We are connected to the digital world that provides us with numerous utilities and entertainment, but sometimes it presents us with undesirable encounters. Online frauds and scams are examples of such encounters. Online scams are not simply at the level of disrupting individuals’ daily lives like mass-marketed commercial spam emails.…
Category: Interesting Stuff
Wireshark
Read More Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.…
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.…
Reliable uptime monitoring Uptime Robot…
Today’s attackers are taking advantage of changing business dynamics to target people everywhere they work. Staying current on the latest cybersecurity attack vectors and threats is an essential part of securing the enterprise against breaches and compromised data.…
Reference : Australian Cyber Security Centre
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) leads the Australian Government’s efforts to improve cyber security. Our role is to help make Australia the most secure place to connect online.…
The primary goal of Malpedia is to provide a resource for rapid identification and actionable context when investigating malware. Openness to curated contributions shall ensure an accountable level of quality in order to foster meaningful and reproducible research.…
SANS Instructors have built more than 150 open source tools that support your work and help you implement better security. Search the lists on the following pages for the free tools that will help you get the job done.
Download PDF file :
https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/bltd8ba96a0fce78883/Free_Faculty_Tools.pdf…
This tool allows you to search files by reading the contents of a file.
Included Features
Regular expressions Concurrent multiple file types Recursive directory searching A “context” feature that selects the lines above and below your search expression, or view entire file Most Recently Used list for search paths, file types, and search text Ability to save or print all results or a selection Customize the colors used in the preview area Right click to open file with editor of your choice at specific line (if editor supports it) Match Whole Word Only Syntax highlighting when viewing full file contents (if extension supported) Summary of all results Free of charge and Open Sourcehttps://astrogrep.sourceforge.net/…
If you have anything to do with cyber security, you know it employs its own unique and ever-evolving language. Jargon and acronyms are the enemies of clear writing—and are beloved by cyber security experts. So Morphisec has created a comprehensive cyber security glossary that explains commonly used cybersecurity terms, phrases, and technologies.…
In previous posts we decoded some Malicious scripts and obtained Cobalt Strike Shellcode.
After obtaining the Shellcode, we used SpeakEasy emulation to determine the functionality of the Shellcode. This is a great method, but it’s not ideal to rely on “automated” style tooling to determine functionality.…
In this post, we will investigate a Vidar Malware sample containing suspicious encrypted strings. We will use Ghidra cross references to analyse the strings and identify the location where they are used.
Using this we will locate a string decryption function, and utilise a debugger to intercept input and output to obtain decrypted strings.…
In this blog, we’ll use Ghidra to analyse a suspicious imported function identified with PeStudio.
This forms a basic and repeatable workflow within Ghidra, where imported functions are cross-referenced to establish context and intent.
Not only does this establish context, but it almost always establishes an area of code that you can begin to work from within Ghidra.…
Leveraging Ghidra to establish context and intent behind suspicious strings. Taking things one step further after initial analysis tooling like Pe-Studio and Detect-it-easy.
This is great technique for working with Ghidra and establishing a starting point for analysis. Reducing total investigation time and determining why and how a string is contained within a file.…
This post is a continuation of “Malware Unpacking With Hardware Breakpoints”.
Here we will be utilising Ghidra to locate the shellcode, analyse the decryption logic and obtain the final decrypted content using Cyberchef.
Locating the Shellcode Decryption Function In GhidraAt the point where the hardware breakpoint was first triggered, the primary executable was likely in the middle of the decryption function.…
Intermediate
Improving Malware Analysis Workflows by Modifying the default Ghidra UI.
MatthewOct 25, 2023 — 4 min read
The Ghidra User interface can be intimidating and complicated for users who are not familiar with the tool.
In this post, I’ll go over some changes that I made in order to improve the usability of Ghidra and ensure a better analysis experience.…
Start with open https://siteconfig.fivefilters.org/
Enter a URL to the article for which you’d like custom extraction rules applied.
Select a block which appears to contain only the article content (or as close to it as possible).
Click Download Full-Text RSS site config to download a site config file for the site.…