Destructive IoT Malware Emulation – Part 3 of 3 – Statistics Welcome back to Part 3, the final part of our series... 2024-10-15 00:0:0 | 阅读: 4 | 收藏 | cyber.wtf - cyber.wtf acidrain cov emulation drcov qiling

Parsing Fortinet Binary Firewall Logs Earlier this year, we had a case where we were given... 2024-8-30 16:50:0 | 阅读: 8 | 收藏 | cyber.wtf - cyber.wtf endian tlog logbase llog lz4

Destructive IoT Malware Emulation – Part 2 of 3 – Hooking Techniques Welcome back to part 2 of our IoT Malware Emulation... 2024-8-1 17:37:2 | 阅读: 6 | 收藏 | cyber.wtf - cyber.wtf acidrain 0x3 mtd 0x00401a44 qiling

Give Me Your FortiGate Configuration Backup and I Rule Your Network In a recent incident response case we were as always searching for the initial ac... 2024-6-13 18:55:31 | 阅读: 4 | 收藏 | cyber.wtf - cyber.wtf mary encryption fig passwords webui

Destructive IoT Malware Emulation – Part 1 of 3 – Environment Setup Everyone who has delved a bit into malware analysis knows that you don’t actually need... 2024-3-28 19:39:46 | 阅读: 12 | 收藏 | cyber.wtf - cyber.wtf qiling emulation acidrain 0x3 sda

Recovering data from broken appliance VMDKs Once in a while, a customer may give you a virtual disk image for an appliance that nee... 2024-3-1 01:4:24 | 阅读: 10 | 收藏 | cyber.wtf - cyber.wtf vmdk sectors incomplete dealing sparse

The csharp-streamer RAT In an Incident Response case earlier this year, we encountered an interesting piece of... 2023-12-6 20:42:11 | 阅读: 12 | 收藏 | cyber.wtf - cyber.wtf powershell streamer csharp library ransomware

Config Extraction from in-memory CobaltStrike Beacons Recently we had a case where threat actors deployed CobaltStrike, which has become a co... 2023-10-13 21:43:33 | 阅读: 14 | 收藏 | cyber.wtf - cyber.wtf beacon memory dmp volatility

QakBot Takedown Payload Analysis In a recent international operation, law enforcement agencies from the US and EU... 2023-9-1 20:33:52 | 阅读: 17 | 收藏 | cyber.wtf - cyber.wtf qakbot shellcode library payload victim

Defeating VMProtect’s Latest Tricks A colleague of mine recently came across a SystemBC sample that is protected with VMPro... 2023-2-9 18:42:4 | 阅读: 48 | 收藏 | cyber.wtf - cyber.wtf vmprotect windows scyllahide packer debugger

Windows Registry Analysis – Today’s Episode: Tasks When it comes to persistence of common off-the-shelf malware, the most commonly observe... 2022-6-1 20:25:17 | 阅读: 18 | 收藏 | cyber.wtf aligned bstr duration repetition windows

What the Pack(er)? Lately, I broke one of the taboos of malware analysis: looking into the packer st... 2022-3-23 22:17:22 | 阅读: 18 | 收藏 | cyber.wtf epoch drops payload

A Chapter Closes When we registered the domain cyber.wtf, G DATA Advanced Analytics (ADAN) was onl... 2022-2-23 01:3:59 | 阅读: 22 | 收藏 | cyber.wtf adan security 25t10 grown wtfcreation

Guess who’s back tl;dr: EmotetThe (slighty) longer story:On Sunday, November 14, at around 9:2... 2021-11-16 02:21:21 | 阅读: 79 | 收藏 | cyber.wtf microsoft rundll32 rundll loader

Trickbot rdpscanDll – Transforming Candidate Credentials for Brute-Forcing RDP Servers After some weeks of not seeing the RDP scanner module of Trickbot, I recently obse... 2020-08-31 16:02:00 | 阅读: 25 | 收藏 | cyber.wtf username letters capitalized digits needle

Using IDA Python to analyze Trickbot When analyzing malware, one often has to deal with lots of tricks and obfuscation techniques. In... 2019-03-22 17:03:49 | 阅读: 16 | 收藏 | cyber.wtf 42a648 python itp analysis decompiler

Dissecting GandCrab Version 4.3 GandCrab is a ransomware that has been around for over a year and steadily altere... 2018-11-13 00:42:48 | 阅读: 15 | 收藏 | cyber.wtf gandcrab x90 encryption network windows

One framework to build them all, one framework to name them, and in their IDBs to bind them Authors: Luca Ebach, Tilman FroschRejoice everyone, today we pushed bindifflib to... 2018-09-21 17:32:55 | 阅读: 11 | 收藏 | cyber.wtf bindifflib library compilers github pushed

Dissecting Olympic Destroyer – a walk-through After a destructive cyber attack had hit this year’s olympics, the malware was quickly dubbed Ol... 2018-03-28 21:41:22 | 阅读: 12 | 收藏 | cyber.wtf destroyer olympic spreading network remote

In debt to Retpoline Appendix was added on the 14th of Febuary 2018, in response to comments made to m... 2018-02-13 18:22:11 | 阅读: 7 | 收藏 | cyber.wtf retpoline rsb software lfence cpus