I'm excited to share our research in which we show that a 0-Day attributed to the Chinese APT31 was actually caught by the APT and replicated from Equation Group's 0-Day exploit for the same vulnerability. Here are some of the highlights — A long thread >>
research.checkpoint.com/2021/the-story… In our on-going project, @EyalItkin and I analyze Windows LPE 0-Day exploits and try to extract unique "fingerprints" that can be used for attribution of past and future exploits. We sat to analyze CVE-2017-0005, a 0-Day of a particular interest >>

The attackers behind the #SUNBURST malware put a lot of effort into trying to avoid detection by analysts and security vendors. Not only this, but they also tried to make sure to stay under the radar of #SolarWinds developers and employees. A thread >> When brute-forcing the FNV-1a hashes embedded in #SUNBURST, I noticed that some of the cracked strings look like domain names of #SolarWinds internal networks across the globe. If the domain of the infected computer ends with one of these names, the malware would not run >>

radare2 is one of the most famous RE frameworks out there. That said, it has some great features, and Easter-eggs that very few people know in details. This is going to be a thread – fasten your seatbelts and get ready for a journey into the less-known features of @radareorg! >> First things first, some history. The radare2 project was created by @trufae in February of 2006 to provide a free and simple command-line hexadecimal editor. Starting from a one-man-show, radare2 nowadays gathered a huge community and a substantial number of contributors >>