infosec.exchange Open in urlscan Pro
2a01:4f8:252:4247::2  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Mastodon
AnmeldenKonto erstellen
infosec.exchange ist Teil des dezentralen sozialen Netzwerks, das von Mastodon
betrieben wird.

A Mastodon instance for info/cyber security-minded people.

VERWALTET VON:


Jerry Bell @jerry

SERVERSTATISTIKEN:

20 Tsd
aktive Profile

--------------------------------------------------------------------------------

Mehr erfahren


infosec.exchange: Über · Profilverzeichnis · Datenschutzerklärung

Mastodon: Über · App herunterladen · Tastenkombinationen · Quellcode anzeigen ·
v4.1.0+glitch


PROFIL
ZURÜCK


Folgen


VOLEXITY @VOLEXITY@INFOSEC.EXCHANGE

Website https://www.volexity.comBlog https://www.volexity.com/blogTwitter
https://twitter.com/Volexity

A security firm providing Incident Response, Proactive Threat Assessments,
Trusted Advisory, and Threat Intelligence

Beigetreten am 16. Nov. 2022
Beiträge20Folgt6Follower293
BeiträgeBeiträge und AntwortenMedien

Volexity@volexity
EN

The @volexity #threatintel team takes a look at the #3CX supply chain
compromise: the malware delivered, the infrastructure used & the initial set up
of the attack. Here's what we know so far:
https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/
#dfir



4 T.

Volexity teilte

Volexity@volexity
EN

We are excited to announce the return of @volexity Cyber Sessions! Our next
#meetup will be May 10 @ 6:30PM. Come listen as @tlansec & @attrc share their
talks on #threatintel, #dfir & #memoryforensics. Doors open at 6:30PM. There is
limited seating so reserve your spot now!
https://www.meetup.com/volexity-cyber-sessions/events/291852488/



28. Feb.

Volexity teilte

volatility@volatility
EN

In the latest @volatility blog post, Memory Forensics R&D Illustrated: Detecting
Hidden Windows Services, we walk through our R&D process to develop a new
#Volatility3 plugin that automatically detects hidden services on Windows:
https://volatility-labs.blogspot.com/2023/03/memory-forensics-r-d-illustrated-detecting-hidden-windows-services.html

#memoryforensics #dfir


Memory Forensics R&D Illustrated: Detecting Hidden Windows
Servicesvolatility-labs.blogspot.com

22. März

Volexity@volexity
EN

Exploitation of unpatched Telerik UI continues to provide unauthorized access to
#APT and criminal groups alike. @volexity's #XEGroup research is mentioned in
this joint cybersecurity advisory from the FBI and Center for Internet Security:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a


16. März

Volexity teilte

Volexity@volexity
EN

Learn about #malware analysis & reverse engineering with @volexity's @r00tbsd at
#DFRWSEU2023! In this workshop, use #ghidra to disassemble #ransomware, analyze
encryption techniques + attempt to restore encrypted files. The full conference
schedule can be found here: https://dfrws.org/eu-2023-program/ #dfir



13. Feb.

Volexity teilte

Paul Rascagneres@r00tbsd
FR

I spent few times working on #AVBurner, a post exploitation tools used by
#SnakeCharmer (aka "Earth Longzhi" by #trendmicro). This tool disables kernel
callbacks. With my colleagues from @volexity, we wrote a small blog post
explaining how it works. But also how to detect kernel callbacks manipulation by
using #volatility. As #volshell supports MS symbols we are able to parse in
memory kernel objects. More details here:
https://www.volexity.com/blog/2023/03/07/using-memory-analysis-to-detect-edr-nullifying-malware/



7. März

Volexity@volexity
EN

@volexity details how to use #memoryanalysis to detect EDR-nullifying malware.
This latest blog post uses the #AVBurner malware, first documented by
@TrendMicro, as an example. Read more here:
https://www.volexity.com/blog/2023/03/07/using-memory-analysis-to-detect-edr-nullifying-malware/

#dfir #threatintel 


Using Memory Analysis to Detect EDR-Nullifying Malware |
Volexitywww.volexity.com

7. März

Volexity teilte

volatility@volatility
EN

If you have been waiting to take Malware & Memory Forensics Training in person,
come join us May 8-12 in Reston VA for challenging labs, updated course
material, and a chance to learn directly from the Volatility developers! More
info here:
https://volatility-labs.blogspot.com/2023/01/the-return-of-in-person-volatility-malware-and-forensics-training.html

#dfir



3. März

Volexity@volexity
EN

We are excited to announce the return of @volexity Cyber Sessions! Our next
#meetup will be May 10 @ 6:30PM. Come listen as @tlansec & @attrc share their
talks on #threatintel, #dfir & #memoryforensics. Doors open at 6:30PM. There is
limited seating so reserve your spot now!
https://www.meetup.com/volexity-cyber-sessions/events/291852488/



