cryptaxRE: https://infosec.exchange/@PagedOut/115315462232710825
PagedOut #7 is out. I recomment page 66 ;-)
The slides I presented last Saturday at Barbhack are available here: https://www.fortiguard.com/events/6189/barb-hack-2025-decompile-linux-malware-with-r2ai
I've already presented on r2ai. What's new here is (1) the analysis of a complex ransomware such as Linux/Trigona, and (2) learn to tweak context size, output token limits etc to get the best out of your LLM.
Enjoy!
NB. One of the demos is available here: https://asciinema.org/a/pBPEaJhp6cunWSKFpBUDTgPt4
Publications | FortiGuard Labs
<p>This talk presents 2 different Linux malware:</p><ul><li><p>a shellcode, named Linux/Shellcode_ConnectBack.H!tr. The binary is small and compact, but traditional disassemblers like Ghidra fail to produce understandable decompiled code. With AI assistance in Radare 2, we manage to get far better code. There are few things to fix in the code though.</p></li><li><p>a ransomware, named Linux/Trigona. This binary is bigger and more complex. We analyze with AI, but there are several technical issues due to its size, because the AI context is too big. We show how to workaround the issue, by configuration of r2ai, adequate choice of model, different prompts and different approaches.</p></li></ul>
I've very happy to speak at Barb'hack on Saturday.
barbhack.fr/2025/fr/conf...
There will be 2 demos.
One live.
One recorded - simply because I don't have the guts to do it live ;P
We reverse engineer Linux/Trigona and Linux/Shellcode with radare2 + AI + HI
HI standards for Human Intelligence ;P
I've recently setup a LM Studio server, with several models including gpt-oss. I can use it from my disassembler, here to analyze a Linux/Trigona sample.
https://www.youtube.com/watch?v=rWTuhDbn4Gc
Explanations in this blog post:
https://cryptax.medium.com/r2ai-with-lmstudio-and-gpt-oss-08efa5ea2476
#radare2 #AI #LMstudio #gpt #trigona #malware #linux
cc: @radareorg
r2ai uses gpt-oss through LM Studio for binary analysis
My blog post on how AI is reshaping malware and malware analysis is out : https://www.fortinet.com/blog/threat-research/catching-smarter-mice-with-even-smarter-cats
Examples on Linux/Trigona, Linux/Prometei, Linux/Ladvix and Android/SpyLoan.
Enjoy.
KimboMikhail Pavlovich Matveev alias Wazawaka est détenu par les autorités russes
Le célèbre programmateur et auteur présumé de nombreuses attaques dites informatiques est détenu par les autorités russes. Son arrestation s'affiche dans la continuité du procès de quatorze personnes appartenant au ransomware REvil.
Wazawaka est également recherché par le FBI pour de multiples attaques sur le sol américain.
https://librexpression.fr/wazawaka-arrete-a-kaliningrad
#babuk #conti #cyberattacks #databreach #europe #hive #informatique #librexpression #lockbit #noescape #ransomware #revil #Russie #trigona #USA #wazawaka
(Crédits : Andrew Martin/Pixabay)
Alex WildA Trigona stingless bee gathers nectar and pollen from a coral flower. Minca, Colombia.
ITSEC NewsHacking gang leaks documents stolen from Pentagon IT provider - Hackers have released internal documents stolen from one of America's largest IT services... https://www.bitdefender.com/blog/hotforsecurity/hacking-gang-leaks-documents-stolen-from-pentagon-it-provider/ #ransomware #databreach #guestblog #dataloss #pentagon #trigona
RansomLookNew post from #Trigona : South Star Electronics
More at : https://www.ransomlook.io/group/Trigona #Ransomware
More at : https://www.ransomlook.io/group/Trigona #Ransomware