unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Destructive IoT Malware Emulation – Part 3 of 3 – Statistics
Welcome back to Part 3, the final part of our series...
2024-10-15 00:0:0 | 阅读: 4 |
收藏
|
cyber.wtf - cyber.wtf
acidrain
cov
emulation
drcov
qiling
Parsing Fortinet Binary Firewall Logs
Earlier this year, we had a case where we were given...
2024-8-30 16:50:0 | 阅读: 8 |
收藏
|
cyber.wtf - cyber.wtf
endian
tlog
logbase
llog
lz4
Destructive IoT Malware Emulation – Part 2 of 3 – Hooking Techniques
Welcome back to part 2 of our IoT Malware Emulation...
2024-8-1 17:37:2 | 阅读: 6 |
收藏
|
cyber.wtf - cyber.wtf
acidrain
0x3
mtd
0x00401a44
qiling
Give Me Your FortiGate Configuration Backup and I Rule Your Network
In a recent incident response case we were as always searching for the initial ac...
2024-6-13 18:55:31 | 阅读: 4 |
收藏
|
cyber.wtf - cyber.wtf
mary
encryption
fig
passwords
webui
Destructive IoT Malware Emulation – Part 1 of 3 – Environment Setup
Everyone who has delved a bit into malware analysis knows that you don’t actually need...
2024-3-28 19:39:46 | 阅读: 12 |
收藏
|
cyber.wtf - cyber.wtf
qiling
emulation
acidrain
0x3
sda
Recovering data from broken appliance VMDKs
Once in a while, a customer may give you a virtual disk image for an appliance that nee...
2024-3-1 01:4:24 | 阅读: 10 |
收藏
|
cyber.wtf - cyber.wtf
vmdk
sectors
incomplete
dealing
sparse
The csharp-streamer RAT
In an Incident Response case earlier this year, we encountered an interesting piece of...
2023-12-6 20:42:11 | 阅读: 13 |
收藏
|
cyber.wtf - cyber.wtf
powershell
streamer
csharp
library
ransomware
Config Extraction from in-memory CobaltStrike Beacons
Recently we had a case where threat actors deployed CobaltStrike, which has become a co...
2023-10-13 21:43:33 | 阅读: 14 |
收藏
|
cyber.wtf - cyber.wtf
beacon
memory
dmp
volatility
QakBot Takedown Payload Analysis
In a recent international operation, law enforcement agencies from the US and EU...
2023-9-1 20:33:52 | 阅读: 17 |
收藏
|
cyber.wtf - cyber.wtf
qakbot
shellcode
library
payload
victim
Defeating VMProtect’s Latest Tricks
A colleague of mine recently came across a SystemBC sample that is protected with VMPro...
2023-2-9 18:42:4 | 阅读: 48 |
收藏
|
cyber.wtf - cyber.wtf
vmprotect
windows
scyllahide
packer
debugger
Windows Registry Analysis – Today’s Episode: Tasks
When it comes to persistence of common off-the-shelf malware, the most commonly observe...
2022-6-1 20:25:17 | 阅读: 18 |
收藏
|
cyber.wtf
aligned
bstr
duration
repetition
windows
What the Pack(er)?
Lately, I broke one of the taboos of malware analysis: looking into the packer st...
2022-3-23 22:17:22 | 阅读: 18 |
收藏
|
cyber.wtf
epoch
drops
payload
A Chapter Closes
When we registered the domain cyber.wtf, G DATA Advanced Analytics (ADAN) was onl...
2022-2-23 01:3:59 | 阅读: 22 |
收藏
|
cyber.wtf
adan
security
25t10
grown
wtfcreation
Guess who’s back
tl;dr: EmotetThe (slighty) longer story:On Sunday, November 14, at around 9:2...
2021-11-16 02:21:21 | 阅读: 79 |
收藏
|
cyber.wtf
microsoft
rundll32
rundll
loader
Trickbot rdpscanDll – Transforming Candidate Credentials for Brute-Forcing RDP Servers
After some weeks of not seeing the RDP scanner module of Trickbot, I recently obse...
2020-08-31 16:02:00 | 阅读: 25 |
收藏
|
cyber.wtf
username
letters
capitalized
digits
needle
Using IDA Python to analyze Trickbot
When analyzing malware, one often has to deal with lots of tricks and obfuscation techniques. In...
2019-03-22 17:03:49 | 阅读: 16 |
收藏
|
cyber.wtf
42a648
python
itp
analysis
decompiler
Dissecting GandCrab Version 4.3
GandCrab is a ransomware that has been around for over a year and steadily altere...
2018-11-13 00:42:48 | 阅读: 15 |
收藏
|
cyber.wtf
gandcrab
x90
encryption
network
windows
One framework to build them all, one framework to name them, and in their IDBs to bind them
Authors: Luca Ebach, Tilman FroschRejoice everyone, today we pushed bindifflib to...
2018-09-21 17:32:55 | 阅读: 11 |
收藏
|
cyber.wtf
bindifflib
library
compilers
github
pushed
Dissecting Olympic Destroyer – a walk-through
After a destructive cyber attack had hit this year’s olympics, the malware was quickly dubbed Ol...
2018-03-28 21:41:22 | 阅读: 12 |
收藏
|
cyber.wtf
destroyer
olympic
spreading
network
remote
In debt to Retpoline
Appendix was added on the 14th of Febuary 2018, in response to comments made to m...
2018-02-13 18:22:11 | 阅读: 7 |
收藏
|
cyber.wtf
retpoline
rsb
software
lfence
cpus
Previous
-7
-6
-5
-4
-3
-2
-1
0
Next