Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mamot.fr is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mamot.fr est un serveur Mastodon francophone, géré par La Quadrature du Net.

Administered by:

Server stats:

3.2K
active users

mamot.fr: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#shellcode

0 posts0 participants0 posts today
Public
h o ʍ l e t t

are researchers, they just don't know it yet
zetier.com/speedrunners-are-vu

“Super Mario World runners will place items in extremely precise locations so that the X,Y coordinates form they can jump to with a dangling reference. Legend of : Ocarina of Time players will do heap grooming and write a pointer […] so the game “wrong warps” directly to the sequence… with nothing more than a and a steady

Zetier · Speedrunners = vulnerability researchersVideo game enthusiasts are developing experience in the cybersecurity industry by accident. Discover how gaming skills can translate into intriguing careers.
#Mario
Public
OTX Bot

Analysis of malicious HWP cases of 'APT37' group distributed through K messenger

The report details a sophisticated APT attack targeting South Korea, utilizing spear-phishing techniques and malicious HWP files distributed through a popular Korean messenger service. The APT37 group exploited trust-based tactics, using compromised accounts to spread malware through group chats. The malicious files contained OLE objects that executed PowerShell commands and shellcode, ultimately deploying the RoKRAT malware. This file-less attack method allowed for information gathering and potential remote control of infected systems. The attackers used pCloud for data exfiltration and command-and-control communication. The report emphasizes the importance of endpoint detection and response (EDR) systems to combat such evolving threats.

Pulse ID: 67a38d686710526e35f1ff4d
Pulse Link: otx.alienvault.com/pulse/67a38
Pulse Author: AlienVault
Created: 2025-02-05 16:10:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#APT37#Cloud#CyberSecurity
Public
Alexandre Borges

The nineth article (38 pages) of the Malware Analysis Series (MAS) is available on:

exploitreversing.com/2025/01/0

I would like to thank Ilfak Guilfanov @ilfak and @HexRaysSA (on X) for their constant and uninterrupted support, which have helped me write these articles.

Even though I haven't been on this subject for years, I promised I would write a series of ten articles, and the last one will be released next week (JAN/15).

Have a great day.

#shellcode#malware#reverseengineering
Public
Alexandre Borges

The nineth article (38 pages) of the Malware Analysis Series (MAS) is available on:

exploitreversing.com/2025/01/0

I would like to thank Ilfak Guilfanov @ilfak and @HexRaysSA (on X) for their constant and uninterrupted support, which have helped me write these articles.

Even though I haven't been on this subject for years, I promised I would write a series of ten articles, and the last one will be released next week (JAN/15).

Have a great day.

#windows#shellcode#malware
Public
OTX Bot

New Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps

A command-and-control framework called Winos 4.0 is being distributed through gaming-related applications, targeting Chinese-speaking users. The malware, rebuilt from Gh0st RAT, uses a multi-stage infection process involving fake BMP files, DLLs, and shellcode. It can harvest system information, capture clipboard content, gather cryptocurrency wallet data, and enable backdoor functionality. Winos 4.0 also allows for additional plugins to capture screenshots and upload sensitive documents. The framework is considered powerful, similar to Cobalt Strike and Sliver, and exploits users' trust in game optimization tools to deploy deep system control.

Pulse ID: 672b979f1d0eddf91c9a721d
Pulse Link: otx.alienvault.com/pulse/672b9
Pulse Author: AlienVault
Created: 2024-11-06 16:21:51

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#BackDoor#Chinese#Clipboard
ExploreLive feeds
About