In this report, we will analyze the MATANBUCHUS loader, a C++ malware, to determine its function and capabilities: API Hashing Stack Strings Checks number of running process PEB Traversal Anti-Sandbox techniques We’ll start with resolving APIs and decoding the strings, then proceed through the loade…
Category: Interesting Stuff
A bug bounty program is essentially a legalized hacking arrangement where organizations offer rewards to ethical hackers (also called bug bounty hunters) for discovering and reporting vulnerabilities in their software, systems, or websites. Here’s a deeper dive into how bug bounties work: Benefits f…
Microsoft 365 (formerly Office 365) is Microsoft’s cloud-based suite of productivity tools, which includes email, collaboration platforms, and office applications. All are integrated with Entra ID (referred to as Azure AD in this post) for identity and access management. M365’s centra…
The digital device that we use the most in our daily lives is mobile phone. It is used in a wide range of daily activities such as communication, searching, shopping, making payment, verifying identity, and investing. Some people do not own personal computers, but almost everyone these days have mobile phones….
The COM Hijacking technique is often utilized by threat actors and various malware families to achieve both persistence and privilege escalation in target systems. It relies on manipulating Component Object Model (COM), exploiting the core architecture of Windows that enables com…
The New Technology File System (NTFS) is a file system developed and introduced by Microsoft in 1995, It was produced to overcome some limitations and offer new features. Hard-links Improved performance, reliability, and disk space utilization Security access control lists File system journaling Her…
https://web-check.xyz/ Supported Checks IP Info SSL Chain DNS Records Cookies Crawl Rules Headers Quality Metrics Server Location Associated Hosts Redirect Chain TXT Records Server Status Open Ports Traceroute Carbon Footprint Server Info Whois Lookup Domain Info DNS Security Extensions Site Feature…
https://www.shadowstackre.com/ – Committed to delivering high quality malware intelligence and services to the cybersecurity community. Open this link : https://github.com/ShadowStackRe/intel/tree/master/rules/yara Example :YARA to detect Cactus Ransomwarestrings:$strReadMe = “cAcTuS.readme.txt” wid…
The basic idea revolves around gafAsyncKeyState (gaf = global af?), which is an undocumented kernel structure in win32kbase.sys used by NtUserGetAsyncKeyState (this structure exists up to Windows 10 – more on that at the end or in the talk linked above). By first locati…
10. can I speak to your manager? hacking root EPP servers to take control of zones In tenth place, we have a beautiful insight into some overlooked and incredibly valuable attack-surface. In can I speak to your manager? hacking root EPP servers to take control of zones, Sam Curry, Brett Buerhau…
APIs (Application Programming Interfaces) have become integral components of modern software systems, facilitating communication and interaction between various applications and services. However, they also represent a significant attack surface, susceptible to a variety of malicious activities. Thi…
iPurpleTeam, has developed the following framework considering various components that are required to safeguard that rules will be developed in an threat aligned and reliable manner. https://github.com/netbiosX/iPurpleTeam/blob/main/Detection-Engineering/Detection-Rules-Development-Framework.md Rul…
This is a series that explores methods attackers might use to maintain persistent access to a compromised linux system. To do this, Pberba will take an “offense informs defense” approach by going through techniques listed in the MITRE ATT&CK Matrix for Linux. Pberba will try to: Give examples of…
We are connected to the digital world that provides us with numerous utilities and entertainment, but sometimes it presents us with undesirable encounters. Online frauds and scams are examples of such encounters. Online scams are not simply at the level of disrupting individuals’ daily lives like mass-marketed commercial spam emails. Scamming…
Wireshark Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffe…