Joined February 2018
- Tweets 2,744
- Following 158
- Followers 15,090
- Likes 2,962
797 Photos and videos
Pinned Tweet
18 Jan 2020
"#ShadowMove: a Stealthy Lateral Movement Strategy" is now available to read
Read if interested to see a new practical lateral movement
usenix.org/conference/usenix…
Demo (TDS (MS SQL) & FTP):
uofi.app.box.com/folder/9302…
Prototype will be released soon
@MITREattack @USENIXSecurity
2
178
362
28 Jan 2024
Years ago I did something creative with fonts... never released it just demoed it to a few..
28 Jan 2024
Fonts are multi-dimensional rabbit holes for me: format-wise, security-wise, design-wise and retro-wise.
Send help?
2
6,550
23 Jan 2024
Lesser known feature of #YaraDbg: you can drag/drop a pass-protected zip file to analyze the file inside. The pass must be "infected"
The decompressed file will be in the memory not on the local filesystem
github.com/DissectMalware/ya…
live: yaradbg.dev
#100DaysOfYara
2
7
31
7,776
13 Jan 2024
Want to run #YaraDbg locally on your system using #Docker?
1⃣ docker pull dissectmalware/yaradbg:latest
2⃣ docker run -p 7071:7071 -p 8081:80 -d dissectmalware/yaradbg:latest
3⃣ browse http://localhost:8081
Want to build the image yourself?
github.com/DissectMalware/ya…
1
10
29
8,250
9 Jan 2024
Loved the idea!
So, I've donated the entire amount collected since activating the feature to St. Jude Children's Research Hospital, although it wasn't that much.
Thank you all who donated : )
stjude.org/donate/donate-to-…
8 Jan 2024
Thanks to all who decide to donate for my open source projects in the past year! The total collected sum will be dedicated to charity.
1
1
12
9,577
8 Jan 2024
#YaraDbg is now open-source (under Apache license v2)!
Frontend: github.com/DissectMalware/ya…
Backend: github.com/DissectMalware/ya…
Live: yaradbg.dev/
#Yara grammar: github.com/DissectMalware/ya…
1
40
69
11,414
8 Jan 2024
Short-term goal: Consolidate the frontend and backend projects.
Long-term goal: Transition to a frontend-only application by eliminating the backend.
1
1
2
5,058
8 Jan 2024
If you are interested to contribute to this project, please reach out!
3
4,959
5 Jan 2024
Remember maldocs with XOR encryption back in 2020?
I crafted a decryptor and integrated it with my msoffcrypto-tool fork 3 years back!
Guess what? it is now merged with github.com/nolze/msoffcrypto… main branch! Tnx @nolze : )
Context: x.com/JohnLaTwC/status/13146… by @JohnLaTwC
9 Oct 2020
ICYMI, looks like a campaign with XOR encrypted XLS with the VelvetSweatshop password. 0 AV detects.
cc/ @BouncyHat
📎virustotal.com/gui/file/0f69…
📎virustotal.com/gui/file/f402…
📎virustotal.com/gui/file/0034…
📎virustotal.com/gui/file/6fd9…
👉x.com/BouncyHat/status/13088…
📄docs.microsoft.com/en-us/ope…
2
4
6,229
2 Nov 2023
Thrilled to announce my move to @Amazon as a senior security engineer! Leaving the amazing team at @Microsoft was a tough call—they're truly incredible people. However, I'm buzzing with excitement for this new chapter and the opportunities it holds.
3
34
9,596
13 Jul 2023
.@virustotal added a new #yara editor with syntax highlighting, autocomplete, rule templates, ... :)
blog.virustotal.com/2023/07/……
#YaraDbg is not done, will definitely continue to extend it more
yaradbg.dev
26 Apr 2023
The #yaradbg editor offers advanced features such as autocomplete (keywords, rulenames, strings) and reference display (shift F12), which can greatly enhance the coding experience for analysts.
Here is a short demo
yaradbg.dev
1
4
33
12,020
Malwrologist retweeted
30 May 2023
This 3 minute neck drill will change your life:
454
6,725
46,458
11,119,090
26 Apr 2023
The #yaradbg editor offers advanced features such as autocomplete (keywords, rulenames, strings) and reference display (shift F12), which can greatly enhance the coding experience for analysts.
Here is a short demo
yaradbg.dev
18
55
25,316
21 Apr 2023
#yaradbg v0.0.3 is out
1⃣ New yara editor: syntax highlighting, showing evaluation res inline, autocomplete, ...
2⃣ You can upload pass-protected zip containing malware directly (pass must be" infected")
Not sure who uses it but ping if you do, enjoy :)
yaradbg.dev/
2
87
212
37,261
12 Mar 2023
One of my former colleagues/friends and his wife are killed by a stalker.
Milad was a gifted software engineer and also a super nice person.
Such a huge loss
Life is too short...
cbsnews.com/amp/news/podcast…
3
3
10,129
13 Feb 2023
#pyOneNote v0.0.1 is now on #PyPI
pip install pyonenote
It prints:
1⃣ header fields
2⃣ all metadata (i.e. all PropertySets such as jcidEmbeddedFileNode, jcidImageNode)
3⃣ embedded files
and also dumps all embedded files
github.com/DissectMalware/py…
related x.com/DissectMalware/status/…
6 Feb 2023
Let me introduce you to #pyOneNote v0.0.1; a pure python library to parse #one file format:
github.com/DissectMalware/py…
Covers 20 out of 38 FileNode types
E.g.: .one in 835239c095e966bf6037f5755b0c4ed333a163f5cc19ba0bc50ea3c96e0f1628
x.com/ffforward/status/16211…
7
37
113
43,050
13 Feb 2023
HT @D00m3dR4v3n and @matte_lodi for the PRs, thank you : )
* If you have cycle and can, please contribute to this project. You can DM me if you want.
1
2
3
6,601
13 Feb 2023
fun fact about #pyOneNote v0.0.1 release:
parse_filetime, time32_to_datetime, and half_inch_size_to_pixels methods in PropertySet are generated by #OpenAI #Chatgpt3
parse_filetime: github.com/DissectMalware/py…
1
3
6,590
6 Feb 2023
Let me introduce you to #pyOneNote v0.0.1; a pure python library to parse #one file format:
github.com/DissectMalware/py…
Covers 20 out of 38 FileNode types
E.g.: .one in 835239c095e966bf6037f5755b0c4ed333a163f5cc19ba0bc50ea3c96e0f1628
x.com/ffforward/status/16211…
2 Feb 2023
Speaking of which, today we see #IcedID via the same #OneNote template that #qbot actors #TA570 & #TA577 has been using the last few days. New obfuscation in the HTA though.
7
74
156
82,111
6 Feb 2023
* the hash is for a zip file containing a .one doc. please test the script against the .one file.
1
6,403