Malware / Ransomware / Malicious solutions

The GitHub repository «V-i-x-x/AMSI-BYPASS» provides information about a vulnerability known as «AMSI WRITE RAID» that can be exploited to bypass the Antimalware Scan Interface (AMSI). 📌Vulnerability Description: The «AMSI WRITE RAID» vulnerability allows attackers to overwrite specific writable entries in the AMSI call stack, effectively bypassing AMSI’s protections. 📌Writable Entries: The repository highlights that multiple entries in the AMSI call stack are writable and can be targeted to achieve the bypass...

By leveraging Windows Event Logs and integrating with advanced detection systems, organizations can better protect themselves against the growing threat of browser data theft. 📌Windows Event Logs: The method leverages Windows Event Logs to detect suspicious activities that may indicate browser data theft. This includes monitoring specific event IDs and patterns that are indicative of malicious behavior. 📌Event IDs: Key event IDs to monitor include Event ID 4688 to Tracks process creation, which...

📌Function and Package Names: Nimfilt demangles Nim-specific function and package names, making them more readable and easier to analyze. 📌Package Init Function Names: It also demangles the initialization function names of Nim packages. 📌Nim Strings: Nimfilt applies C-style structs to Nim strings, which helps in interpreting the data structures within the binary. This includes identifying the length and payload of the strings. 📌IDA Plugin: Nimfilt can be used as an IDA plugin, where it organizes functions into directories based on their package name or path...

The security updates announced at Google I/O 2024 are poised to enhance the security and privacy of Android devices significantly, impacting various industries by reducing fraud, protecting sensitive data, and fostering greater trust in mobile technologies. Key Points Google Play Protect Live Threat Detection: 📌Functionality: Scans 200 billion Android apps daily using on-device AI to detect and mitigate malware and fraudulent apps. 📌Implementation: Uses Private Compute Core for privacy-preserving analysis...

The Chalubo RAT malware campaign targeted specific models of Actiontec and Sagemcom routers, primarily affecting Windstream’s network. The malware used brute-force attacks to gain access, executed payloads in memory to avoid detection, and communicated with C2 servers using encrypted channels. The attack led to a significant outage, requiring the replacement of over 600,000 routers, highlighting the need for robust security measures and regular updates to prevent such incidents. 📌Windstream: The...

Unpacking with more detail: check source Another riveting document on the ever-so-secure world of Small Office/Home Office (SOHO) routers. This time, we’re treated to a delightful analysis that dives deep into the abyss of security defects, exploits, and the catastrophic impacts on critical infrastructure. The document serves up a qualitative smorgasbord of how these devices are basically open doors for state-sponsored cyber parties. It’s a must-read for anyone who enjoys a good cyber security scare, complete with a guide on how not to design a router...