How to Detect Phishing Attacks Faster: Tycoon2FA Example

It takes just one email to compromise an entire system. A single well-crafted message can bypass filters, trick employees, and give attackers the access they need. Left undetected, these threats can lead to credential theft, unauthorized access, and even full-scale breaches. As phishing technique...

Inside XWorm: Malware Analysts Decode the Stealthy Tactics of the Latest Variant

XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe. Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its...

PT-2023-10358 · Undefined · Undefined

ParsedReport ChatGPT Translated Autotext: RSTReportsAnalyser + ChatGPT + Google Translate|DeepL ------ Основная идея: В данной статье рассматривается недавняя активность GuLoader или ModiLoader/DBatLoader и приводятся индикаторы компрометации IOC для заражения Formbook "QM18". В статье также...

How to Successfully Pursue a Career in Malware Analysis

Are you looking to becoming a malware analyst? Then continue reading to discover how to gain the training you need and start a career in malware analysis career. Did you know that new malware is released every seven seconds? As more and more systems become reliant on the internet, the proliferati...

Calling Local Windows RPC Servers from .NET

Posted by James Forshaw, Project Zero As much as I enjoy finding security vulnerabilities in Windows, in many ways I prefer the challenge of writing the tools to make it easier for me and others to do the hunting. This blog post gives an overview of using some recent tooling I’ve released as part...

First-Ever Ransomware Found Using 'Process Doppelgänging' Attack to Evade Detection

Security researchers have spotted the first-ever ransomware exploiting Process Doppelgänging, a new fileless code injection technique that could help malware evade detection. The Process Doppelgänging attack takes advantage of a built-in Windows function, i.e., NTFS Transactions, and an outdated...

Equifax Takes Down Compromised Page Redirecting to Adware Download

Update: Equifax said Thursday afternoon that it was not compromised and instead confirmed it was a third-party partner’s code running on the Equifax site that was serving adware. Below is Equifax’s statement: “Despite early media reports, Equifax can confirm that its systems were not compromised...

DKMC - Malicious Payload Evasion Tool

Don't kill my cat is a tool that generates obfuscated shellcode that is stored inside of polyglot images. The image is 100% valid and also 100% valid shellcode. The idea is to avoid sandbox analysis since it's a simple "legit" image. For now the tool rely on PowerShell the execute the final...

Graftor - But I Never Asked for This…

This post is authored by Holger Unterbrink and Matthew MolyettOverviewFree software often downloaded from large freeware distribution sites is a boon for the internet, providing users with functionality that otherwise they would not be able to use. Often users, happy that they are getting somethi...

New Campaign Shows Dridex Active, Targeting the French

Two weeks after authorities announced they had taken down the botnet behind the banking malware Dridex, new research suggests the threat is alive and well. Researchers with security company Invincea announced today that they’ve noticed 60 instances of attackers dropping Dridex on users in France,...

Malware Detection Must Soon Recognize Evasive Behaviors

Criminals and advanced attackers have long fortified malware with features that help malicious code stay hidden from analysis. We’ve seen malware samples that determine if they’re being executed in a sandbox or virtual machine, or over remote desktop protocol connections, and stay quiet until...

On the web Trojan automated analysis of two small ideas-vulnerability warning-the black bar safety net

Author: rayh4c 80sec Now online web Trojans and more are several sets of a fixed code, The changes are not many, including script code encryption methods, almost all is to explain the type of encryption, since the hack is performed the process of hanging horse, Inglés for the automated analysis o...