Still building and upgrading my home lab.

I think I am very quickly taking the SANS approach to Mac M1/Silicon laptops for training courses - not supported.

OMG what a hassle and shit fight!

It's been a minute, but here is my write up on WannaSmile ransomware. A nicely deobfuscated sample. I'll be updating this post soon with a decryptor written in python. https://polaryse.github.io/posts/wannasmile/
#reverseengineering #ransomware #malware #eCrime #YARA #dnSpy

Seems like my hibernation is coming to an end very soon ..... you can catch me at ...

🍸 the Australian Information Security Association (AISA) #Cybercon2023 March 21-22 in Canberra ... I'll be on stage 4 times so I'm pretty sure you won't miss me 🤣

🍸 @0xCC I'll be delivering training in May 5 and 6 in Melbourne.

🍸 @blackhatevents #BHAsia2023 I'll be in attendance swanning around the talks.

🍸 Have you got your tickets to BSides Brisbane yet in July and @bsidescbr in September? I have!

Are you tired yet reading this?

I'm also going to try and make BHUS and Defcon in August .... someone want to fly me over?????

I thought I'd share a little bit more about the talk I'm giving at #cybercon2023 ...

<<Threat intelligence without boiling the ocean>>

Whilst no one will ever tell you that threat intelligence is easy, setting out on the path to use it in smart ways doesn't need to be overwhelming. Today, the amount of open source intelligence feeds, documents, blog posts and information shared in the community can easily leave operational or Intel analysts feeling unsure where to start.

#DocIntel is an open source project that was created to help streamline this process by providing a platform to collect, store, process, and organise information from various threat intelligence sources.

Using DocIntel we can take input from threat intel reports both public and private, RSS feeds, and blog posts. In this talk we'll cover how DocIntel is helping to reduce the effort required to transform this data into information that can be utilised to protect and respond. The audience will learn how to set this up in DocIntel and we'll walk through the workflow from adding a source to reviewing and registering a document.

After we have distilled our information in DocIntel, we will walk through how to connect DocIntel to a #MISP instance to easily share and disseminate the indicators across various technology platforms and sharing groups.

The talk will explain the high level concepts as well as demonstrate how this works in practice to give the audience a guide on how best to start with collecting and dealing with open source threat intelligence.

@dawnstar that sound horrible I'm sorry :(

So far I think I'm doing ok, not the worst symptoms by far.

@dawnstar I also got Bali belly too, so that was a fun few days as well.

@dawnstar oh wow, I haven't stopped sleeping for the last few days, worst of it for me is the fever and body aches. I find myself in bed every few hours for yet another nap.

Still have taste and smell buts moving to my chest a bit now and I am losing my voice and a slight cough.

@dawnstar boo, I too finally got the Rona :(

@mathwebentry

Merry Christmas to everyone, where ever you are. I'm off on a holiday today for a few weeks somewhere tropical.

📢 In the recent Microsoft Cyber Signal report, we observed an increase in threats exploiting devices in almost every part of an organization, including traditional IT equipment, OT controllers, and IoT devices. This spike in attackers' presence in these environments and networks is fueled by the convergence and interconnectivity that many organizations have adopted over the past few years.

🌎 Attackers can have various motives for compromising devices beyond traditional laptops and smartphones. Nation State sponsored cybercriminal activity shows that some countries view cyberattacks against critical infrastructure as a way to achieve military and economic objectives.

Find out more in the report 👇​

https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5daTD

@ImpossibleUmbrella it helps a lot with learning, there are a lot of applications for sure. Just need to remember it stopped learning in 2021 and you need to validate a lot.

🤓I have released my slides from my recent presentation on the #UnprotectProject at @bsidessydney. If you're interested in learning more about this project, be sure to check them out! #cybersecurity #infosec #malware
https://speakerdeck.com/fr0gger/x-ray-of-malware-evasion-techniques-analysis-dissection-cure

I did find myself asking #ChatGPT about assembly yesterday ....

Not sure if they are "problems" to be solved, but it certainly is making learning new things much much easier.

https://www.sentinelone.com/labs/11-problems-chatgpt-can-solve-for-reverse-engineers-and-malware-analysts/

#Malware #ReverseEngineering #Ghidra

@AstraKernel

Hello :)

I do a bunch of stuff in cybersec and mainly post about things I'm working on, learning or am interested in.

Introducing Episode 4 of the Cosive #Podcast! 🎉🎙

How #ChatGPT Could Transform the CTI Analyst Role, with Chris Horsley

Just 15 minutes - and well worth a listen 👇

https://www.cosive.com/podcast/2022/12/21/episode-004-how-chatgpt-could-transform-the-cti-analyst-role-with-chris-horsley

#ThreatIntel #ThreatIntelligence #CyberSecurity #CyberSecurityTips

@abrignoni Thankyou!! :)

Books I currently am in the middle of (infosec related).

Not sure I'll ever get them all finished but at least I have a few things to keep me interested every day!

#Python #ReverseEngineering #Ghidra #Android #ThreatIntelligence #AndroidForensics #LinuxBasics

1. Head First Python
Got this to play along with
@abrignoni's
DFIR Python Study Group - https://youtube.com/playlist?list=PLz61osc7c3OqQ_xBZJbzZdIkVd8HnxLmC

https://www.oreilly.com/library/view/head-first-python/9781491919521/

2. Learning Android Forensics
Covers the Android platform and its architecture, and provides a high-level overview of what Android forensics entails. Using this while learning the Android SDK toolset.

https://www.packtpub.com/product/learning-android-forensics-second-edition/9781789131017

3. Android Security Internals
Building out my understanding of the Android security features.

https://nostarch.com/androidsecurity

4. Psychology of intelligence analysis
Its important to understand our own biases and how to deal with that when doing analysis work.

https://cia.gov/resources/csi/books-monographs/psychology-of-intelligence-analysis-2/

5. Linux basics for hackers
Cause I never feel like I'm good enough with Linux, there is always more I can learn.

https://nostarch.com/linuxbasicsforhackers

6. The Ghidra Book
Walking through all the basics and more of Ghidra.

https://ghidrabook.com

☣️ VTI Cheat Sheet

Virus Total will continuously update the VTI Cheat Sheet to keep it as fresh and useful as possible. Happy hunting! #malware #infosec #tools #informatique

https://blog.virustotal.com/2022/12/vt-intelligence-cheat-sheet.html