industry leaders and fellow researchers!

🔔 We are looking for sponsors who want to support deception research!
🔔 Early birds are still open until April 29th! Grab your tickets!
🔔 Last days to submit your training and talks proposals!
🔔 Students can apply for a Cédric Blancher Memorial Scholarship!

This is the first time the conference is coming to Prague, with previous editions hosted in Copenhagen (2024), Innsbruck (2019), Taipei (2018), Canberra (2017), San Antonio (2016), Stavanger (2015), Warsaw (2014), Dubai (2013), San Francisco (2012), Paris (2011), Mexico City (2010) and Kuala Lumpur (2009).

What a unique opportunity!

🔗 https://prague2025.honeynet.org/

Boost and help us spread the word! 👾

#honeynet #cybersecurity #deception #honeypots #infosec #prague #praguetoday #SecurityConference #ThreatIntel #MalwareAnalysis #PragueEvents

Inside the Mind of a Hacker #CyberSecurity #HackerMindset #DigitalDefense #InfoSec #CyberThreats #TTPs #PhishingAwareness #PrivilegeEscalation #NetworkSecurity #MalwareAnalysis #EthicalHacking #OpSec #BlueTeam #RedTeam #CyberIntel #DeadSwitch #CyberGhost #KnowYourEnemy #SilenceIsTactical #FearTheSwitch

http://tomsitcafe.com/2025/04/08/inside-the-mind-of-a-hacker/

For hobbyist Cobalt Strike Beacon collectors, note that the recently announced 4.11 update introduces a number of changes to frustrate Beacon configuration extraction, namely through the new `transform-obfuscate` field.

When set, this field can apply multiple layers of encoding, encryption and compression (with some recent Beacons observed with a 32 byte XOR key, configurable upto 2048 bytes!).

While still reasonably trivial to decode manually, standard automated workflows (say, through the SentinelOne parser) will now fail, not least because of changes to the well-known field markers.

Beacons with these characteristics have thus far been observed with watermarks indicative of licensed instances, though I imagine it is only a matter of time before the 4.11 capabilities become accessible to all manner of miscreants.

A sample configuration, via a staged Beacon on 104.42.26[.]200 is attached, including the three distinct XOR keys used to decode it.

https://www.cobaltstrike.com/blog/cobalt-strike-411-shh-beacon-is-sleeping

#cobaltstrike #malwareanalysis #forensics #blueteam

Hello everyone.
In today's article we are examining 30 Cyber ​​Security Projects with Python.

I wish everyone good work:
https://denizhalil.com/2025/01/24/30-cybersecurity-projects-with-python/

#ethicalhacking #cybersecurity #learnpython #pythonprojects #networksecurity #malwareanalysis #pythonprogramming

Hello everyone.
In today's article we are examining 30 Cyber ​​Security Projects with Python.

I wish everyone good work:
https://denizhalil.com/2025/01/24/30-cybersecurity-projects-with-python/

#ethicalhacking #cybersecurity #learnpython #pythonprojects #networksecurity #malwareanalysis #pythonprogramming

Hello everyone.
In today's article we are examining 30 Cyber ​​Security Projects with Python.

I wish everyone good work:
https://denizhalil.com/2025/01/24/30-cybersecurity-projects-with-python/

#ethicalhacking #cybersecurity #learnpython #pythonprojects #networksecurity #malwareanalysis #pythonprogramming

Malicious Solana Packages Attacking Devs Abusing Slack And ImgBB For Data Theft https://gbhackers.com/solana-malware-data-theft/ #Cryptocurrencyhack #CyberSecurityNews #DataExfiltration #Malwareanalysis #CryptoSecurity #Malware

The nineth article (38 pages) of the Malware Analysis Series (MAS) is available on:

https://exploitreversing.com/2025/01/08/malware-analysis-series-mas-article-09/

I would like to thank Ilfak Guilfanov @ilfak and @HexRaysSA (on X) for their constant and uninterrupted support, which have helped me write these articles.

