Malware analysis : outils ou état d'esprit ?
Les outils changent, les techniques évoluent — mais la capacité à raisonner sur un comportement inconnu reste le cœur du métier. Un sandbox ne remplace pas la compréhension de ce que le code *tente* de faire, ni pourquoi il le cache.
L'outillage facilite. L'analyse, elle, reste un muscle à entretenir. 🧠
#infosec #MalwareAnalysis #BlueTeam
https://www.secjuice.com/malware-analysis/
🚀 OhMyPCAP 4.0.0 is HERE!
The ultimate FOSS PCAP analyzer just got a massive upgrade for deeper file intelligence.
New in v4.0:
• Upgraded to YARA Forge Full ruleset — more comprehensive malware & threat detection
• Exiftool + rich file metadata analysis — get more file information even if there are no YARA matches
All the power you love is still here:
Suricata alerts, file alerts, Sankey diagrams, full-text search, ASCII transcripts, hexdumps, stream carving + single Docker/Podman container (perfect for air-gapped or quick spins).
Ideal for malware analysis, incident response, threat hunting, forensics & teaching.
Who’s pulling this version right now? Drop a ❤️+ reply with your main use case (malware samples? CTFs? real-world incidents? teaching?)
#PCAP #DFIR #Cybersecurity #Infosec #BlueTeam #ThreatHunting #Suricata #YARA #MalwareAnalysis
From WOMEN.dll dropper → Sleestak infrastructure:
Multi-stage JScript + PowerShell loader with AES-256 + XOR, process hollowing into aspnet_compiler.exe, Microsoft-spoofed scheduled task (logon trigger), and exposed daily-rotating payload directories on open index listing.Full chain analysis, builder artifacts, IOCs here: https://medium.com/@darkjstr/tracking-a-live-heracles-rat-campaign-from-women-dll-to-sleestak-infrastructure-7545df27646a
#HeraclesRAT #ThreatIntel #MalwareAnalysis #CyberSecurity #InfoSec #DFIR #CTI #ReverseEngineering #RAT #Sleestak
New IOCs observed from breached threat actor logs:
mavpaprokla[.]lat
smackit[.]lat
Recommend:
• Block/sinkhole at DNS and proxy layers
• Hunt across DNS, HTTP/S, EDR, and firewall telemetry
• Check for historical resolutions and outbound connections
• Review related infrastructure, certificates, and passive DNS pivots
If seen in your environment, treat as potentially malicious pending further enrichment.
#ThreatIntel #IOC #IOCs #CyberThreatIntelligence #DFIR #BlueTeam #SOC #ThreatHunting #Malware #Infosec #CyberSecurity #OSINT #DetectionEngineering #IncidentResponse #CTI #NetworkSecurity #DNS #ThreatResearch #CyberDefense #SIEM #EDR #MalwareAnalysis
New write-up: Weak SecOps exposed a ClickFix admin dashboard.
This investigation highlights exposed backups, hardcoded API keys, weak upload validation, and how stolen WordPress credentials were used to spread malware in a worm-like ClickFix campaign that is still active.
Read here:
https://potato.id/en/posts/weak-secops-exposed-clickfix-dashboard/
#CyberSecurity #Infosec #DFIR #ThreatIntelligence #ThreatHunting #IncidentResponse #MalwareAnalysis #WebSecurity #WordPressSecurity #OSINT #C2 #MalwareCampaign #SecOps #tech
retoolkit 2026.04 for #malwareanalysis and #reverseengineering on #windows is out! New tools: dz6, Frida, Firefox, PPEE (Puppy), and Wireshark.
Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you. Article Link: https://www.youtube.com/watch?v=ZVmpK-9rP0Q
Un "Guest Diary" sur le danger de Libredtail — un outil qui, selon l'analyse, peut glisser vers des usages malveillants selon la configuration. 🧐
C'est fascinant comme certains outils vivent dans un espace ambigu : légitimes dans un contexte, problématiques dans un autre. La frontière est souvent dans l'intention... et dans les logs. 📋
#infosec #MalwareAnalysis #BlueTeam
https://malware.news/t/danger-of-libredtail-guest-diary-wed-apr-29th/106534
[This is a Guest Diary by James Roberts, an ISC intern as part of the SANS.edu BACS program] Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you. Article Link: Danger of Libredtail [Guest Diary] - SANS Internet Storm Center
We're excited to announce that the Call for Trainers is now OPEN for DEF CON Training Middle East!
Are you passionate about cybersecurity, hacking, and hands-on learning? Do you have expertise in emerging threats, defensive strategies, or cutting-edge security techniques? We want to hear from you!
Visit training.defcon.org to submit your trainer application for a two-day or three-day course by May 9, 2026.
https://training.defcon.org/pages/2026-middle-east-call-for-trainers
#DEFCON #DEFCONTraining #Cybersecurity #Training #Hacking #InfoSec #SecurityCommunity #DEFCONMiddleEast #AI #RedTeam #BlueTeam #DigitalForensics #CyberTalent #MalwareAnalysis
🧠 Agent Tesla Daily Report
⬇️ Trend: declining (28%)
📊 17 new samples
🌐 0 C2 servers
Full analysis, IOCs, and hashes:
https://www.yazoul.net/malware/agent-tesla/reports/2026-04-21
Bobe'bot on security
Doug Burks
DarkJstr
laztname
Fernando Mercês
DEF CON
Yazoul - Cybersecurity Alerts