evandrix

Minor updates: - Near completion of Windows malcode collection - Additional VX libraries will be added soon - Linux malcode in queue - 12% of Malware samples sanitized - APT collection still in progress Big news coming soon. More updates to come tomorrow. 1luv -smellypic.twitter.com/HCWF55nWF2

@FireEye/@Mandiant #FLARE #AdvancedPractices is hiring a Sr Security Researcher to join the team! https://smrtr.io/4n-Qd  #infosecjobspic.twitter.com/lb8jEBD4As

Want to classify process injection by Windows API calls? Check out the new poster made by @MalFuzzer and me! #ProcessInjection #MalwareAnalysis #CheatSheet #Poster https://malwareanalysis.co/ pic.twitter.com/uLN81TUCBd

capa v1.3 released with a bunch of new stuff, including mappings to @MITREcorp Malware Behavior Catalog (MBC) 2.0 and polish to the IDA Pro plugin by @mehunhoff . Oh, and the library on PyPI! Seven new contributors added rules, features, and bug reports! https://github.com/fireeye/capa/releases/tag/v1.3.0 …pic.twitter.com/4jNP1zMBOu

I've just uploaded my slides from @x33fcon for anyone who's interested https://github.com/mdsecresearch/Publications/blob/master/presentations/Offensive%20Development%20-%20Post-Exploitation%20Tradecraft%20in%20an%20EDR%20World%20-%20x33fcon%202020.pdf …pic.twitter.com/D6TcJkkK5O

Today in AV evasion, Microsoft didn't try very hard to find @taviso 's ctftool.exe. A story in three parts:pic.twitter.com/LfdKDmT8ZI

#vbs #Sload use fake functions for increasing entropy, this replace by regex by a rotation of the same characters (@,^,),*,#,(,!) the content for getting the path and all commands to perform.This uses a folder as kill switch (created by the second stager downloaded and executed).pic.twitter.com/tggzYD5BH7

oh dear god this capcom.sys has an ioctl that disables smep and calls a provided function pointer, and sets SMEP back what evenpic.twitter.com/jBCXO7YtNe