Discover and read the best of Twitter Threads about #RE
Most recents (24)
India's #electricity grid set several record highs Tuesday - there's a heatwave going on.
Per @GridIndia1's MERIT data (via @CSEP_Org's carbontracker.in):
1) Record demand met: ~216 GW
2) Record #coal generation: over 166 GW
📢 3 issues going forward...(short 🧵)
Per @GridIndia1's MERIT data (via @CSEP_Org's carbontracker.in):
1) Record demand met: ~216 GW
2) Record #coal generation: over 166 GW
📢 3 issues going forward...(short 🧵)
Issues:
1) This isn't over - typical annual peaks are in June(ish).
2) The peak was not AM any more, rather, closer to 3 PM
3) Coal's output has been steady near max, with long durations of highs.
These 3 pts have implications as expanded below.
1) This isn't over - typical annual peaks are in June(ish).
2) The peak was not AM any more, rather, closer to 3 PM
3) Coal's output has been steady near max, with long durations of highs.
These 3 pts have implications as expanded below.
1) It will take planning, luck, AND ₹ (or $ = forex!) to prevent blackouts.
Short-term issue is fuel - gas prices ⬆️ & coal imports also ⬆️. Railways is stretched so coal stockpiles at plants are ⬇️.
@IMDWeather forecasts decent monsoon (96%), but the issue is also the timing.
Short-term issue is fuel - gas prices ⬆️ & coal imports also ⬆️. Railways is stretched so coal stockpiles at plants are ⬇️.
@IMDWeather forecasts decent monsoon (96%), but the issue is also the timing.
𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐚𝐧𝐝 𝐑𝐞𝐯𝐞𝐫𝐬𝐞 𝐄𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐢𝐧𝐠 𝐂𝐨𝐧𝐭𝐞𝐧𝐭𝐬 📢
#infosec #Hacking #redteam
#malware #ReverseEngineering
#RE
Awesome Malware and Reverse Engineering
lnkd.in/dZFy_k6d
lnkd.in/dZh9hbpq
#infosec #Hacking #redteam
#malware #ReverseEngineering
#RE
Awesome Malware and Reverse Engineering
lnkd.in/dZFy_k6d
lnkd.in/dZh9hbpq
Awesome Reverse Engineering
lnkd.in/etvePWr
lnkd.in/dh25YEkn
lnkd.in/daEcJEJ9
lnkd.in/ds88s46R
Awesome Malware Analysis
lnkd.in/dh_tMmyY
lnkd.in/e3KJ7rC
lnkd.in/dbn94MUW
lnkd.in/etvePWr
lnkd.in/dh25YEkn
lnkd.in/daEcJEJ9
lnkd.in/ds88s46R
Awesome Malware Analysis
lnkd.in/dh_tMmyY
lnkd.in/e3KJ7rC
lnkd.in/dbn94MUW
Malware API
malapi.io
lnkd.in/djqeN7RS
Malware Analysis and Reverse Engineering
lnkd.in/dXjFkZ7a
Retoolkit
lnkd.in/dwn8bRi3
Malware Bazar
bazaar.abuse.ch
Malware Analysis Journey
lnkd.in/d9B6UGQ8
malapi.io
lnkd.in/djqeN7RS
Malware Analysis and Reverse Engineering
lnkd.in/dXjFkZ7a
Retoolkit
lnkd.in/dwn8bRi3
Malware Bazar
bazaar.abuse.ch
Malware Analysis Journey
lnkd.in/d9B6UGQ8
Il 27 marzo si terrà a Torino l’udienza preliminare del processo #Prisma. All’ex presidente della #Juventus #Agnelli vengono imputati, in condivisione con i dirigenti sportivi #Paratici e #Nedved e amministrativi #Re, #Bertola, #Cerrato e #Gabasio, undici reati (1. segue)
Benchè gli appassionati siano più interessati all’esito dei processi sportivi per sapere quali sanzioni saranno adottate nei confronti della #Juventus (per ora c’è una penalità di -15 in classifica), un’occhiata al penale è utile per capire bene di cosa stiamo parlando (2. segue)
I reati contestati ad #Agnelli e al vecchio Cda, dimissionato d’imperio il 28 novembre scorso, sono molteplici e gravi: e gravi sono anche le pene previste dal codice penale per ognuno di essi. Vi faccio qui una breve rassegna dei principali, con le pene previste (3. segue)
Malware Analysis Tip - Use Process Hacker to watch for suspicious .NET assemblies in newly spawned processes.
Combined with DnSpy - it's possible to locate and extract malicious payloads without needing to manually de-obfuscate.
