Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @struppigel
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @struppigel
-
Pinned Tweet
Detailed article on how to identify ransomware
#ransomware#identificationhttps://www.gdatasoftware.com/blog/2019/06/31666-ransomware-identification-for-the-judicious-analyst …Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Karsten Hahn Retweeted
Any ideas for Masters/Bachelors thesis topics around malware analysis, reverse engineering, low-level security or other infosec topics? Please RT too - I get this question a lot and I always struggle to answer. So I hope to use our community's wisdom and send folks here :)
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Karsten Hahn Retweeted
and the last but not least: “How to become a great malware analyst” according to the AI:pic.twitter.com/Yi5HkjXMSI
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Karsten Hahn Retweeted
Friends, I am very pleased to announce that I have managed to re-assemble the original 29a archives in totality. https://vxug.fakedoma.in/zines/29a.html All zines are now present in what was once their original form. 1luv -smelly__vx
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Karsten Hahn Retweeted
Let's unearth my 'old' unpacking knowledge... IIRC the only doc I publicly made on the topic was https://github.com/corkami/docs/blob/master/packers.pdf … Which doc/tool would you recommend checking nowadays?
#unpackingpartypic.twitter.com/D91TwYdGCH
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Btw, the person who asks such a question has kind of a hacker's mindset.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
That means the answer is no. It won't work. Unless the ransomware doesn't actually use the ID and it is just there for show. I don't know of any ransomware where that's the case.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Posting this from
#Reddit because it is a smart question to ask. Usually, ransomware uses a unique key for every infected system. The user ID is a way to determine which one is the right key. If you change the ID, the attackers won't be able to find the right key for you.pic.twitter.com/TkybJXB27G
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Most of the time I see really badly infected systems (e.g. by old file infectors like Ramnit), it stems from pirated software. Not to mention that this may spread to other systems as well (via network, USB, ...) Don't do this, for your own sake.https://twitter.com/Toxhax/status/1209297182517551106?s=19 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Karsten Hahn Retweeted
Just published a new blog-post >> 5 ways to patch binaries with Cutter
Yes, you can patch from the decompiler!
It's not a long article but it feels great to write again! I missed it. Check it out @ https://www.megabeets.net/5-ways-to-patch-binaries-with-cutter …pic.twitter.com/7DEYGShSp9Thanks. Twitter will use this to make your timeline better. UndoUndo -
Karsten Hahn Retweeted
Peep this work I've been doing for the last 6 months. I' sure there are errors, but it's at the point where I think it's ready for the world. Enjoy my work on
#shamoonhttps://malwareindepth.com/shamoon-2012/Thanks. Twitter will use this to make your timeline better. UndoUndo -
This is especially relevant for shellcode analysis, if you don't know the bit-ness.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
The other way around, 32 bit code interpeted as 64 bit code, is harder to notice. The code is mostly the same, but it mixes 64 operands with 32 bits operands. See ebx and rbx in this picture. Certain commands implicitly use 64 bit operands whereas others need 0x48.pic.twitter.com/Ryun0QkaHv
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Good tip of my colleague: This is how you can recognize 64 bit code wrongly interpreted as 32 bit code. It has lots of dec eax instructions because 0x48 is also used to signify 64 bit operand size. (32 bit interpretation is first picture, 64 bit second)pic.twitter.com/UgxnGmYwFw
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Karsten Hahn Retweeted
I was today years old when I learned
@SwiftOnSecurity has an amazing site, with the best Windows cleaning/optimizing guide I've read in a over a decadehttps://decentsecurity.com/holiday-tasks/Thanks. Twitter will use this to make your timeline better. UndoUndo -
I just found a collection of tools that you can use, e.g., for troubleshooting or disinfecting Windows.
Scripts overview: https://guyrleech.wordpress.com/
One example is the Regrecent Powershell script that shows registry changes in a certain time frame.
https://guyrleech.wordpress.com/2017/03/06/regrecent-comes-to-powershell/ …Thanks. Twitter will use this to make your timeline better. UndoUndo -
There are strings tools that unexpectedly parse the file format like GNU binutils strings for Linux. (Thanks for the hint
@alexjbutcher)https://twitter.com/alexjbutcher/status/1207564713195909126 …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Karsten Hahn Retweeted
So,
@VMDoug and I are hosting a webinar today about ransomware prevention and incident response. If you enjoy German accents or always wanted to ask me something about ransomware, join us!https://zoom.us/webinar/register/4115741653881/WN_CyaIYQ67S7CPJEjP9uXVWA …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Karsten Hahn Retweeted
We are releasing a free decryption tool for the
#Mapo#ransomware (a GarrantyDecrypt/Outsider variant). Detailed instructions are available on our blog: https://www.cert.pl/en/news/single/free-decryption-tool-for-mapo-ransomware/ … Special thanks to@maciekkotowicz for collaboration#NoMoreRansomThanks. Twitter will use this to make your timeline better. UndoUndo -
If you jump right into decompiling or debugging without checking those first, you will---with some samples---miss the obvious stuff. You will also have more work than necessary. Do yourself a favour. <3
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
The advantage of hex editors and strings tools: They don't parse any file format. They show what is really there. They cannot be fooled. They don't need to rely on data structures to be pointing to the interesting stuff.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.




