Alexandre Borges

Pay attention when a malware is using Mailslots (similar to named pipes) for local communication on Windows: Mailslot Server (App. Client): CreateMailslot( ) + ReadFile( ) Mailslot Client (App. Server): CreateFile( ) + WriteFile( ) #reversing #security #malwarepic.twitter.com/ylXRcfeGut

(interesting) Keeping Windows Secure: (PDF) https://github.com/dwizzzle/Presentations/blob/master/David%20Weston%20-%20Keeping%20Windows%20Secure%20-%20Bluehat%20IL%202019.pdf … #microsoft #security #exploitation #fuzzing #windowspic.twitter.com/n6pXA7DqSQ

Few malware authors have been using thread's ownership changing to try to make analysis harder: void function2(std::thread x); .... std::thread function3(function1( )); function2(std::move(function3( )); #malware #reversing #programming #securitypic.twitter.com/FhpO92G4Dt

(interesting write-up) Introduction to SpiderMonkey exploitation: https://doar-e.github.io/blog/2018/11/19/introduction-to-spidermonkey-exploitation/ … #reversing #exploitation #securitypic.twitter.com/HlqNWRPqSU

Sharing a PCAP with Decrypted HTTPS: https://www.netresec.com/?page=Blog&month=2020-01&post=Sharing-a-PCAP-with-Decrypted-HTTPS … #security #malware #c2 #decryption #DoHpic.twitter.com/1w1n6GskJh

The BLAKE3 cryptographic hash function: https://github.com/BLAKE3-team/BLAKE3/ … #crypto #security #hashfunctionpic.twitter.com/879RCSP5S5

@kilijanek there isn't any problem with the malwoverview installation. When you installed it in a virtual environment, a copy of files are placed into the same directory, but the remaining Python's structures are kept. Please, if it's possible, so follow my step-by-step below.pic.twitter.com/pTUDolpjtE

Dear Kili, I've seen your report. However, I've repeat the test using a new Kali 2019 system and look at the sequence (including date) of image below... I'm going to reply you in the GitHub too. ;)pic.twitter.com/1DvXtz8AGu

Malwoverview 2.0.7 is online! This version allows installation using pip: $ pip3.7 install malwoverview (Linux) $ python -m pip install malwoverviewwin (Windows) Further information is available on: (Github) https://github.com/alexandreborges/malwoverview … #malware #dfir #threathunting #securitypic.twitter.com/bnDF3gLa2h

Messenger Hacking: Remotely Compromising an iPhone over iMessage: https://saelo.github.io/presentations/36c3_messenger_hacking.pdf … #exploitation #iOS #cve #securitypic.twitter.com/icKgaAy3xw

Microsoft Edge (Chromium) - EoP via XSS to Potential RCE: https://leucosite.com/Edge-Chromium-EoP-RCE/ … #exploitation #rce #securitypic.twitter.com/P7v8MUdwp6

(good reading) PatchGuard callback (542875F90F9B47F497B64BA219CACF69): https://github.com/0xcpu/ExecutiveCallbackObjects/tree/master/542875F90F9B47F497B64BA219CACF69 … #reversing #windows #security #patchguardpic.twitter.com/hRuoCGtCjT

UEFI firmware security overview: https://support.apple.com/guide/security/uefi-firmware-overview-seced055bcf6/web … #apple #uefi #firmware #securitypic.twitter.com/TEC6cLTpcK

Finally: Malwoverview 2.0 (in Python 3.x) is available! https://github.com/alexandreborges/malwoverview … There're so many news, so it's better to check on the GitHub ;) #malware #threatintelligence #threathunting #securitypic.twitter.com/SkDU89PZsN

(PDF Document) A study of Machete Cyber Espionage Operations in Latin America: https://www.virusbulletin.com/uploads/pdf/magazine/2019/VB2019-Valeros-etal.pdf … #cybersecurity #security #espionage #malwarepic.twitter.com/x8RGCwGEih

Slides from my presentation at the excellent DC2711 (@defcon2711) in Johannesburg follow again: http://www.blackstormsecurity.com/docs/DC2711.pdf  #malware #reversing #security #dc2711pic.twitter.com/GhxNongYE3

(interesting slides) Pool Fengshui in Windows RDP Vulnerability Exploitation: https://github.com/ga1ois/BlueHat-2019-Seattle/blob/master/Pool%20Fengshui%20in%20Windows%20RDP%20Vulnerability%20Exploitation%20-%20submission.pdf … #exploitation #windowspic.twitter.com/WqvOu9islQ

As I've promised, slides from my presentation at BHACK Conference 2019 follow below: http://www.blackstormsecurity.com/docs/BHACK_2019.pdf … Next year I'm planning to speak about other very interesting topics over the year. :) #malware #security #dotnet #reversing #windbgpic.twitter.com/BFPIRRyqAc

Diving Deep into a pwn2own winning webkit bug: https://www.zerodayinitiative.com/blog/2019/11/25/diving-deep-into-a-pwn2own-winning-webkit-bug … #exploitation #reversingpic.twitter.com/YTDnn3YZPG