avallach

🇺🇦 Malware Researcher 🇺🇦
Posts are my own and do not reflect my employer.

avallach boosted:
2025-06-30

It took quite a bit of work, but VirusShare seems to be mostly back to normal. <knocks on wood> I am still moving things around and squashing the occasional issue, so please let us know if you spot any problems.

avallach boosted:
2025-06-30

In 3 days, a slick new UK edition of Sandworm comes out with a new cover and new foreword that aims to capture in a few pages the events of the 5+ years since the book first published: www.amazon.co.uk/Operation-Sa...

The publisher has tweaked the title to "Operation Sandworm" for UK reasons I don't entirely understand, but it's the same book, and hopefully will now reach a new audience.

amazon.co.uk/Operation-Sandwor

avallach boosted:
2025-06-28

For those who are interested, I recently did a live session demoing Helix, my new go-to text editor, for members of @thetaggartinstitute community. Enjoy!

youtu.be/QullbX0JKq8

avallach boosted:
2025-06-27

The slides from our @recon talk, "Breaking Mixed Boolean-Arithmetic Obfuscation in Real-World Applications" (CC @nicolodev are now online!

Slides: synthesis.to/presentations/rec

Plugin: github.com/mrphrazer/obfuscati

avallach boosted:
2025-06-26

@SebastianWalla, Steffen Haas, @tillmannwerner, and myself will present a .NET instrumentation framework tomorrow at @recon 2025 in Montreal. Here's a humble brag sneak peek demo-ing how easy it is to write a function tracer!

C# source code implementing a function tracer
avallach boosted:
2025-06-23

Matt Pahl and I are doing a webinar on defining ICS Malware, its distinction from IT threats, and how we search for it using different OT detection strategies. It's a follow-up to the ICS Malware definition work. Hope to see you there!

Registration link:
hub.dragos.com/webinar/what-is

avallach boosted:
2025-06-21

We (Steffen Haas, Sebastian Walla, Lars Wallenborn, and Yours Truly) built a dynamic binary instrumentation framework for .NET that gives malware analysts the power of transparent assembly patching at runtime, invisible to the target. With just a few lines of C#, reverse engineers can write their own custom analyzers that instantiate an instrumenter for the heavy lifting, allowing them to focus on the task at hand. We are excited to present our work at @recon next week: cfp.recon.cx/recon-2025/talk/P

avallach boosted:
2025-06-20

Busy Week!

Grateful to SANS ICS for hosting my talk on ICS Malware. It was a great experience.

We released our whitepaper on the subject ( dragos.com/resources/whitepape ).

We also got word that my talk with Sam Hanson on assessing ICS threats was accepted at Defcon ICS village. Hope to see you there!

avallach boosted:
2025-06-20

github.com/alexander-hanel/pwi

For anyone else tired of having to start a VM to download a file.

2025-06-11

#mlget has been updated - your 1 stop shop for finding malware across different services!

Grab an updated copy at github.com/xorhex/mlget/releas

Happy to add additional services if folks know of more!

Some services I no longer have access to for testing - see the Alt text for more info.

Latest test run: For the ones that failed, I either don’t have a current API key to test with or an instance of the service to test against.  

If folks can test and let me know, I’d be very grateful!   Please submit an issue in GitHub if it’s broken. Thanks! 😀
avallach boosted:
2025-06-11

Considerations on "Salt Typhoon" - what it is (and probably is not), and thoughts on unsubstantiated or at least undetailed linkages to other threat actors:
pylos.co/2025/06/11/attributio

avallach boosted:
2025-06-09

Cool highlight of the water HMI exposure research we dropped last week in @zackwhittaker 's This Week In Security newsletter.

In a world of gloomy stories (security and otherwise), it's nice to have research make it to The Happy Corner!

THE HAPPY CORNER

You know what time it is? It's chill-o'clock in the happy comer.

This week, some great news from Censys, which found 400 exposed web-based
interfaces of U.S. water faciliies, and worked with the Environmental Protection
Agency to secure them — including 40 of them that were entirely unauthenticated
and controllable by anyone with a web browser. It shows the U.S. has a long way to
go to secure its critical infrastructure, but we don't make progress unless we
document and detail along the way so others can lear, too. Great work here, and a
very detailed report for the geeks like me who love the nitty-gritty. (SecurityWeek has
atldr, too.)
avallach boosted:
2025-06-09

The "Debuggers 1103: Introductory Binary Ninja" beta class begins June 9th. Sign up by end of day at forms.gle/7erYKJWcdGkFKH3q7 to join the class and learn how to use @vector35's Binja, not just for static analysis, but for debugging and learning assembly!

avallach boosted:
2025-06-04

Just published: A two-part blog series in collaboration with Threatray, which aims to substantiate the claim that #TA397 (Bitter) is an espionage-focused, state-backed threat actor with interests aligned to the Indian state.

Part 1 – Overview of campaigns, targeting and infrastructure: brnw.ch/21wT9h1

Part 2 – Analysis of malware arsenal and gov’t support capabilities: brnw.ch/21wT9h2

False document lure to add legitimacy to phishing email containing a malicious attachment.
avallach boosted:
2025-05-29

Does anyone know of the peeps that wrote this article st IBM?
ibm.com/think/x-force/hive0154

avallach boosted:
2025-05-29

cloud.google.com/blog/topics/t
you're joking TAG completely spoiled our VB2025 talk AAAAA

2025-05-25

@mr_phrazer @nicolodev

This is awesome! 💪

avallach boosted:
2025-05-25

New #BinaryNinja plugin: Obfuscation Analysis

Simplifies arithmetic obfuscation (MBA) directly in the decompiler (see demo below). Also identifies functions with corrupted disassembly.

Co-authored by @nicolodev ; available in the plugin manager.

Check it out: github.com/mrphrazer/obfuscati

#reverseengineering #malware #cybersecurity

avallach boosted:
Cindʎ Xiao 🍉cxiao@infosec.exchange
2025-05-23

@REverseConf The slides for "Reconstructing Rust Types: A Practical Guide for Reverse Engineers" are also available! There is a convenient single-page HTML version if you want to use the material in the presentation as a reference, for your own reversing!

cxiao.net/posts/2025-02-28-rec
github.com/cxiao/reconstructin

#rust #rustlang #ReverseEngineering #reversing #malware #MalwareAnalysis #infosec

A preview of a guide to Rust reverse engineering and reconstructing data types in Rust binaries. The preview shows the sections: "References: Trait objects", and "What Rust guarantees: Passing types between functions"
avallach boosted:
Cindʎ Xiao 🍉cxiao@infosec.exchange
2025-05-23

Hi Rust reversing fans - the recording of my talk at @REverseConf: Reconstructing Rust Types: A Practical Guide for Reverse Engineers, is available for you to watch!

youtube.com/watch?v=SGLX7g2a-gw

#rust #rustlang #ReverseEngineering #reversing #malware #MalwareAnalysis #infosec

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst