In this post, we'll demonstrate the Garbageman analysis tool. Garbageman is a .NET analysis tool that can be used to obtain information from packed or obfuscated .NET malware.
Here is …
In this post, we'll demonstrate the Garbageman analysis tool. Garbageman is a .NET analysis tool that can be used to obtain information from packed or obfuscated .NET malware.
Here is …
This post is a continuation of "Malware Unpacking With Hardware Breakpoints".
Here we will be utilising Ghidra to locate the shellcode, analyse the decryption logic and obtain the final decrypted …
Leveraging Ghidra to establish context and intent behind suspicious strings. Taking things one step further after initial analysis tooling like Pe-Studio and Detect-it-easy.
This is a great technique for working …
In this blog, we'll use Ghidra to analyse a suspicious imported function identified with PeStudio.
This forms a basic and repeatable workflow within Ghidra, where imported functions are cross-referenced to …
In this post, we will investigate a Vidar Malware sample containing suspicious encrypted strings. We will use Ghidra cross references to analyse the strings and identify the location where they …
We're all used to the regular CyberChef operations like "From Base64", From Decimal and the occasional magic decode or xor. But what happens when we need to do something more …
The purpose of the Defense Doctrine is to present to the Israeli economy an orderly professional method for managing cyber risks in the organization. Using the method presented in this document, the …
With the advancement of scamming technology, determining the authenticity of a site solely based on appearance has become exceedingly difficult. In the past, it was possible to identify fakes by …
CyberGordon quickly provides you threat and risk information about observables like IP address or web domain. This great tool is created by Marc-Henry Geay (contact page).
30+ fast engines …
Verizon’s 17th annual Data Breach Investigations Report (DBIR) for 2024 offers an in-depth look at the latest trends in data breaches and cyber security incidents. Analyzing data from over 30,458 incidents and 10,626 …
This week, CERT-AGID found and analysed, in the Italian scenario of its reference, a total of 27 malicious campaigns , of which 21 with Italian objectives and 6 generic ones which nevertheless affected …
In this blog post, we will go through a famous packing technique which is the use of VirualAlloc and VirtualProtect to decrypt data in memory and execute it, and how …
FortiGuard Outbreak Alerts provides key information about on-going cybersecurity attack with significant ramifications affecting numerous companies, organizations and industries.
Threat EncyclopediaBrowse the Fortiguard …
In the previous article https://8ksec.io/dissecting-windows-malware-series-process-injections-part-2/, we introduced the mechanism of Process Injection that malware use to achieve Stealth and Evasion. We saw direct implementation of:
Process Injection Process HollowingAnd the use of other …
Key Points
Escalated tensions between Iran and Israel could give rise to cyber threats. Several advanced persistent threat (APT) groups are involved on both sides: APT34, APT35, and CyberAv3ngers in…A collective awesome list of public (JSON) APIs for use in security.The list is supported by https://alexanderjaeger.deLearn about REST: https://github.com/marmelab/awesome-rest
Sample API used by hendryadrian.com https://www.hendryadrian.com/ransom/all.php
APIDescriptionAuthHTTPSLinkFree / CommercialAlexaAlexa Top…On April 3, 2024, a newly discovered ransomware group surfaced as Senior Threat Analyst Rakesh Krishnan shed light. Known as Red CryptoApp, this group began its operations between February and March, coinciding …
In the previous article https://8ksec.io/dissecting-windows-malware-series-beginner-to-advanced-part-1/, we introduced the components of Malware Analysis: Basic Static, Advanced Static, Basic Dynamic, Advanced Dynamic – then, we delved into the analysis of a malware sample that was presented.
The analysis …
Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and …
The cloud presents opportunities for agility and scalability, but its shared responsibility model exposes organizations to new security challenges. In the face of …
Curated list of bookmarks that are usefulf or OSINT activities. They are broken down into appropriate categories such as:
Search Engines Services Lists Leak Sites (to monitor if yours or…Curated bookmark list categorized by area and event monitoring, person of interest search, corporate profiling, mapping, AI, intelligence analysis, reporting tools, collective tools, cryptocurrency, country specific, verification and fact-checking.
