Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @Reb311ion
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @Reb311ion
-
Replica.
#Ghidra#script that aims to help in#malware#analysis. https://github.com/reb311ion/replica …pic.twitter.com/j47SfjUY2l
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The analysis ended up having a full
#understanding of the#malware main#functionalites mostly#important the#password#harvester function that collects credentials from over 30#applications and a#total of 9#IOCs.pic.twitter.com/nGSLMHQSmg
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The code
#core#functionalities and how it#collects and#sends data over#SMTP was somehow#uniquepic.twitter.com/K9k2g3pUyJ
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
#Dumping the .NET#resource and#deobfuscating the#heavily#obfuscated code ended up having a clean file ready for code#analysis.pic.twitter.com/qeZFuC3p6QPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Moving to the second
#stage where I dumped the#process being#hollowed before the#call to#NtResumeThread to have another#obfuscated file that reads and#decrypts a#VB .NET#resource then sets the#context to run .NET managed code within itself, it then jumps to#CoreExeMainpic.twitter.com/uYuCKX5Azq
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The file will then
#drop two files .vbs and .exe to %temp%\subfolder directory, the .vbs will achieve#persistence.pic.twitter.com/LhoFDjWVvO
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
#AgentTesla:#Deep#Malware#Analysis of a visual basic#spyware#Trojan Complete Blog: http://reb311ion.com/MalwareAnalysisReports/AgentTesla/ … Starting with a#Maldoc containing an#OLE package found to be an#executable file, clicking the OLE icon will#execute the file from %temp%,pic.twitter.com/lEemjGCVlF
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Moving to the
#second#stage where I#dumped the process being#hollowed before the call to#NtResumeThread to have another#obfuscated file that reads and decrypts a#VB .NET#resource then sets the context to run .NET managed#code within itself, it then jumps to#CoreExeMain.pic.twitter.com/sv7BC5OiiS
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
clicking the OLE icon will execute the file from %temp%, the file will then drop two files .vbs and .exe to %temp%\subfolder directory and which will achieve persistence.pic.twitter.com/MnkBLql3MC
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Reb311ion proslijedio/la je Tweet
Anywhere can be paradise as long as you have the will to live. 新世紀エヴァンゲリオンpic.twitter.com/bC2G5UYPzS
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Reb311ion proslijedio/la je Tweet
You can do it. I believe in you.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.