Search found 18 matches

by TechLord
Wed Mar 14, 2018 10:45 am
Forum: Reverse Engineering and Debugging
Topic: Direct Memory Access (DMA) Attack Software - Map Processes to Files and Folders - DMA over PCIe
Replies: 0
Views: 3264

Direct Memory Access (DMA) Attack Software - Map Processes to Files and Folders - DMA over PCIe

Direct Memory Access (DMA) Attack Software - Map Processes to Files and Folders - DMA over PCIe (No Drivers Needed on Target System) Github Sources Project Wiki Pages Youtube Channel with Example Videos Capabilities: Retrieve memory from the target system at >150MB/s. Write data to the target syste...
by TechLord
Wed Mar 14, 2018 10:39 am
Forum: Malware
Topic: Reverse engineering of Mikrotik exploit from Vault 7 CIA Leaks
Replies: 0
Views: 3085

Reverse engineering of Mikrotik exploit from Vault 7 CIA Leaks

Reverse engineering of Mikrotik exploit from Vault 7 CIA Leaks

Working PoC (Full Sources) and Chimay Red Persistence Exploit - PDF Article
by TechLord
Wed Mar 14, 2018 10:36 am
Forum: Malware
Topic: OceanLotus : Old Techniques, New Backdoor
Replies: 0
Views: 2627

OceanLotus : Old Techniques, New Backdoor

Full PDF Article here . Excerpt from the Intro : The OceanLotus group, also known as APT32 and APT-C-00, is infamous for its campaigns targeting the eastern part of Asia. A great deal of research about this group was published last year, including papers such as those from CyberReason, a lengthy gl...
by TechLord
Mon Mar 05, 2018 12:55 pm
Forum: Malware
Topic: Unpacking Gootkit Malware With IDA Pro and X64dbg [OA Labs]
Replies: 0
Views: 3415

Unpacking Gootkit Malware With IDA Pro and X64dbg [OA Labs]

An Youtube Video Demonstration by OA Labs : Unpacking Gootkit Malware With IDA Pro and X64dbg Details: Open Analysis Live! They use IDA Pro and x64dbg to unpack a recently packed Gootkit malware (stage1). Video bookmarks to skip ahead : - Deobfuscating strings with IDA Python 5:15 - Identify anti-a...
by TechLord
Sat Mar 03, 2018 3:51 pm
Forum: Completed Malware Requests
Topic: Ramnit Banker Sample Request
Replies: 1
Views: 2296

Ramnit Banker Sample Request

Looking for this sample please:

Name : 20170117_bilo157_RAMNIT_BANKER.exe
MD5 : 6ee3d4e6b9cec67165e90f7ee7c9c33b
SHA256 : 39c5003a4632b26bb461f07a4a253982774ece0d2afd308e8e6fdb033b5cf6a4

Link Reference : VirusTotal

Thank you
by TechLord
Sat Mar 03, 2018 11:08 am
Forum: Malware
Topic: Operation Honeybee - Malicious Doc Targeting Humanitarian Gr
Replies: 1
Views: 3050

Operation Honeybee - Malicious Doc Targeting Humanitarian Gr

Link to original page : McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups Repository containing Indicators of Compromise and Yara rules Excerpts from the web page : McAfee Advanced Threat Research analysts have discovered a new operation targeting hu...
by TechLord
Fri Mar 02, 2018 7:06 am
Forum: Malware
Topic: Stowaway Virut delivered with Chinese DDoS bot
Replies: 0
Views: 2507

Stowaway Virut delivered with Chinese DDoS bot

Blast from the past: stowaway Virut delivered with Chinese DDoS bot Analysis and Write-up by Hasherezade. Intro Excerpt from the Malware-Bytes Analysis Page : Recently, we described an unusual Chinese drive-by attack that was delivering a variant of the Avzhan DDoS bot. The attack also contained mu...
by TechLord
Fri Mar 02, 2018 2:46 am
Forum: Reverse Engineering and Debugging
Topic: VMware Exploitation through Uninitialized Buffers
Replies: 0
Views: 3241

VMware Exploitation through Uninitialized Buffers

A short extract from the blog : As we approach Pwn2Own 2018, I’m reminded of some of the exploits we saw at last year’s contest. Of course, the most interesting bugs we saw involved guest-to-host escalation in VMware. Recently, we presented “l’art de l’évasion: Modern VMware Exploitation techniques...
by TechLord
Fri Feb 23, 2018 10:08 pm
Forum: Malware
Topic: Avzhan DDoS bot dropped by Chinese drive-by attack
Replies: 0
Views: 2639

Avzhan DDoS bot dropped by Chinese drive-by attack

The Avzhan DDoS bot has been known since 2010, but recently we saw it in wild again, being dropped by a Chinese drive-by attack. In this post, they take a deep dive into its functionality and compare the sample captured with the one described in the past . Article Link : https://blog.malwarebytes.co...
by TechLord
Fri Feb 23, 2018 2:50 pm
Forum: Completed Malware Requests
Topic: Trickbot Sample Request
Replies: 1
Views: 1965

Trickbot Sample Request

Looking for this sample please :

MD5: ef93a3f412c82c3fc9d9e75a8d428a4d
Type : TrickBot with virus-like activity
Link Reference : https://www.virustotal.com/#/file/cc6da ... ee/details

Thank you