I think this wasn't mentioned on the Fediverse yet, so here we go: https://malshare.com is back up! If you've never heard of it: It's an openly developed and cost-free malware repository. As a resarcher, you can register an account and upload and download malware samples to share with other researchers. You only need an email address (feel free to use a throw-away). This sadly became necesarry btw to avoid abuse.

Anyway, we've been hard at work to discuss scope (and reduce it), did some spring cleaning, and automate as much as possible.

A couple of changes:
* CI/CD via github actions
* got rid of YARA scanning
* allowed URL submissions
* got the daily digest working again

Esp. not scanning with YARA anymore was a hard decision. Because without that, it's really just SHA256s. But it's surprisingly hard to run YARA at scale. And in the end, we figured: before there's no MalShare, let's have one without YARA.

We also centralized all issue tracking on https://github.com/Malshare/MalShare/issues. There were issues over 4 years old. We've addressed a couple and the plan is to not let it come to this in the future. Speaking of: please reach out if you want to get involved, we are not that many people and can use any help. There's also donation options to cover hosting cost (we have a lot of malware...).

I wouldn't necessarily call it a treasure trove but I have a bunch of raw notes on all kinds of technical topics. Some of those are quite obscure and at least at the time I couldn't find any other source on the open web documenting that stuff. Generating form letters in Word on Windows from a web app via protocol handlers and PowerShell — to give an example from to top of my head.

I also run a blog at https://ntf.sh with some friends. So I do have a self-hosted established way of publishing this kind of stuff. And finally, like everyone on the planet, I have limited time. Assuming that I'll simply not publish any of this without help from AI, what does my bubble here think I should do? (I know some of you are quite opposed to using AI for content production).

Also happy to hear alternative solutions as responses here! But just publishing those notes (as is or with some light manual editing) is not an option: They might contain specifics I can't talk about publicly and are also just too much written in my "brain language" to be comprehensible by anyone else.

Two scenarios possibly resulting from today's Claude Code source code leak¹:

1. Attackers study the built-in permission system to figure out how to bypass it. Claude Code is the target here. It is strange that the software requesting permission is the same that enforces security boundaries, anyway.

2. Attackers distribute custom builds that
do nasty stuff like stealing API keys, running commands, backdooring code. Here, a specially crafted Claude Code is the attack vector.

¹: https://x.com/Fried_rice/status/2038894956459290963

heise+ | Binary Refinery: Allrounder für die Malware-Analyse

Mehrere Analyseschritte in einem einzigen Befehl? Für Binary Refinery kein Problem. Wir stellen das kostenlose Kommandozeilen-Toolkit für Profis vor.

https://www.heise.de/hintergrund/Binary-Refinery-Allrounder-fuer-die-Malware-Analyse-11184502.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#IT #Linux #Malware #Security #Windows #news