Red Team tutorial: A walkthrough on memory injection techniques

Infosec Institute –  Infosec Institute –  There are many techniques within the memory injection field. Some are often found in malware or used by security experts to run their material,…

The Value of SubscriptionsBy Jim O’Gorman

We recently announced our new subscription products, Learn One and Learn Unlimited, and we are really excited about the response they have received. These subscription products represent a change from…

BloodyStealer Malware Wreaks Havoc on the Gaming Platforms

Malware attacks go on with one more hit. This time, targets are gaming platforms. This new malware is for sale on dark web forums now. Cybercriminals make use of the…

Malware analysis: Ragnarok ransomware

Ragnarok is recent ransomware used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 vulnerability. This article will analyze the details of this ransomware, how it works…

BluStealer: from SpyEx to ThunderFox

Avast –  Avast –  Overview BluStealer is is a crypto stealer, keylogger, and document uploader written in Visual Basic that loads C#.NET hack tools to steal credentials. The family was…

DirtyMoe: Code Signing Certificate

Avast –  Avast –  Abstract The DirtyMoe malware uses a driver signed with a revoked certificate that can be seamlessly loaded into the Windows kernel. Therefore, one of the goals…

Decoding Cobalt Strike: Understanding Payloads

Avast –  Avast –  Intro Cobalt Strike threat emulation software is the de facto standard closed-source/paid tool used by infosec teams in many governments, organizations and companies. It is also…

What is Operation Dream Job by Lazarus?

The Lazarus Group (aka Hidden Cobra) is a threat actor group that has been attributed to the Democratic People’s Republic of Korea (DPRK). The Lazarus advanced persistent threat (APT) group…

Binary Reuse of VB6 P-Code Functions

Avast –  Avast –  Reusing binary code from malware is one of my favorite topics. Binary re-engineering and being able to bend compiled code to your will is really just…

CVE-2021-1815 – macOS local privilege escalation via Preferences

Apple recently fixed three vulnerabilities in macOS 11.3’s Preferences. Although we also reported the vulnerability, it was first found by Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020). Here we presentour…