Collaborate Disseminate
YARA is a powerful tool designed primarily to aid malware researchers in identifying and categorizing malware samples, though its applications are broader. The tool enables users to create detailed descriptions, or “rules,” for malware fami… Continue reading YARA: Open-source tool for malware research
We are experiencing an issue on our WordPress site running WooCommerce, for the second time this year where a hacker is injecting some kind of script that is redirecting the stripe.js code from it’s native location at stripe to an offsite … Continue reading WordPress Site Hacked to redirect stripe.js offsite for credit card skimming – Can’t Find The Source
A case here: https://www.virustotal.com/gui/file/416b4499cd364f8d645e7bcd591ca4ac71ad1227e4a888c7f1d49e90445e07e2/behavior
You can get the file I uploaded here (POSTNTFS.EXE inside the zip file): https://github.com/joshudson/dossuperfloppy… Continue reading Why do sandboxes detect behaviour that isn’t in the binary?
x64dbg is an open-source binary debugger for Windows, designed for malware analysis and reverse engineering of executables without access to the source code. It offers a wide range of features and a plugin system, allowing you to customize and extend i… Continue reading x64dbg: Open-source binary debugger for Windows
Neither are recent, but I’ve encountered two websites that are on benign subjects but appear to be compromised and/or have triggered/transient pop-ups or redirects that seem malicious.
I run websites I’m not familiar with through Virus Tot… Continue reading Confirm If Website Unsafe/Compromised
MISP is an open-source threat intelligence and sharing platform for collecting, storing, distributing, and sharing cybersecurity indicators and threats related to incident and malware analysis. MISP is designed by and for cybersecurity, ICT professiona… Continue reading MISP: Open-source threat intelligence and sharing platform
Following some suspicious activities on my PC, and also out of a general interest, I would like to expand my knowledge in IT forensics.
This quickly makes one aware of the complexity of the subject, and also how vague and elusive it feels … Continue reading What types of events in ProcMon are malicious?
I don’t even own a windows based PC, but my abusive criminal hacker does. While going through my settings to, as always, keep checking for signs that he’s hacked me again (he stole my SS number, so he can literally track me via anything li… Continue reading https://d1af033869.koo7.cloudfront.net why am I finding these things on my android when I dont own a windows based PC [closed]
I watched this YouTube video where the uploader connected a Windows 2000 virtual machine directly to the internet, no NAT or firewall.
Within minutes, his VM is infected with malware, the overwhelming majority of which is quite old. No bro… Continue reading How long does malware last "in the wild"?
An analysis of 100,000+ Windows malware samples has revealed the most prevalent techniques used by malware developers to successfully evade defenses, escalate privileges, execute the malware, and assure its persistence. Malware tactics and techniques T… Continue reading The most prevalent malware behaviors and techniques