1/
#Malware #dnspy #analysis #RE
Combined with DnSpy - it's possible to locate and extract malicious payloads without needing to manually de-obfuscate.
1/
#Malware #dnspy #analysis #RE
2/ For anyone wanting to try - The initial sample can be in the link below
Once executed (inside of a safe vm!) - You should see the installutil.exe detailed in the screenshots above.
(Make sure to use Dnspy-x86 for attaching to the process) 😄
bazaar.abuse.ch/sample/b24c75d…
Once executed (inside of a safe vm!) - You should see the installutil.exe detailed in the screenshots above.
(Make sure to use Dnspy-x86 for attaching to the process) 😄
bazaar.abuse.ch/sample/b24c75d…
3/ Sometimes you'll get lucky and the modules will be named much more suspiciously.
See below for an example of a suspected #redlinestealer loader. Which injected multiple modules into a renamed powershell.exe.
bazaar.abuse.ch/sample/7e09174…
See below for an example of a suspected #redlinestealer loader. Which injected multiple modules into a renamed powershell.exe.
bazaar.abuse.ch/sample/7e09174…
Setting up an analysis VM for reverse engineering?
Here are a few good tools (with short demos) that I recommend after running the Mandiant/FLARE script, (which installs 99% of tooling for you) 🔥
TLDR:
Garbageman, SpeakEasy, BlobRunner, Dumpulator
#Malware #RE #Analysis
Here are a few good tools (with short demos) that I recommend after running the Mandiant/FLARE script, (which installs 99% of tooling for you) 🔥
TLDR:
Garbageman, SpeakEasy, BlobRunner, Dumpulator
#Malware #RE #Analysis
2/ This is the Flare script from Mandiant. Simply running this script will install the majority of tools that you would ever need.
As a beginner RE or malware analyst, you can work comfortably using only the tools included in this script.
github.com/mandiant/flare…
As a beginner RE or malware analyst, you can work comfortably using only the tools included in this script.
github.com/mandiant/flare…
3/ Over time I've picked up some other tooling that isn't installed by default by Flare.
These are relatively lesser-known tools that I have found very useful.
These are relatively lesser-known tools that I have found very useful.
Uploaded all my Offensive Security & Reverse Engineering (OSRE) course labs (docx) to my repo found below. Most of them have very detailed instructions and should be great to get you started in Software Exploitation. 1/n
#Offsec #SoftwareExploitation #RE
exploitation.ashemery.com
#Offsec #SoftwareExploitation #RE
exploitation.ashemery.com
The only labs I did not upload, were the RE labs, because most of them were from online CrackMe(s) and from @OphirHarpaz online #RE workshop found below. 2/n
begin.re/the-workshop
begin.re/the-workshop
There is also probably one executable that I need to find the source for it, before I add it to the repo and also once I have time maybe I'll organize it to look better!
I don't think I'll be teaching this anymore and hope they will be useful to someone out there. 3/n
I don't think I'll be teaching this anymore and hope they will be useful to someone out there. 3/n
#QatarGate : La démagogie habituelle des encartés est grotesque!
Alors que cette affaire va dégueler sur TOUS leurs Partis de merde (pléonasme).
Surtout quand leurs "Groupes/Partis" sont pourtant les plus réfractaires aux Débat & Résolution de "SOUPÇONS de Corruption".
1/15
Alors que cette affaire va dégueler sur TOUS leurs Partis de merde (pléonasme).
Surtout quand leurs "Groupes/Partis" sont pourtant les plus réfractaires aux Débat & Résolution de "SOUPÇONS de Corruption".
1/15
Débat & Résolution de "Soupçon de corruption…" #QatarGate demandés par #Aubry #GUE (Gôche Socialo-Communiste, Euro-Soviétique^^) & #Kanko #CRE (Drouate Conservatrice, Euro-Nationaliste) y ajoutant de parler de "Corruption manifeste" plutôt que "Soupçons" & un vote nominal.
2/15
2/15
"Débat" adopté par le parlement.
Débat #QatarGate fixé au Mardi 13 décembre après-midi.
366 POUR.
11 CONTRE : 1 #RenewEurope + 9 #CRE/ECR + 1 NI (Non Inscrits).
3 Abstentions : 2 Non-Inscrits + 1 CRE/ECR.
325 Absents (Essentiellement #PPE, CRE & #SD).
3/15
Débat #QatarGate fixé au Mardi 13 décembre après-midi.
