Yazoul - Cybersecurity Alertsπ§ Formbook Daily Report
β‘οΈ Trend: stable (9%)
π 8 new samples
π 55 C2 servers
Full analysis, IOCs, and hashes:
https://www.yazoul.net/malware/formbook/reports/2026-04-07
security_research_2025https://archive.org/details/500ms-supply-chain-verification-toolkit
The name references Andres Freund's 500ms SSH delay that uncovered the
XZ backdoor.
The core finding: JsonSchema.Net.dll shipped in Microsoft's
DesktopAppInstaller has a SHA256 that doesn't match any official NuGet
release. It has a PE timestamp of year 2095. And it's signed by
Microsoft's HSM.
You can verify this on your own Windows 11 machine without downloading
anything from me:
Get-FileHash "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller*\ConfigurationRemotingServer\JsonSchema.Net.dll"
Compare with NuGet official: https://www.nuget.org/packages/JsonSchema.Net/7.2.3
The toolkit also includes anomalies in Google's cloudcode_cli (104K
internal refs) and Intel's IGCCTray (GCP data exfil in a graphics driver).
π 500ms β Supply chain anomalies in Windows 11 default binaries
JsonSchema.Net.dll in Microsoft DesktopAppInstaller:
β Hash β any official NuGet release
β PE timestamp: year 2095
β Signed by Microsoft HSM post-modification
Verify on YOUR OWN Windows 11 (no download needed):
Get-FileHash "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller*\...\JsonSchema.Net.dll"
Compare: nuget.org/packages/JsonSchema.Net/7.2.3
#infosec #supplychainattack #malwareanalysis #microsoft #cybersecurity #threatintel #windows11 #forensics
500ms β Supply Chain Verification Toolkit : Anonymous Security Researcher : Free Download, Borrow, and Streaming : Internet Archive
500ms β Supply Chain Compromise Verification ToolkitNamed after Andres Freund's 500ms that uncovered the XZ backdoor.Three binaries from a standard Windows...
π§ AsyncRAT Daily Report
β¬οΈ Trend: declining (62%)
π 3 new samples
π 100 C2 servers
Full analysis, IOCs, and hashes:
https://www.yazoul.net/malware/async-rat/reports/2026-04-06
π§ QuasarRAT Daily Report
β¬οΈ Trend: declining (46%)
π 5 new samples
π 0 C2 servers
Full analysis, IOCs, and hashes:
https://www.yazoul.net/malware/quasar-rat/reports/2026-04-04
π§ Agent Tesla Daily Report
β¬οΈ Trend: declining (54%)
π 10 new samples
π 0 C2 servers
Full analysis, IOCs, and hashes:
https://www.yazoul.net/malware/agent-tesla/reports/2026-04-04
π§ Vidar Daily Report
β¬οΈ Trend: declining (39%)
π 19 new samples
π 100 C2 servers
Full analysis, IOCs, and hashes:
https://www.yazoul.net/malware/vidar/reports/2026-04-03
kriware 
FLARE Learning Hub
Free hub with reverse engineering, malware analysis, labs, and debugging modules for hands-on Windows x64 training.
BSidesLuxembourgBSides Luxembourg talk announcement!
π§π¨ π‘π’π§ π¦π’ πππ₯π πππ¦π¦: π§ππ ππππππ‘ πͺπ’π₯ππ π’π πππ‘π¨π« π£πππππ₯π¦ ππ‘π πππ§πππ§ππ’π‘ πππππππ‘πππ¦ - π ππ¦π¦ππ π’ πππ₯π§π’ππππ π‘οΈπ
Linux packers and loaders are a sneaky blind spot in cybersecurity. They hide code with encryption and obfuscation, then run it straight from memory to dodge detection. This talk dives into the βhARMlessβ ARM64 packer, showing off tricks like layered encryption and direct syscalls, while exposing a harsh truth: many defenses on Linux barely see it coming.
Massimo Bertocchi https://pretalx.com/bsidesluxembourg-2026/speaker/SU38N8/ Massimo Bertocchi is a ZΓΌrich-based Threat Hunter and Detection Engineer with dual Masterβs degrees from KTH Royal Institute of Technology and Aalto University, recognized for his award-winning research uncovering covert C2 channels in Microsoft Teams that enable high-speed data exfiltration and expose critical gaps in enterprise security monitoring.
π
Conference dates: 6β8 May 2026 | 09:00β18:00
π 14, Porte de France, Esch-sur-Alzette, Luxembourg
ποΈ Tickets: https://2026.bsides.lu/tickets/
π
Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/
#BSidesLuxembourg2026 #CyberSecurity #ThreatHunting #MalwareAnalysis #CloudSecurity #DetectionEngineering
Michael ParkerTried to book a bar. Ended up reverse engineering a malware campaign instead.
A fake "Cloudflare verify" page copied an obfuscated PowerShell loader to my clipboard. So I broke it down:
XOR-obfuscated script
Payload delivery
RedCap infostealer analysis
REMnux, Ghidra & Hybrid Analysis
Also watched the infrastructure get taken down mid-write-up.
First time doing any RE
https://blog.michaelrbparker.com/post/17
(Still haven't booked that drink.)
ΰ€Έΰ₯ΰ€°ΰ₯ΰ€¨ΰ₯ΰ€¦ΰ₯ΰ€° β’ Surendrajatπ Just released smali-lsp!
A Language Server for Smali with:
β’ Goto definition
β’ Cross-references
β’ Symbols & hover
β’ Works with any IDE (minimal setup)
Also includes an MCP server β plug into AI agents for faster APK analysis π€
π https://github.com/Surendrajat/smali-lsp
#AndroidDev #ReverseEngineering #MalwareAnalysis #LSP #InfoSec #RE #security #dalvik
