Raffaele Sabato

@syrion@infosec.exchange
27 Followers
39 Following
4 Posts
Offensive Security, Malware, Reverse Engineering and Apple Security. Opinions are my own.
Raffaele SabatoNov 9, 2024
I’m very excited to share our new ‘BlueNoroff Hidden Risk’ blog post, based on work done by @philofishal, @hegel and me. https://s1.ai/BNThief
BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence

SentinelLabs has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware.

SentinelOne
Raffaele SabatoMay 6, 2024

CVE-2024-34456: Trend Micro Antivirus One Dylib Injection

https://syrion.me/CVE-2024-34456-trend-micro-antivirus-one-dylib-injection

#applesecurity #macossecurity #macosredteam

CVE-2024-34456: Trend Micro Antivirus One Dylib Injection

During a red teaming activity, we gained access to a company MacBook; the Trend Micro Antivirus One software was running and prevented us from running our tools without being detected.

Syrion
Raffaele SabatoApr 20, 2024

Gold Pickaxe iOS Technical Analysis: IPA Overview and C2 Communication Start up

https://syrion.me/goldpickaxe-technical-analysis-ipa-c2/

#iossecurity #mobilesecurity #applesecurity #malware #malwareanalysis #reverseengineering

Gold Pickaxe iOS Technical Analysis: IPA Overview and C2 Communication Startup

In February 2024 Group-IB wrote a blog post about a mobile Trojan developed by a Chinese-speaking cybercrimine group called Gold Pickaxe.

Syrion
Raffaele SabatoMar 14, 2024

Check out my #atomic #macos #stealer (#amos) #malware #analysis.

https://syrion.me/atomic-macos-stealer-amos-analysis/

Atomic macOS Stealer (AMOS) Analysis

Hello everybody, this is my first macOS malware analysis, I took a sample from malwarebazaar and tried to reverse it, the sample was uploaded by Cryptolaemus1 on 14 Feb 2024.

Syrion
Raffaele SabatoNov 7, 2022

I wrote a blogpost about the #qakbot 'BB' configuration and c2 decryption.

https://syrion.me/malware/qakbot-bb-extractor

QAKBOT BB Configuration and C2 IPs List

This is my first malware blog post, hope it will be useful to someone, I’ll not go deeper in the malware details because there are plenty of detailed reports related to QAKBOT. I’ll describe how the malware changed its resource decryption mechanism and report some IoCs.

Syrion