366 POUR.
11 CONTRE : 1 #RenewEurope + 9 #CRE/ECR + 1 NI (Non Inscrits).
3 Abstentions : 2 Non-Inscrits + 1 CRE/ECR.
325 Absents (Essentiellement #PPE, CRE & #SD).
3/15
🐲 Ghidra Tips 🐲- Malware Encryption and Hashing functions often produce byte sequences that are great for #Yara rules.
Using #Ghidra and a Text Editor - You can quickly develop Yara rules to detect common malware families.
(Demonstrated with #Qakbot)
[1/20]
#Malware #RE
Using #Ghidra and a Text Editor - You can quickly develop Yara rules to detect common malware families.
(Demonstrated with #Qakbot)
[1/20]
#Malware #RE
[2/20]
Hashing and encryption functions make good targets for #detection as they are reasonably unique to each malware family and often contain lengthy and specific byte sequences due to the mathematical operations involved.
These characteristics make for good Yara rules 😁
Hashing and encryption functions make good targets for #detection as they are reasonably unique to each malware family and often contain lengthy and specific byte sequences due to the mathematical operations involved.
These characteristics make for good Yara rules 😁
[3/20] The biggest challenge is locating the functions responsible for hashing and encryption. I'll leave that for another thread, but for now...
You can typically recognize hashing/encryption through the use of bitwise operators inside a loop. (xor ^ and shift >> etc).
You can typically recognize hashing/encryption through the use of bitwise operators inside a loop. (xor ^ and shift >> etc).
🐲 Ghidra Tips🐲For Beginner/Intermediate analysts interested in RE.
These tips are aimed at making Ghidra more approachable and usable for beginners and intermediate analysts 😄
[1/9] 🧵
#Malware #RE #Ghidra
These tips are aimed at making Ghidra more approachable and usable for beginners and intermediate analysts 😄
[1/9] 🧵
#Malware #RE #Ghidra
2/ The sample I'm using can be found here if you'd like to follow along. It is a cobalt strike DLL often found in Gootloader campaigns.
bazaar.abuse.ch/sample/a2513cc…
bazaar.abuse.ch/sample/a2513cc…
3/ Enable "Cursor Text Highlighting". 🖱️
This will automatically highlight areas of interest when using the Ghidra decompiler.
This is useful for quickly identifying where a value has or will be used.
This will automatically highlight areas of interest when using the Ghidra decompiler.
This is useful for quickly identifying where a value has or will be used.
#Qakbot Dumpulator Script has now been added to Github! 😀
This script is capable of dumping decrypted strings from the encrypted string table used by recent Qakbot malware.
1/ (notes and details below)
#malware #qakbot #dumpulator #RE
This script is capable of dumping decrypted strings from the encrypted string table used by recent Qakbot malware.
1/ (notes and details below)
#malware #qakbot #dumpulator #RE
2/ The script *should* work on the samples that I have provided in the readme, however you may need to change some register values to get it to work on different samples.
In particular, "dp.regs.ecx" and "dp.regs.esp+0x4" may need to be changed. As these ...
In particular, "dp.regs.ecx" and "dp.regs.esp+0x4" may need to be changed. As these ...
3/ cont'd... as these values point to the encrypted string table and key, which will differ between samples. You can re-use the same dump file if you wish, as the code will likely remain the same.
Reverse Engineering a #CobaltStrike #malware sample and extracting C2's using three different methods.
We'll touch on #cyberchef, #x64dbg and Speakeasy from fireeye to perform manual analysis and emulation of #shellcode.
A (big) thread ⬇️⬇️
[1/23]
We'll touch on #cyberchef, #x64dbg and Speakeasy from fireeye to perform manual analysis and emulation of #shellcode.
A (big) thread ⬇️⬇️
[1/23]
[2/23]
To follow along, download the sample from the link below. Then transfer the .zip into a safe VM environment.
My VM is a mostly default Flare VM with SpeakEasy installed on top.
bazaar.abuse.ch/sample/08ec3f1…
To follow along, download the sample from the link below. Then transfer the .zip into a safe VM environment.
My VM is a mostly default Flare VM with SpeakEasy installed on top.
bazaar.abuse.ch/sample/08ec3f1…
[3/23] Once unzipped (pw:infected), load the file into pe-studio for quick analysis. There isn't a lot interesting here, but take note that the file a 64-bit .dll with 4 exported functions.
PROCLAMAZIONE RE CARLO III
1/n
Quasi tutto pronto per la proclamazione di #KingCharlesIII. Molti ex primi ministri del Regno in prima fila. Un evento mai trasmesso prima in tv.