28. Feb.

Volexity@volexity
EN

Learn about #malware analysis & reverse engineering with @volexity's @r00tbsd at
#DFRWSEU2023! In this workshop, use #ghidra to disassemble #ransomware, analyze
encryption techniques + attempt to restore encrypted files. The full conference
schedule can be found here: https://dfrws.org/eu-2023-program/ #dfir



13. Feb.

Volexity teilte

volatility@volatility
EN

We are excited to announce the return of in-person @volatility Malware and
Memory Memory Forensics training! The first in-person training this year is May
8-12 in Reston, VA. Learn more, including what’s included in our updated course
content, here:
https://volatility-labs.blogspot.com/2023/01/the-return-of-in-person-volatility-malware-and-forensics-training.html
#dfir



30. Jan.

Volexity@volexity
EN

In recent weeks, @volexity has observed various attackers using malicious
Microsoft OneNote (.one) files to distribute malware. To help defenders analyze
these files + extract embedded objects, we have published a tool, "one-extract",
available here:
https://github.com/volexity/threat-intel/tree/main/tools/one-extract #dfir


threat-intel/tools/one-extract at main · volexity/threat-intelGitHub

23. Jan.

Volexity@volexity
EN

@volexity's @tlansec is in London at #CyberThreat22! His talk, "Two for One:
Firewall 0-day investigations", is Tues, Jan 17 @ 16:10 UTC. Learn about 2
real-world examples of Chinese nation-state attackers using #0day exploits to
compromise #firewall devices.

#threatintel #dfir



16. Jan.

Volexity@volexity
EN

If you missed it the first time, LABScon has a #replay of @r00tbsd's talk,
#InkySquid, The Missing Arsenal:
https://www.sentinelone.com/labs/labscon-replay-inkysquid-the-missing-arsenal/

Volexity published two blog posts in August 2021 about this North Korean #apt:
Part 1:
https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/
Part 2:
https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/).

#dfir #threatintel


LABScon Replay | InkySquid: The Missing ArsenalSentinelOne

5. Jan.

Volexity@volexity
EN

This is a great synopsis from Objective-See of The Mac Malware of 2022. It was
certainly a productive year for #macOS #malware analysts & researchers. Thank
you for including our #GIMMICK malware analysis + IOCs! #dfir #threatintel

https://objective-see.org/blog/blog_0x71.html


The Mac Malware of 2022 👾objective-see.org

5. Jan.

Volexity@volexity
EN

Thanks SentinelOne for including our research in your Top 10 list,
https://www.sentinelone.com/blog/top-10-macos-malware-discoveries-in-2022/. As
macOS malware campaigns continue, so does our #threatintel team's research!
Volexity is still tracking use of #GIMMICK malware and other activity by the
#StormCloud APT. #dfir


Top 10 macOS Malware Discoveries in 2022SentinelOne

22. Dez. 2022

Volexity@volexity
EN

Google’s TAG recently disclosed an Internet Explorer 0-day vulnerability that
was being used by a North Korean threat group. Thanks to TAG for sharing their
research and referencing our previous reports on #InkySquid!
https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37


Internet Explorer 0-day exploited by North Korean actor APT37Google

20. Dez. 2022

Volexity@volexity
EN

Microsoft’s Security Threat Intel team described an attack where a threat actor
was targeting cryptocurrency investment companies. Thanks to Microsoft for
sharing their analysis and referencing our research about a recent #AppleJeus
campaign!

https://www.microsoft.com/en-us/security/blog/2022/12/06/dev-0139-launches-targeted-attacks-against-the-cryptocurrency-industry/


DEV-0139 launches targeted attacks against the cryptocurrency industry -
Microsoft Security BlogMicrosoft Security Blog

20. Dez. 2022

Volexity@volexity
EN

Volexity’s Robert Jan Mora was quoted in this article about the Bhima Koregaon
case:
https://www.washingtonpost.com/world/2022/12/13/stan-swamy-hacked-bhima-koregaon/.
Perhaps one of the most interesting examples of a “trojan did it” scenario, the
investigation shows why #memoryanalysis is critical for reconstructing the state
of a compromised system.


Hackers planted evidence on computer of jailed Indian priest, report saysThe
Washington Post

19. Dez. 2022

Volexity@volexity
EN

[#Blog] Volexity details novel tradecraft employed by #Lazarus to deploy
#AppleJeus malware using Microsoft Office documents, cryptocurrency
applications, and chained DLL side-loading. More details here:
https://www.volexity.com/blog/2022/12/01/buyer-beware-fake-cryptocurrency-applications-serving-as-front-for-applejeus-malware/

#dfir #threatintel



1. Dez. 2022
Weitere laden
EntdeckenLokalFöderiert

--------------------------------------------------------------------------------

Melde dich an, um Profilen oder Hashtags zu folgen, Beiträge zu favorisieren, zu
teilen und auf sie zu antworten. Du kannst auch von deinem Konto aus auf einem
anderen Server interagieren.

AnmeldenKonto erstellen

--------------------------------------------------------------------------------

Über




Zum Hochladen hereinziehen