Does anyone know of the peeps that wrote this article st IBM?
https://www.ibm.com/think/x-force/hive0154-targeting-us-philippines-pakistan-taiwan

https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics
you're joking TAG completely spoiled our VB2025 talk AAAAA

@mr_phrazer @nicolodev

This is awesome! 💪

New #BinaryNinja plugin: Obfuscation Analysis

Simplifies arithmetic obfuscation (MBA) directly in the decompiler (see demo below). Also identifies functions with corrupted disassembly.

Co-authored by @nicolodev ; available in the plugin manager.

Check it out: https://github.com/mrphrazer/obfuscation_analysis

#reverseengineering #malware #cybersecurity

@REverseConf The slides for "Reconstructing Rust Types: A Practical Guide for Reverse Engineers" are also available! There is a convenient single-page HTML version if you want to use the material in the presentation as a reference, for your own reversing!

https://cxiao.net/posts/2025-02-28-reconstructing-rust-types-re-verse-2025/
https://github.com/cxiao/reconstructing-rust-types-talk-re-verse-2025/

#rust #rustlang #ReverseEngineering #reversing #malware #MalwareAnalysis #infosec

Hi Rust reversing fans - the recording of my talk at @REverseConf: Reconstructing Rust Types: A Practical Guide for Reverse Engineers, is available for you to watch!

https://www.youtube.com/watch?v=SGLX7g2a-gw

#rust #rustlang #ReverseEngineering #reversing #malware #MalwareAnalysis #infosec

#binaryninja doing the math for me

We're are happy to announce a new release of our #Rust bindings for
@HexRaysSA idalib.

What's new:
- New APIs for working with IDBs, segments, and more
- Rust 2024 support
- New homepage: https://idalib.rs

H/T to our contributors @yegor & @raptor

https://github.com/binarly-io/idalib.git

It's been an interesting two days of first mitigating a DDoS and then dealing with the fallout of a UPS failure, but things seem to be back to normal. 🤞 Only change to note: I had to move the ftp server for sample uploads to new subdomain ftp.virusshare.com

#ESETresearch publishes its investigation of Operation RoundPress, which uses XSS vulnerabilities to target high-value webmail servers. We attribute the operation to Sednit with medium confidence. https://www.welivesecurity.com/en/eset-research/operation-roundpress/
In 2023, Operation RoundPress only targeted Roundcube, but in 2024 it expanded to other webmail software including Horde, MDaemon, and Zimbra.. For MDaemon, Sednit exploited the zero-day XSS vulnerability CVE-2024-11182.
Most victims were governmental entities and defense companies in Eastern Europe, although we have observed governments in Africa, Europe, and South America being targeted as well.
Our blogpost provides an analysis of the JavaScript payloads, which we named SpyPress. They are able to steal webmail credentials, and exfiltrate contacts and email messages from the victim’s mailbox. IoCs available in our GitHub repo: https://github.com/eset/malware-ioc/tree/master/operation_roundpress 5/5

If you are attending my "Reconstructing Rust Types: A Practical Guide for Reverse Engineers" workshop at @NorthSec tomorrow, I've prepared some supplementary files for the workshop here, which you may wish to take a look at beforehand! https://github.com/cxiao/reconstructing-rust-types-workshop-northsec-2025

See you tomorrow (Thursday May 15) at 1300 EDT (UTC-4), in either the Workshop 2 track, in Salle de la Commune, or on the stream at https://www.youtube.com/watch?v=UwJgS32Q6As&list=PLuUtcRxSUZUrW9scJZqhbiuTBwZBJ-Qic&index=8 !

#rustlang #ReverseEngineering #MalwareAnalysis #NorthSec #infosec #reversing

A new blog by Proofpoint reveals Feb 2025 activity by TA406 (#Konni), a North Korean-aligned advanced persistent threat.

#TA406 targeted government entities in Ukraine with phishing campaigns to deliver malware and harvest credentials.

Read the details: https://brnw.ch/21wSCmF.

Highlights:

- The campaign goal is likely to collect intel on the trajectory of the Russian invasion

- The lure content is based heavily on recent events in Ukrainian politics

- Malware was delivered through emails via PowerShell infection chain and file hosting service MEGA

- TA406 also attempted to gather credentials by sending fake Microsoft security alert messages to Ukrainian government entities.

- Credential harvesting campaigns took place prior to the attempted HTML malware deployments and targeted some of the same users.

Why this matters: Proofpoint assesses TA406 is targeting Ukrainian government entities to better understand the appetite to continue fighting against the Russian invasion and assess the medium-term outlook of the conflict.

@azakasekai Ouch! Hope you are ok!?

Binary Ninja 5.0 brings big updates to the debugger: a cleaner adapter settings UI, smarter analysis that won’t slow down your session, and new backends including rr and Corellium. Faster and more flexible debugging, whether local or remote! https://binary.ninja/2025/04/23/5.0-gallifrey.html#debugger

PIVOTCON STARTS TODAY! 🎉 🎉 We can’t wait to see some familiar faces and catch up with this awesome community 💙💛 #SeeYouThere #Pivotcon25

Next Thursday, May 15 at @NorthSec in Montreal, I will be hosting the workshop "Reconstructing Rust Types: A Practical Guide for Reverse Engineers"! This will be a 3-hour workshop how to approach Rust types and data structures when reversing Rust binaries. See https://nsec.io/session/2025-reconstructing-rust-types-a-practical-guide-for-reverse-engineers.html for more details!

Workshops at NorthSec will be streamed on YouTube Live. My workshop is scheduled for 1300-1600 EDT (UTC-4) on Thursday, May 15 in the Workshop 2 track, in Salle de la Commune. The stream link for all the Thursday Salle de la Commune workshops is here: https://www.youtube.com/watch?v=UwJgS32Q6As&list=PLuUtcRxSUZUrW9scJZqhbiuTBwZBJ-Qic&index=7

Looking forward to seeing folks there! 🦀

(Edited since I can't count days of the week apparently: May 15, which is when my workshop is occurring, is a Thursday, not a Wednesday.)

#rustlang #ReverseEngineering #MalwareAnalysis #NorthSec #infosec #reversing

@still Awesome looking talk 💪. Congrats!! Wish I could attend.

Looking forward to presenting at #VB2025 in Berlin this Sept! My colleague and I will dive into a Chinese state-sponsored attack, detailing its FUD XOML execution techniques & the novel use of Google Calendar for C2 communications in an #APT operation.

Join #ESETResearch's Damien Schaeffer at PivotCon 2025 for "Hello Zebrocy, my old friend!" on May 8 at 2pm CEST in Malaga.
Damien will discuss Zebrocy, 🇷🇺 APT group. After going silent since 2021, we discovered a 2023 attack on a 🇺🇦 governmental organization. The attack used a malicious document to download complex malware, including an obfuscated Python backdoor, keylogger, and file stealer.
By analyzing artifacts, we found similarities with older Zebrocy tools. ESET telemetry helped us attribute recent campaigns to Zebrocy, targeting Central Asia and Eastern Europe. The group uses minimal footprint tactics.
His presentation uncovers Zebrocy's multiyear espionage campaign, highlighting its evolving toolset and stealthy operations. The group's infrastructure is recalibrated for each campaign, aiming to maintain access for cyberespionage. Save the date: https://pivotcon.org/agenda-2025/

Recorded Future Insikt Group researchers analyse MintsLoader, a malicious loader deployed through multiple infection vectors that commonly deploys second-stage payloads such as GhostWeaver, StealC, and a modified BOINC client. https://www.recordedfuture.com/research/uncovering-mintsloader-with-recorded-future-malware-intelligence-hunting