#QueenElizabeth #ReCarlo
1/n
Quasi tutto pronto per la proclamazione di #KingCharlesIII. Molti ex primi ministri del Regno in prima fila. Un evento mai trasmesso prima in tv.
#QueenElizabeth #ReCarlo
2/n
#GodSaveTheKing
#GodSaveTheKing
@tyillc @AlastairWinter @MikeH_001 @PaulGambles2 @Halsrethink 1. My problem with the FED and other #CB'S is they get their monetary policy settings wrong a lot of the time. I have respect for their intelligence but their policy settings often send the wrong signals. >
@tyillc @AlastairWinter @MikeH_001 @PaulGambles2 @Halsrethink 2. When you get monetary policy settings wrong that encourages Main Street and Wall Street to get it wrong. When Main Street gets it wrong there can be serious pain for the Public. When Wall Street or equivalent get it wrong someone else pays. >
@tyillc @AlastairWinter @MikeH_001 @PaulGambles2 @Halsrethink 3. Post the 2000 Tech Bubble Bust the #FED dropped interest rates too low for too long. Wall Street securitized a lot of dodgy #MBS off the back of this. Main Street bought up Property to ridiculous levels leading to an RE Bust, An MBS Bust and the GFC.>
#Renewable Power Generation Costs in 2021 from @IRENA is out
The headline isn't quite what you'd expect:
The global weighted average cost of new #solar #photovoltaics (#PV), onshore and offshore #WindPower projects fell in 2021.
Despite rising equp. costs.
Lets see why 1/n
The headline isn't quite what you'd expect:
The global weighted average cost of new #solar #photovoltaics (#PV), onshore and offshore #WindPower projects fell in 2021.
Despite rising equp. costs.
Lets see why 1/n
@IRENA 1st up the data:
Year on year change:
⬇️LCOE of onshore wind projects added in 2021 fell by 15%, year-on-year, to USD 0.033/kWh
⬇️ Utility-scale solar PV and offshore wind LCOE fell by 13% year-on-year to USD 0.048/kWh & USD 0.075/kWh respectively
⬆️ CSP up 7% though
2/n
Year on year change:
⬇️LCOE of onshore wind projects added in 2021 fell by 15%, year-on-year, to USD 0.033/kWh
⬇️ Utility-scale solar PV and offshore wind LCOE fell by 13% year-on-year to USD 0.048/kWh & USD 0.075/kWh respectively
⬆️ CSP up 7% though
2/n
@IRENA This is despite rising equipment costs from the end of 2020, albeit unevenly.
Solar PV module prices in Europe up modestly in 2021, but looking to be 20% or more higher in 2022, given underlying materials and shipping cost increases, but perhaps more (more on that later...)
3/n
Solar PV module prices in Europe up modestly in 2021, but looking to be 20% or more higher in 2022, given underlying materials and shipping cost increases, but perhaps more (more on that later...)
3/n
Real-estate agents in places like New York, Los Angeles, and the Hamptons say the frenzied deal making and record-setting have eased, thanks to a growing disconnect between what sellers want and what buyers will pay. wsj.com/articles/even-…
Luxury homes—defined as the top 5% of the market—that sold during a three-month period from Feb. 1 to April 30, 2022 dropped 18% compared with the same period in 2021, according to @Redfin.
That is the biggest decline since the pandemic started. on.wsj.com/3xNALZ7
That is the biggest decline since the pandemic started. on.wsj.com/3xNALZ7
Prices are still holding, but they are unlikely to keep reaching new heights as buyers retreat, according to Sheharyar Bokhari, a @Redfin senior economist. Further, he said, deal volume is finding a new equilibrium. on.wsj.com/3xNALZ7
Thanks to @steve_sedgwick & @cnbcKaren for having me on #CNBC #SquawkBox this AM.
What did we discuss? Well, #inflation of course!
I prepared some slides for the show which I'm happy to present in this thread.
1/n
#macro #Fed #Yellen #JeromePowell #bankofengland #QE
What did we discuss? Well, #inflation of course!
I prepared some slides for the show which I'm happy to present in this thread.
1/n
#macro #Fed #Yellen #JeromePowell #bankofengland #QE
Are people in denial or is the #centralbank money flood just drowning all the signals?
2/n
#inflation
2/n
#inflation
#Commodities, #freight, #carbon - and a whole lot besides - sure do cost a lot more, these days.
3/n
3/n
🔥 #AdventOfReversing 1/24 🔥
Get dirty as soon as possible. Don't fall into thinking you are not ready. Sure, you will be confused by many things at first. That's fine! I used to confuse sections and segments when I started. Keep pushing, and things will become clear naturally.
