jesterchen42<p>Is there any way to decode <a href="https://social.tchncs.de/tags/ANSI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ANSI</span></a> color sequences in <a href="https://social.tchncs.de/tags/CyberChef" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberChef</span></a>? You know, old school stuff like</p><p>]2m</p><p>or</p><p>]0;39m</p><p>?</p>
photog.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for your photos and banter. Photog first is our motto
Please refer to the site rules before posting.
Administered by:
Server stats:
244active users
photog.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#cyberchef
0 posts · 0 participants · 0 posts today
MalwareLab<p>Recent <a href="https://infosec.exchange/tags/stegocampaign" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>stegocampaign</span></a> delivering <a href="https://infosec.exchange/tags/XWorm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XWorm</span></a> RAT <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> samples. <br>Quick review of <a href="https://infosec.exchange/tags/sandbox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sandbox</span></a> analysis reports reveal simple, yet interesting infection chain. It contains <a href="https://infosec.exchange/tags/VisualBasic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VisualBasic</span></a> script, <a href="https://infosec.exchange/tags/PowerShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PowerShell</span></a> scripts, picture with Base64-encoded executable and the <a href="https://infosec.exchange/tags/xwormrat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>xwormrat</span></a> itself. Those payloads have been downloaded from online hosting services such as <a href="https://infosec.exchange/tags/Pastebin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pastebin</span></a> and <a href="https://infosec.exchange/tags/Firebase" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firebase</span></a>.</p><p>My new article with <a href="https://infosec.exchange/tags/IOC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IOC</span></a> and analysis <a href="https://malwarelab.eu/posts/stego-xworm/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">malwarelab.eu/posts/stego-xwor</span><span class="invisible">m/</span></a></p><p><a href="https://infosec.exchange/tags/steganography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>steganography</span></a> <a href="https://infosec.exchange/tags/Steganoanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Steganoanalysis</span></a> <a href="https://infosec.exchange/tags/anyrun" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>anyrun</span></a> <a href="https://infosec.exchange/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malwareanalysis</span></a> <a href="https://infosec.exchange/tags/obfuscation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>obfuscation</span></a> <a href="https://infosec.exchange/tags/cyberchef" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberchef</span></a></p>
MalwareLab<p>Analysis of <a href="https://infosec.exchange/tags/infostealer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infostealer</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> pretending to be a hack for <a href="https://infosec.exchange/tags/roblox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>roblox</span></a> anticheat.</p><p>This week I delivered one lecture about cyber attacks and three 45-minutes malware analysis workshops with <a href="https://infosec.exchange/tags/anyrun" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>anyrun</span></a> and <a href="https://infosec.exchange/tags/cyberchef" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberchef</span></a> for high school students in <a href="https://infosec.exchange/tags/Roznava" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Roznava</span></a>, <a href="https://infosec.exchange/tags/Slovakia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Slovakia</span></a>.</p><p><a href="https://infosec.exchange/tags/Education" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Education</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/sandbox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sandbox</span></a> </p><p><a href="https://infosec.exchange/@securitydungeon/111914649805730340" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@securitydung</span><span class="invisible">eon/111914649805730340</span></a></p>
rugk<p><a href="https://chaos.social/tags/Hall1" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hall1</span></a> In other news: The loading screen of <a href="https://chaos.social/tags/CyberChef" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberChef</span></a> is also very cool. <a href="https://chaos.social/tags/37c3" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>37c3</span></a></p>
MalwareLab<p>My write-up for the <a href="https://infosec.exchange/tags/kaspersky" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kaspersky</span></a> challenge from <a href="https://infosec.exchange/tags/ekoparty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ekoparty</span></a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CTF</span></a> is online. This was very nice challenge - <a href="https://infosec.exchange/tags/network" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>network</span></a> traffic analysis, exploitation, <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a>, <a href="https://infosec.exchange/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>reverseengineering</span></a> and <a href="https://infosec.exchange/tags/crypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>crypto</span></a></p><p><a href="https://malwarelab.eu/posts/ekoparty-ctf-2023-kaspersky/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">malwarelab.eu/posts/ekoparty-c</span><span class="invisible">tf-2023-kaspersky/</span></a></p><p><a href="https://infosec.exchange/tags/networksecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networksecurity</span></a> <a href="https://infosec.exchange/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malwareanalysis</span></a> <a href="https://infosec.exchange/tags/cyberchef" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberchef</span></a> <a href="https://infosec.exchange/tags/IDAFree" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IDAFree</span></a> <a href="https://infosec.exchange/tags/IDAFreeware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IDAFreeware</span></a> <a href="https://infosec.exchange/tags/cutter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cutter</span></a> <span class="h-card" translate="no"><a href="https://fosstodon.org/@rizin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>rizin</span></a></span></p>
MalwareLab<p>Decryption of strings from <a href="https://infosec.exchange/tags/AsyncRAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AsyncRAT</span></a>/#DcRat/#VenomRAT configuration with <a href="https://infosec.exchange/tags/CyberChef" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberChef</span></a>. Little bit of <a href="https://infosec.exchange/tags/Dotnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Dotnet</span></a> <a href="https://infosec.exchange/tags/reversing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>reversing</span></a> and commented recipe with usage of registers for PBKDF2 and AES decryption</p><p>Blog post: <a href="https://malwarelab.eu/posts/asyncrat-cyberchef/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">malwarelab.eu/posts/asyncrat-c</span><span class="invisible">yberchef/</span></a><br>Recipe with example input: <a href="https://tinyurl.com/AsyncRatConfigDecryptor2" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tinyurl.com/AsyncRatConfigDecr</span><span class="invisible">yptor2</span></a></p>
MalwareLab<p>How to recognize possible <a href="https://infosec.exchange/tags/stealer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>stealer</span></a>? It tries to access sensitive files (e.g. browser cookies, credential stores, crypto wallets, steam keys) followed by the data upload.</p><p>One example: <a href="https://infosec.exchange/tags/Redline" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Redline</span></a> <a href="https://infosec.exchange/tags/stealer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>stealer</span></a>. Accessing sensitive data followed by data upload including list of user processes, passwords and screenshot.</p><p><a href="https://infosec.exchange/tags/CyberChef" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberChef</span></a> recipe for extracting screenshot:<br><a href="https://gchq.github.io/CyberChef/#recipe=To_Hex('None',0)Regular_expression('User%20defined','89504e470d0a1a0a.*49454e44ae42.%7B4%7D',true,true,false,false,false,false,'List%20matches')Render_Image('Hex')" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gchq.github.io/CyberChef/#reci</span><span class="invisible">pe=To_Hex('None',0)Regular_expression('User%20defined','89504e470d0a1a0a.*49454e44ae42.%7B4%7D',true,true,false,false,false,false,'List%20matches')Render_Image('Hex')</span></a></p><p><a href="https://infosec.exchange/tags/anyrun" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>anyrun</span></a> sample: <a href="https://app.any.run/tasks/39f5008c-b5c3-4917-ab0c-f3e48ac13dc9/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">app.any.run/tasks/39f5008c-b5c</span><span class="invisible">3-4917-ab0c-f3e48ac13dc9/</span></a></p><p><a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/infostealer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infostealer</span></a> <a href="https://infosec.exchange/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malwareanalysis</span></a></p>
Live feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload