Leveraging Ghidra to establish context and intent behind imported functions.
Category: Interesting Stuff
Manual identification, decryption and fixing of encrypted strings using Ghidra and x32dbg.
Advanced CyberChef techniques using Registers, Regex and Flow Control
The purpose of the Defense Doctrine is to present to the Israeli economy an orderly professional method for managing cyber risks in the organization. Using the method presented in this document, the organization will recognize the risks relevant to it, formulate a defensive response a…
With the advancement of scamming technology, determining the authenticity of a site solely based on appearance has become exceedingly difficult. In the past, it was possible to identify fakes by carefully observing discrepancies such as logo size, layout, wording, domain, etc., which scammers often overlooked when creating spoofed websites or emails. However,…
No one is safe from scams, especially targeted scams that are designed using social engineering techniques. Targeted scams, unlike individual-targeted phishing or investment frauds, are carefully crafted attack scenarios based on pre-collected information about the target. These attacks, such as bus…
Cybergordon.com CyberGordon quickly provides you threat and risk information about observables like IP address or web domain. This great tool is created by Marc-Henry Geay (contact page). 30+ fast engines – CyberGordon submits your observables to multiple sources (engines) to ensure good coverage in…
In questa settimana, il CERT-AGID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento un totale di 27 campagne malevole, di cui 21 con obiettivi italiani e 6 generiche che hanno comunque interessato l’Italia, mettendo a disposizione dei suoi enti accreditati i relativi 305 indicatori di compromissione (IOC) individuati.
In this blog post, we will go through a famous packing technique which is the use of VirualAlloc and VirtualProtect to decrypt data in memory and execute it, and how to unpack it manually, we are going to apply it to Death Ransomware malware What is packed malware? packed malware refers to malicious…
Threat Research Map FortiGuard Outbreak Alerts FortiGuard Outbreak Alerts provides key information about on-going cybersecurity attack with significant ramifications affecting numerous companies, organizations and industries. Threat Encyclopedia Browse the Fortiguard Labs extensive encyclopedia of t…
In the previous article https://8ksec.io/dissecting-windows-malware-series-process-injections-part-2/, we introduced the mechanism of Process Injection that malware use to achieve Stealth and Evasion. We saw direct implementation of: Process Injection Process Hollowing And the us…
Key Points Escalated tensions between Iran and Israel could give rise to cyber threats. Several advanced persistent threat (APT) groups are involved on both sides: APT34, APT35, and CyberAv3ngers in Iran, and Predatory Sparrow in Israel. Iranian-affiliated APTs utilize a wide array of TTPs, includin…
A collective awesome list of public (JSON) APIs for use in security.The list is supported by https://alexanderjaeger.deLearn about REST: https://github.com/marmelab/awesome-rest Sample API used by hendryadrian.com >> https://www.hendryadrian.com/ransom/all.php APIDescriptionAuthHTTPSLinkFree / Comme…
In the previous article https://8ksec.io/dissecting-windows-malware-series-beginner-to-advanced-part-1/, we introduced the components of Malware Analysis: Basic Static, Advanced Static, Basic Dynamic, Advanced Dynamic – then, we delved into the analysis of a malware sam…
Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and cost-effective platform that helps businesses drive growth and innovation. However, as organizations migrate to the cloud, they face a complex and…