Get dirty as soon as possible. Don't fall into thinking you are not ready. Sure, you will be confused by many things at first. That's fine! I used to confuse sections and segments when I started. Keep pushing, and things will become clear naturally.
🔥 #AdventOfReversing 2/24 🔥
Get used to (re)name *everything* in your disassembler. You might be able to mentally track data across registers and memory for small crackmes w/ easy control flow, but this does not scale at all. Unclutter your mind. Make your life easier.
Get used to (re)name *everything* in your disassembler. You might be able to mentally track data across registers and memory for small crackmes w/ easy control flow, but this does not scale at all. Unclutter your mind. Make your life easier.
🔥 #AdventOfReversing 3/24 🔥
You really want to have some programming foundations, but which languages? I mostly agree with this post by @MalwareTechBlog:
🐍 Python
🏗️ C
⚙️ ASM (different flavors: x86(-64) desktop, ARM mobile...)
Give it a read! 📰
malwaretech.com/2018/03/best-p…
You really want to have some programming foundations, but which languages? I mostly agree with this post by @MalwareTechBlog:
🐍 Python
🏗️ C
⚙️ ASM (different flavors: x86(-64) desktop, ARM mobile...)
Give it a read! 📰
malwaretech.com/2018/03/best-p…
And, those good ole #FederalReserve policies again mean the monthly cost of an average #NewHome (approximated here) is back where it was 15 years ago...
#housing #QE
#housing #QE
websites for #osint (#bugbounty #infosec #bugbountytips
@ADITYASHENDE17 @AseemShrey @cyph3r_asr @pry0cc #all other gangstas
(rt for sharing content)
#: grep.app
#: hunter.io
#: cxsecurity.com
#: exploit.in
@ADITYASHENDE17 @AseemShrey @cyph3r_asr @pry0cc #all other gangstas
(rt for sharing content)
#: grep.app
#: hunter.io
#: cxsecurity.com
#: exploit.in
#: xposedornot.com/phpvatch/
#: {C compiler} : gcc.godbolt.org
#: 2018.zeronights.ru/en/materials/
#: openpentest.com/find-subdomains
#: phishingquiz.withgoogle.com
#: {C compiler} : gcc.godbolt.org
#: 2018.zeronights.ru/en/materials/
#: openpentest.com/find-subdomains
#: phishingquiz.withgoogle.com
#: tryhackme.com
#: noriskdomain.com
#: getpwning.com
#: keybase.io
#: intelx.io
#: toolbox.googleapps.com
#: centralops.net
#: pythonarsenal.com {#RE (reverse engineering)}
#: testmysite.io
#: noriskdomain.com
#: getpwning.com
#: keybase.io
#: intelx.io
#: toolbox.googleapps.com
#: centralops.net
#: pythonarsenal.com {#RE (reverse engineering)}
#: testmysite.io
Somewhat muted 90th birthday celebrations at the 'Tower of Basel' comes along with their 'Annual Economic Report' plenty of insights & illustrations of the economic & financial fallout from the #Covid19 crisis: bis.org/publ/arpdf/ar2… Some takeaways (1/4)
The @BIS_org Quarterly Review of international #banking & financial market developments holds some interesting insights: bis.org/publ/qtrpdf/r_… A few takeaway...#China's non-fin corp #debt is massive but mainly owed internally...(1/4)
2/4 #USD cross border credit to non-fin corps trends show that #India & #SaudiArabia is on the wrong trajectory but #Mexico is perhaps of most concern, + it faces steep financing needs 4 the sovereign & the SOE (PEMEX?) has plenty of foreign curr bonds outstanding...
The @McKinsey_MGI 'The future of #Asia: Decoding the value & performance of corporate Asia' report provides some interesting #insights: mckinsey.com/featured-insig… A few takeaways...(1/5) Asia's corporates: Capturing the top line but struggling to convert to the bottom line..
2/5 #GlobalTrends - Corp profitability has declined around the world over the past decade w. #Asia account 4 appox. half of the decline. The world is more capital-intensive than it was a decade ago...#Macro
Interesting look by @McKinsey_MGI on #Florida's exposure to climate driven hazards: mckinsey.com/business-funct… #GlobalTrends #Risks #Flooding #US Some takeaways....(1/5)
'The #Wealth Report 2020' from Knight Frank provides some interesting #insights on global wealth, #investing and #RE #trends: content.knightfrank.com/content/pdfs/g… Some takeaways...(1/6) - Overview global #UHNWIs...
