My intermediate level malware analysis course is there. 60% off for the next two weeks. https://t.co/q16H43ihoF

New blog: Browser Hijacking techniques -- when malware has different preferences than you https://t.co/YABr0KuYgw #GDATA @GDATA #GDATATechblog #BrowserHijacking

CertCentral is now TheCertGraveyard[.]org & CertGraveyard[.]org. The CertCentral API returns an error directing to use the new domains. Please give me a like or a share to get the word out. Also use the site to report and investigate certificates used to sign malware. :)

I added a RenPy archive (.rpa, .rpi) extractor to my tools repo https://t.co/cTUNlHTGZp

Last week, @SophosXOps reported a new packer/crypter called #Shanya (aka #ArmillariaLoader by @ciphertech). We hunted for this packer across our dataset and identified several early, previously unreported samples. The earliest sample observed in the wild dates back to December

Giveaways coming up: - @struppigel sponsoring malware analysis course giveaways for "Malware analysis for hedgehogs" (x10) - @nikhil_mitt sponsoring CRTE(x3) and CARTP(x3) - @HCAdamSec sponsoring 2024, 2025, DEFCON Aerospace village badge and RADIO SAO. These sold out at

Baoloader/TamperedChef paper by @SerkanSirmaci https://t.co/7fiO4VB7Vy

https://t.co/amWPj0XJnP A look into the internals behind a large-scale proxy operation, from the sourcing of IPs to the platform itself. How proxy providers utilize everything from TV boxes to free software for building out a pool of unique proxies.

My colleague Banu wrote about a new infostealer Arkanix https://t.co/UnRvyoQ60P

Final part of the first wave of RPC is live, RPC part8. In this part, I explain how to use IDA to reverse RPC clients and servers, and I show the key structures and methods you need to extract all the important information during the reversing process. https://t.co/lgaE52Uc9P

@vinopaljiri Sample for the video https://t.co/ZePBtP0RuU

🦔📹 New Video: Modifying @vinopaljiri's string decrypter for a ConfuserEx2 variant ➡️ Defeating antis with Harmony hooks ➡️ AsmResolver ➡️ .NET string deobfuscation #MalwareAnalysisForHedgehogs https://t.co/G1mOunwcEq

We spotted a malicious #VSCode (@code) extension today in our artifact-scanning pipeline. It appeared under a name that tries to pass itself off as the popular Material Icon Theme. A new 5.29.1 version was pushed today (28.11., 11:34) and the update contains two Rust implants –

Black Friday offers: ➡️60% off for 2 malware analysis courses (beginner & intermediate) ➡️Or 40% off for single course https://t.co/jGZOa9nEUV

CertCentral is now categorizing malware and adding analyst notes. If these are available, you'll see a button to expand the entry. 600/1700 entries have notes so far and the rest will be updated. Type is available in the CSV export. Both fields are returned by API lookups. 1/2

Lecture on Anti Tamper by Tim Blazytko

🚨NEW python stealer🚨 🛸Drops .pyd in %APPDATA%\Local\Temp\_MEIxxxxx ⚠️Relaunch itself via CreateProcessW Exfil👇 browser cookies and password Discord Steam 📡send data via telegram bot C2: api[.telegram[.org/bot8484778379:AAG_EhhM1Ao139HBPfgfV0zVlMSi-2HfkCM/sendMessage bazaar👇

Writeup of new PDF malware converter: https://t.co/XzSEinPcyt Persistence, remote code execution, browser hijack, obfuscation, and more. #YAPA #EvilAI @SquiblydooBlog @MalasadaTech808 @x3ph1 @SecurityAura

Rhadamanthys loader deobfuscation https://t.co/rDvK0uqgiV

Awesome interview and showcase with Tim Blazytko about obfuscation and deobfuscation. https://t.co/HWvIvtbA9a

Linux kernel rootkit https://t.co/sXg77VcHim