They …
How to use:
Enter the username(s) in the search box, select any category filters & click the search icon or press CTRL+Enter Results will present as icons on the…Privileged Access Management (PAM) is a critical aspect of information security that focuses on controlling, managing, and monitoring the access and activities of privileged users within an IT environment. Privileged …
Email Security Appliances (ESAs) are hardware or software solutions designed to protect an organization’s email system from a wide range of email-based threats. These appliances play a crucial role in …
“There are too many firewall features available today; I am using Cisco ASA as an example for this firewall topic.” Cisco ASA is a versatile network security device that combines …
As the digital landscape continues to evolve, the United States finds itself at the forefront of emerging cybersecurity challenges. With its critical infrastructure, extensive government networks, and vibrant economy, the …
Hacklido.com is a cybersecurity community platform focused on various aspects of ethical hacking, security research, and cybersecurity knowledge sharing. The website hosts a range of content including blogs on topics …
Content :
Introduction to SOC What is a Use Case in SOC? Use Case Life Cycle Use Case Management Challenges in Use Case Management Best Practices Introduction to SOC (Security…Amibreached.com is a service developed by Cyble Inc., designed to help individuals and companies determine if their personal data has been exposed on the dark web. The platform allows users …
While most cloud CLI tools provide a one-to-one correlation between an API being invoked and a single corresponding API event being generated in cloud log telemetry, browser-based interactive console …
Since its discovery in early 2023, Akira ransomware has evolved from a seemingly ordinary addition to the ransomware landscape to a significant threat affecting a wide range of businesses and …
Hard disks are the containers that hold our evidence files “from the investigator’s perspective”, understanding them is mandatory for every forensic analyst as they can provide valuable information within the …
Hello, I’m RyotaK ( @ryotkak ), a security engineer at Flatt Security Inc.
Recently, I reported multiple vulnerabilities to several programming languages that allowed an attacker to perform command injection on …
What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground it when it goes wrong? An Active Adversary …
The list comprises 25 influential figures in the technology sector, arranged by age from youngest to oldest. These individuals are recognized for their significant contributions across various areas of technology, …
1. Unsupervised Learning
An experienced cybersecurity expert, consultant and writer, Miessler takes a personal approach on his blog with an “about me” page …
Experience Level required: beginner
In this blog we will Learn how to analyze MS Office Macro enabled Documents.
1st sample: 8d15fadf25887c2c974e521914bb7cba762a8f03b1c97a2bc8198e9fb94d45a5 2nd sample: a9f8b7b65e972545591683213bb198c1767424423ecc8269833f6e784aa8bc99Let’s see the sample in Virus …
A Virtual Private Network (VPN) is a technology that creates a secure and encrypted connection over a less secure network, such as the internet. It allows users to send and …
Krebs on Security is a popular blog focused on in-depth security news and investigations. It’s authored by Brian Krebs, a well-known journalist in the field of cybersecurity. The site provides …
Anyone who has had to deal with HTML emails on a technical level has probably reached the point where they wanted to quit their job or just set fire to …
Cyber threat intelligence (CTI) is a framework for collecting, processing, and analyzing information about potential or ongoing cyber threats.
Put simply, it’s the collection of various types of threat …
Phishing is one of the most common and effective cyberattack vectors that threat actors use to compromise email accounts, steal sensitive data, and deliver malware. Recently, we have observed a …
Password spray: hydra -L users.txt -P seasons-2023.txt 192.168.37.237 smb -u
DefenderCount successful (4624) and failed (4625) logins:
Get-WinEvent -Path C:\labs\valkyrie-security-logons.evtx | Group-Object id -NoElement | …
CyberChef – The Cyber Swiss Army Knife – is a web-based utility that allows analysts to manipulate or transform inputs based on a series of steps called …
We hear about “cyber attacks” in the news every week! But – what actually happens ‘during’ the attack, what happens in the background, behind the scenes, from the moment the …
A proxy server is an intermediary system that sits between end users and the websites or services they access online. It provides functions like web filtering, enhanced security, and data …