If they know you have an #encrypted file, they can begin work cracking it.
If you have an #obfuscated file, they may never even know it's there.

#obfuscatedCommunication #encryption #encryptedCommunication #opsec

another one from #TheCrux

"Would you like to annoy your security team even more than usual? Why not create #obfuscated links to regular websites that look like phishing attempts with Phishy URL?"

https://phishyurl.com

this is hilarious @daedalus thanks from my DEVs 😆🐡 #phish #urls

Here is a cool, novel advanced #algorithm for tracking #stealth and can be used for #asteroid tracking, #spacejunk etc

Also. These mosaiced screen video, you can read the #obfuscated text.
#opsec #infosec implications

"pixel voxel motion projection"

https://m.youtube.com/watch?v=zFiubdrJqqI

#algo #compsci

🚨 #Obfuscated BAT file used to deliver NetSupport RAT

At the time of the analysis, the sample had not yet been submitted to #VirusTotal ⚠️

👨‍💻 See sandbox session: https://app.any.run/tasks/db6fcb53-6f10-464e-9883-72fd7f1db294?utm_source=mastodon&utm_medium=post&utm_campaign=obfuscated_bat_file&utm_content=linktoservice&utm_term=050625

🔗 Execution chain:
cmd.exe (BAT) ➡️ #PowerShell ➡️ PowerShell ➡️ #client32.exe (NetSupport client) ➡️ reg.exe

Key details:
🔹 Uses a 'client32' process to run #NetSupport #RAT and add it to autorun in registry via reg.exe
🔹 Creates an 'Options' folder in %APPDATA % if missing
🔹 NetSupport client downloads a task .zip file, extracts, and runs it from %APPDATA%\Application .zip
🔹 Deletes ZIP files after execution

❗️ BAT droppers remain a common choice in attacks as threat actors continue to find new methods to evade detection.

Use #ANYRUN’s Interactive Sandbox to quickly trace the full execution chain and uncover #malware behavior for fast and informed response.

#cybersecurity #infosec

🚨 New #phishing campaign uses #DBatLoader to drop #Remcos RAT.
The infection relies on #UAC bypass with mock directories, obfuscated .cmd scripts, Windows #LOLBAS techniques, and advanced persistence techniques. At the time of analysis, the samples had not yet been submitted to #VirusTotal ⚠️

🔗 Execution chain:
#Phish ➡️ Archive ➡️ DBatLoader ➡️ CMD ➡️ SndVol.exe (Remcos injected)

👨‍💻 #ANYRUN allows analysts to quickly uncover stealth techniques like LOLBAS abuse, injection, and UAC bypass, all within a single interactive analysis session. See analysis: https://app.any.run/tasks/c57ca499-51f5-4c50-a91f-70bc5a60b98d/?utm_source=mastodon&utm_medium=post&utm_campaign=dbatloader&utm_term=150525&utm_content=linktoservice

🛠️ Key techniques:
🔹 #Obfuscated with #BatCloak .cmd files are used to download and run #payload.
🔹 Remcos injects into trusted system processes (SndVol.exe, colorcpl.exe).
🔹 Scheduled tasks trigger a Cmwdnsyn.url file, which launches a .pif dropper to maintain persistence.
🔹 Esentutl.exe is abused via LOLBAS to copy cmd.exe into the alpha.pif file.
🔹 UAC bypass is achieved with fake directories like “C:\Windows “ (note the trailing space), exploiting how Windows handles folder names.

⚠️ This threat uses multiple layers of stealth and abuse of built-in Windows tools. Behavioral detection and attention to unusual file paths or another activity are crucial to catching it early. #ANYRUN Sandbox provides the visibility needed to spot these techniques in real time 🚀

I had an idea for a new sequence simulator. Generate two random sequences and then define a rate for a third sequences which is a blend of the two. Code is below, though slightly obfuscated.

#bioinformatics #obfuscated

Anyone good in analyzing obfuscated javascript and can tell me what happens here?
https://pastebin.com/Taj4esdY

#javascript #obfuscated #blueteam #security #malware

Some kind of #obfuscated #JavaScript #exploit targetting G2A users (lol)

PDF linked on PasteBin directs users to install a #Tampermonkey script.

hxxps://textbin.net/raw/awsj07eiit

#Malware

#Labour’s #KeirStarmer backs #trans #sports #bans ‘Common sense has to prevail’

#Labour once #stoodfirm on #transgender #rights but amid the increasing #politicisation of #trans #lives the #party has #backtracked, #Uturned and #obfuscated on #key #issues.

