I am excited, my talk about #ThreatIntelligence and #MalwareAnalysis is also there. Saturday 14:00 Such an honor for me 🙂 #DEFCON #DC29

📢📢📢 Ladislav Bačo is back for round two! On March 11, Ladislav Bačo shares practical approaches for integrating network forensics into IR workflows, with perspectives for home and small office networks. Register: us02web.zoom.us/webinar/regi… #Suricata

Join me on Wednesday to see how to build your own home network monitoring setup under $100. Traffic capture, IDS, lightweight SIEM and alerting included.

We’ve identified an interesting malware family 🔍, which we’ve named #GrokPy due to its use of a Grok LLM model 🤖 to solve and subsequently bypass CAPTCHAs 🔥 The malware gets dropped by #Amadey and: 🪝 collects information about the infected device, such as screen resolution, public IP & location, ram usage and CPU name 💻 attempts to escalate privileges by running as admin or as a scheduled task ⚙️ uses the CDP (Chrome developer protocol) of either Edge or Chrome installed on the victim machine for further malicious actions 📡 calls back to the botnet C2 on the various stages of the infection and the results of its malicious actions 👱 creates new accounts on Discord to obtain authentication tokens, which are then reported back to the botnet C2 📧 uses dilly [a-zA-Z0-9]{8,11}@gmail.com password [a-zA-Z0-9]{8} as the email and password for the Discord registration process 🔍 has OCR capabilities for screenshots obtained via CDP, which are used to extract text from captcha 🤖 uses a Grok LLM model that resides in the botnet C2 server to solve the captcha Botnet C2 servers are all hosted at @Hetzner_Online 🇩🇪on port 8008 TCP: 46[.]62.225.51 [active] 46[.]62.224.205 46[.]62.205.38 GrokPy malware samples on MalwareBazaar: 📄bazaar.abuse.ch/browse/signa… Botnet C2s on ThreatFox: 🦊threatfox.abuse.ch/browse/ta…

✨This weekend syncs with the first week of the Advent of Radare! Take some weekend time to catch up with the challenges and learn new features and syntax tricks! radare.org/advent #aor24

All the workshop recordings and slides from #r2con2024 are now edited and published. If you didn't had a chance to attend now it's a good time to catch up starting right from the very first day! 👉 radare.org/con/2024/

During the #SharkBytes session at #SharkFest conference I had an opportunity to present a short talk about my pet project IDS Lab. The lab infra is deployable as #docker containers, used for attack simulations and detections. github.com/SecurityDungeon/i… #sf24eu @wiresharkfest

That looks powerful, but still very simple to use. And it is primary for Tiny C compiler #tcc, which is also one of the projects worth the attention. #reversing #reverseengineering #codeanalysis #obfuscation #malwareanalysis

🎉 As #CyberSecurityAwareness Month comes to an end, we’re celebrating by sharing some of our awesome friends! 💡Follow them for insightful cyber tips and great analyses. Here’s the list, in no specific order: @James_inthe_box @M4lcode @RussianPanda9xx @BlueEye46572843 @JAMESWT_MHT @ericparker @akaclandestine @Ax_Sharma @petikvx @g0njxa @executemalware @kondah_ha @fr0gger_ @NicoKnowsTechYT @embee_research @RacWatchin8872 @lennyzeltser @Gi7w0rm @jstrosch @_JohnHammond @malwarelab_eu This list is just the beginning — feel free to drop your own cybersecurity profiles in the comments!

Recent @tryhackme room inspired me to publish blog about Decryption of #SMB traffic Summarized 3 methods of decryption in #Wireshark: - with user password - with NTLM hash - without them, just by cracking the captured #network traffic malwarelab.eu/posts/tryhackm… #cryptography

Is it really 8th birthday of @anyrun_app?🎂 I can remember my beginnings with this #sandbox. It was quite different from other sandboxes: it was interactive and so fast. Its evolution was significant since then and now there is a special deal until May 31: app.any.run/plans/