ThreatLabz has released an IDA plugin to deobfuscate the strings for previous versions of #Pikabot .

Read our blog here: zscaler.com/blogs/security…

The source code for the IDA plugin can be found here: github.com/threatlabz/pik…

Check out our technical analysis of #Qakbot ’s 15 year evolution. From a banking trojan to an initial access broker, the threat group has proven to be remarkably resilient with continuous improvements to the network communication, encryption, and obfuscation. Blog link:

Hybrid Analysis Kicks Off 2024 With a Fresh Look and New Features!🥳 Read more about it here and let us know what you think! hybrid-analysis.blogspot.com/2024/01/hybrid… #HybridAnalysis

#Zloader aka #SilentNight is back! Check out our technical analysis of Zloader version 2.1.7.0, where we uncover the new obfuscation techniques, updates to the DGA, and the addition of RSA to network encryption. Blog link: zscaler.com/blogs/security…

The #NoName ransomware group has created a data leak site located at: …d3s45s4i3egq5bqtl72kgum4ldc6qyd.onion

Ransom note: github.com/threatlabz/ran…

Sono lieto di annunciare la disponibilità del primo corso di malware analysis in italiano: 'Introduzione alla malware analysis: Un approccio pratico'

Oltre 9 ore di corso: t.ly/WPhap (utilizzate questo link, non cercate il corso su udemy ^^)

condivisione gradita :)

STPyV8 now available on PyPi!

“pip install stpyv8” is the only command you need now, no further steps required.

pypi.org/project/stpyv8/

Great work Angelo Dell'Aera

#Qakbot is back! The new version is 64-bit, uses AES for network encryption, and sends POST requests to the path /teorema505.

Yesterday i did a small presentation at Oh My Hack about fixing pe files - you can find my slides here malwarelab.pl/t/omh2023

Turns out that wining ctfs and having silly articles about it in media actually make sense - allows desperate ppl to find help and hacker’s mindset makes helping possible when everything else failed. Great work:)

22/12
2° #Aperitech della #MetroOlografix

Il #talk sarà tenuto da Lorenzo 'Lopoc' Cococcia e Michelangelo 'pinguin0' Morrillo
ore 18:30 da @BearIT, Strada Prati 67 a #Pescara
Prenota il tuo posto (è gratis!) su loading.moca.camp

Sarà anche in diretta sui nostri canali

My newest blog series'ThreatLabz Discovers 117 Vulnerabilities in Microsoft 365 Apps Via the SketchUp 3D Library', part 1: zscaler.com/blogs/security… and part 2: zscaler.com/blogs/security…, which is the blog version of presentation at Bluehat October 2023.

ThreatLabz discovered 117 #vulnerabilities in #Microsoft 365 apps that use the #SketchUp 3D library.

Check out part 1 of our blog series that delves into the methodologies and technical details: zscaler.com/blogs/security….

Part 2 coming soon!

medium.com/walmartglobalt… New IcedID related loader being tested

27/10
primo #Aperitech della #MetroOlografix
una serie di incontri che ci accompagnerà fino al #MOCA (13-15/09/2024)

Il primo #talk sarà del nostro socio Valerio ftp21
alle ore 19:00 da Netsons , in via Tirino 99 a #Pescara

Prenota il tuo posto (è gratis!) su loading.moca.camp

Just released patator v1.0 github.com/lanjelot/patat…

In the spirit of 'this talk could've been a tweet', I just pushed a button:

#BinDiff is now open source.

- Snapshot release, no major new functionality
- Release binaries later today or tomorrow
- This is my 20% and I won't we able to act on PRs until end of Q4 (OOO traveling)

Do you like unpacking malware? We too! During our recent #AgentTesla analysis we wrote unpacker for #DotRunPeX , and decided to share it. Read our blog post for more info: cert.pl/en/posts/2023/…

Sì, ci sarà un MOCA 2024...!
moca.camp #Back to the r00t_

🕵️ Dive into the world of #HijackLoader , the latest cybersecurity threat delivering malware families including Danabot, SystemBC, and RedLine Stealer. Read about its tactics, evasion methods, and module structure here: zscaler.com/blogs/security…