Even though I haven't been on this subject for years, I promised I would write a series of ten articles, and the last one will be released next week (JAN/15).

Have a great day.

#windows #shellcode #malware #reverseengineering #reversing #idapro #malwareanalysis

The nineth article (38 pages) of the Malware Analysis Series (MAS) is available on:

https://exploitreversing.com/2025/01/08/malware-analysis-series-mas-article-09/

I would like to thank Ilfak Guilfanov @ilfak and @HexRaysSA (on X) for their constant and uninterrupted support, which have helped me write these articles.

Even though I haven't been on this subject for years, I promised I would write a series of ten articles, and the last one will be released next week (JAN/15).

Have a great day.

#windows #shellcode #malware #reverseengineering #reversing #idapro #malwareanalysis

PHP Servers Vulnerability Exploited To Inject PacketCrypt Cryptocurrency Miner https://gbhackers.com/php-vulnerability-packetcrypt-mining/ #cryptocurrencymining #Cryptocurrencyhack #CVE/vulnerability #CyberSecurityNews #Malwareanalysis #cybersecurity

Weaponized Python Scripts Deliver New SwaetRAT Malware https://gbhackers.com/swaetrat-python-malware/ #CyberSecurityNews #Malwareanalysis #cybersecurity #PythonMalware #Malware #Python

LABORATORIOS GRATUITOS PARA PONER A PRUEBA TUS HABILIDADES DE REDTEAM-BLUETEAM y CTF

· Ataque-Defensa - https://attackdefense.com
· Alerta para ganar - https://alf.nu/alert1
· Bangkok - https://bancocn.com
· CTF Komodo Seguridad - https://ctf.komodosec.com
· CryptoHack - https://cryptohack.org/
· Desafío CMD - https://cmdchallenge.com
· Explotación educativa - https://exploit.education
· Google CTF - https://lnkd.in/e46drbz8
· HackTheBox - https://www.hackthebox.com
· Hackthis - https://www.hackthis.co.uk
· Hacksplaining - https://lnkd.in/eAB5CSTA
· Hacker101 - https://ctf.hacker101.com
· Hacker de seguridad - https://lnkd.in/ex7R-C-e
· Hacking-Lab - https://hacking-lab.com/
· HSTRIKE - https://hstrike.com
· ImmersiveLabs - https://immersivelabs.com
· Concurso de novatos - https://lnkd.in/ewBk6fU5
· OverTheWire - http://overthewire.org
· Laboratorios Prácticos Pentest - https://lnkd.in/esq9Yuv5
· Pentestlab - https://pentesterlab.com
· Hackaflag BR - https://hackaflag.com.br/
· Laboratorios de práctica de pruebas de penetración - https://lnkd.in/e6wVANYd
· PentestIT LAB - https://lab.pentestit.ru
· PicoCTF - https://picoctf.com
· PWNABLE - https://lnkd.in/eMEwBJzn
· Root-Me - https://www.root-me.org
· Root en la cárcel - http://rootinjail.com
· SANS Challenger - https://lnkd.in/e5TAMawK
· SmashTheStack - https://lnkd.in/eVn9rP9p
· Los desafíos de Cryptopals Crypto - https://cryptopals.com
· Prueba Hack Me - https://tryhackme.com
· Vulnhub - https://www.vulnhub.com
· W3Challs - https://w3challs.com
· WeChall - http://www.wechall.net
· Zenk-Seguridad - https://lnkd.in/ewJ5rNx2
· Ciberdefensores - https://lnkd.in/dVcmjEw8
· TrytoHackme - www.tryhackme.com Vía : Unai Rubio en LinkedIn. #Ciberseguridad #Cybersecurity #CTF #RedTeam #BlueTeam
#Hacking #Pentesting #Infosec #EthicalHacking #CyberDefense
#CyberSkills #CaptureTheFlag #SecurityAwareness
#VulnerabilityAssessment #ThreatHunting #MalwareAnalysis
#IncidentResponse #CyberTraining