- There is absolutely no difference between the #Tories or #Labour

#Women #Transgender #LGBTQ #LGBTQIA #UK #Labour #Hate #Bigotry #Violence #Genocide #Discrimination #Transphobia #TERFIsland

https://www.thepinknews.com/2024/03/12/keir-starmer-trans-athletes-ban/

Getting ready to work over the #holidays with a large supply of homemade #thumbprint #cookies

[#Infosec name: #obfuscated #fingerprint #cookies.]

#CyberSecurity Advisory for .NET Shops

Apparently there's a deliberately #obfuscated #vulnerability in #SponsorLink introduced into moq (a mocking library for #dotNET applications) on August 4th and included in the moq v4.20 release.

- https://github.com/moq/moq/releases/tag/v4.20.0
- https://github.com/moq/moq/issues/1372
- https://www.reddit.com/r/dotnet/comments/15ljdcc/does_moq_in_its_latest_version_extract_and_send/
- https://github.com/moq/moq/pull/1363
- https://github.com/moq/moq/pull/1363/commits/34d968a5b92a89b44588a5cd9e706ff73d0f8c23

The result will be pervasive, #obfuscated #enshittification.

TOFU: Towards Obfuscated Federated Updates by Encoding Weight Updates into Gradients from Proxy Data

https://openreview.net/forum?id=ab2l0Rxwyn

#privacy #obfuscated #encryption

Je suis aidé sans aucun doute 🙄
#microsoft #obfuscated

Well it's officially released: my first analysis of JS obfuscated malware. Hope you enjoy!
https://polaryse.github.io/posts/vjw0rm/

#reverseengineering #malwareanalysis #vjw0rm #javascript #obfuscated

j'adore lire ce genre de mail de dingue sur la #securite (yolo on est des ouf) :
"La #obfuscated# passe à un niveau de sécurité plus élevé pour la création de mot de passe, qui nécessite désormais 12 caractères au lieu de 8. Toutefois, votre mot de passe ne doit pas dépasser 30 caractères. "

sur un site "important", ils sont un mail que si mon compte se fait trouer, ils rigoleront pas : 8 caractères lettres aA et chiffres only

Mais bon ....

Leveraging #Electromagnetic #Signals for #Obfuscated #Malware #Classification

Paper
https://dl.acm.org/doi/10.1145/3485832.3485894

OMG. Over 20 years of C programming, and I had no idea that printf can change a variable's value. Wow.

"
%n takes a pointer and writes (!!) the number of bytes printed so far.

[...]

For example, the following expression

printf("%1$.*2$d%3$hhn", 5, 10, &x)

will have the same effect as if we had written

x = 10;
"

https://www.ioccc.org/2020/carlini/index.html

#obfuscated #c #programming

#NixNet is cool!
#obfuscated #sh #script!🤔🐚📜
set `head -1 $0|cut -c2-` social.nixnet.services/ amolith/ nix.html \< iframe \> embed script
q=$4@$5tagged/$1;v=echo;b=;f=2;z=1
$v "$7pre$9`cat $0`$7/pre$9$7$11 src=$4$10.js$9$7/$11$9">$6
while [ $f != 1 ]||[ $z -lt 3 ];do
q=`curl -sL $q`
b=$b\ `$v "$q"|grep $4@$5[0-9]|cut -d\" -f6`
q=`$v "$q"|grep ad-m|cut -d\" -f4`
f=`$v "$q"|wc -l`;q=`$v "$q"|tail -1`
z=$((z+1));done;for l in $b;do
$v $7$8 height=650 src=$l/$10$9$7/$8$9
done|uniq>>$6;xdg-open $6

#LBRY is awesome!
#obfuscated #sh #script!🤔🐚📜
set `head -1 $0|cut -c2-` fosstodon.org/ johanv/ lbry.html \< iframe \> embed script
q=$4@$5tagged/$1;v=echo;b=;f=2;z=1
$v "$7pre$9`cat $0`$7/pre$9$7$11 src=$4$10.js$9$7/$11$9">$6
while [ $f != 1 ]||[ $z -lt 3 ];do
q=`curl -sL $q`
b=$b\ `$v "$q"|grep $4@$5[0-9]|cut -d\" -f6`
q=`$v "$q"|grep ad-m|cut -d\" -f4`
f=`$v "$q"|wc -l`;q=`$v "$q"|tail -1`
z=$((z+1));done;for l in $b;do
$v $7$8 height=650 src=$l/$10$9$7/$8$9
done|uniq>>$6;xdg-open $6