🚀You can now search for malware families, releases, techniques, and code snippets, including archives on Malware Gallery: malwaregallery.com #InfoSec #Malware #DFIR

cf : @fr0gger_

Remember, for the "veterans" among us, when we used to call those piece of arts "Trojans" (even though it wasn’t always accurate)? With the support and blessing of MegaRat (creator of Mega Security, now back online), I've launched malwaregallery.com/archive , a full reconstruction of Mega Security but in more modern and user-friendly. Dive back into the past and relive that artistic vibe many of us still miss! (If you prefer, you can still browse the original version of Mega Security, which remains preserved in its vintage form the good old days) #malware #infosec #virus #trojan

Just received my copy of « Evasive Malware » by Kyle Cucci (@d4rksystem) @nostarch ! If you're looking to deepen your understanding of malware evasion techniques, this book is a must-read. Can’t wait to dive into every single page! #malware #infosec #offsec

🚀This is a significant milestone for Arcane: I've successfully captured the secure desktop (auto desktop switching from default to winlogon) without the need for a separate process or third-party tool. This achievement requires the Arcane Server to run as the SYSTEM user, which can be easily accomplished using the PowerRunAsSystem script or module. Next is to implement input control for secure desktop switching (for mouse and keyboard). I have a plan in mind, but it's more complex than it sounds. I'll do my best to make it work. If you want to test it, please use the "dev" branch of both Arcane Viewer and Arcane Server from the official GitHub repositories.

The first version of Arcane, formerly known as PowerRemoteDesktop is now available. For those unfamiliar with the project, Arcane is a fully functional remote desktop server for Windows, entirely written in PowerShell. I've now migrated the viewer/client to Python with a graphical interface powered by Qt (PyQt6) to finally be cross-platform (Windows, macOS, and Linux): github.com/PhrozenIO/Arcane

DLest v3.0 has been released with numerous new features, including performance improvements, process spy (for debugging processes and listening for DLL load events), a file hashing tool, anonymous export function enumeration and an improved filtering system. If you are not yet familiar with this tool, I invite you to visit its repository (🤩It's 100% open-source ) : github.com/PhrozenIO/DLest

🌟Pleased to announce the release of the second part of my Understanding Malware Patching series! This time, we talk about Application Resources as a malicious vector. The lengthy article is accompanied by a bonus project that demonstrates how a threat actor could leverage genuine Bitmap files to store malicious shellcode. This is achieved through an easy-to-understand steganography technique, encoding the shellcode into bitmap pixels for retrieval and execution. medium.com/phrozen/understan… #InfoSec #Malware #DFIR #OffSec

👽 A new technique, named "FuncIn", has been integrated to #UnprotectProject, showcasing a sophisticated evasion technique with a working open-source demo. In short, FuncIn employs a payload staging strategy, diverging from the conventional method where all malicious functionalities are embedded within the malware file or stored in a third-party file/network location, such as a web server. Rather, with FuncIn, these functionalities are transmitted over the network selectively, triggered by the Command and Control (C2) server as needed. unprotect.it/technique/funci… Cf: @fr0gger_ #Malware #DFIR #Evasion

In the past, our "Malware Retrospective" series has thrown light on some well-known Trojans like SubSeven and 👽 Beast, names that almost anyone in the Cyber Security field would recognize. However, today, we venture off the beaten path to look at a lesser-known yet highly intriguing VB6 Remote Access Trojan, PrjRAPTOR: darkcodersc.medium.com/a-mal… #InfoSec #Malware #CyberSecurity

🛸 Introducing "Malware Gallery" - A living museum of "trojan/malware's" most infamous masterpieces from past decades! Currently in BETA. The collection will grow over time (many) so stay tuned! Feedback & suggestions really appreciated! phrozen.io/malware-gallery/

Best Malware author comment so far 🤣 - Quoted from SubSeven 2.2 source code.

Who remember or still use that old trick 😂 ?

🕵️Step into the world of #Malware history with my latest article! Uncover the secrets of #SubSeven, the game-changing Remote Access Trojan of the early 2000s. Hear from the elusive creator, Mobman, and discover how this software continues to inspire: darkcodersc.medium.com/a-mal…

🛸👽 Interested in C2 over FTP(S)? Explore my new project, SharpFtpC2, which enables execution of shell commands on remote systems via FTP(S). Currently in beta and lacking encryption, but it's on the way: github.com/DarkCoderSc/Sharp… #InfoSec #Malware #Network #Evasion #FTP

🚀 I just published the first article in my Malware retrospective series, kicking off with the notorious Beast RAT. Get ready for a deep dive into its history, impact, and legacy! Check it out here: medium.com/@darkcodersc/a-ma… #Malware #InfoSec #cybersecurity #trojan

👽 Remember the infamous Beast Remote Access #Trojan from the early 2000s? I've recently had the privilege to talk with Tataye, its creator, to relive those thrilling times. Paper coming soon! In the meantime, explore the complete Beast 2.07 UI flowchart: phrozen.io/image/beast-207-u…

🌟 As requested, the #SubSeven Legacy service source code has been released to the official repository: github.com/DarkCoderSc/SubSe…. The project is now entirely open-source.