BSides Luxembourg talk announcement!

🐧🚨 𝗡𝗢𝗧 𝗦𝗢 𝗛𝗔𝗥𝗠𝗟𝗘𝗦𝗦: 𝗧𝗛𝗘 𝗛𝗜𝗗𝗗𝗘𝗡 𝗪𝗢𝗥𝗟𝗗 𝗢𝗙 𝗟𝗜𝗡𝗨𝗫 𝗣𝗔𝗖𝗞𝗘𝗥𝗦 𝗔𝗡𝗗 𝗗𝗘𝗧𝗘𝗖𝗧𝗜𝗢𝗡 𝗖𝗛𝗔𝗟𝗟𝗘𝗡𝗚𝗘𝗦 - 𝗠𝗔𝗦𝗦𝗜𝗠𝗢 𝗕𝗘𝗥𝗧𝗢𝗖𝗖𝗛𝗜 🛡️🔍

Linux packers and loaders are a sneaky blind spot in cybersecurity. They hide code with encryption and obfuscation […]

[Original post on infosec.exchange]

Latest Xloader Obfuscation Methods and Network Protocol The Zscaler ThreatLabz analysis details Xloader (rebranded from FormBook), highlighting enhanced obfuscation since version 8.1 and a comprehensive breakdown of its multi-layered HTTP network protocol and encryption. The report describes runtime function decryption, opaque predicates, multiple RC4 encryption stages, decoy C2 IP lists, and HTTP GET/POST commands used to exfiltrate browser and email credentials and to download and execute secondary payloads. #Xloader #Formbook

Xloader, evolved from FormBook, now features advanced obfuscation with runtime decryption, multi-layer RC4 encryption, decoy C2 IPs, and HTTP commands to exfiltrate credentials and deploy secondary payloads. #Xloader #Encryption #MalwareAnalysis

A Look Back at 11 of the Red Report 2026 Featured Threats Picus Security's Red Report 2026 analysis examined 11 attacks that illustrated six of the top 10 MITRE ATT&CK techniques abused in 2025, linking specific groups and malware to tactics such as process injection, scripting interpreters, masquerading, credential theft, and firewall manipulation. Follow-up IOC analysis of 147 network indicators (104 domains, 26 subdomains, 17 IPs) revealed mass bulk-registrations, early signs of malicious intent for many domains, and thousands of email- and client-connected domains and IPs tied to the campaigns #XLoader #EarthAmmit

Picus highlights 11 top ATT&CK techniques and notable threats from 2025, including STATICPLUGIN, SadBridge Loader, XLoader variants, APT36, and Kubernetes cryptojacking with 147 network IoCs analyzed. #ThreatActors #MalwareAnalysis #APT36

Maliciousness Scoring, AI Sample Analysis, and a New Behaviour Panel | RationalEdge - Know Why REDS ships maliciousness risk scoring powered by Malcontent, a dedicated behaviour panel, and AI-assisted full sample analysis with built-in analyst feedback.

RationalEdge #REDS new release: Maliciousness #Score, #AI Assisted Full Sample Analysis, and a new #Behaviour Panel.
rationaledge.io/blog/malicio...

@rationaledge.bsky.social
#ThreatResearch #ThreatIntel #CTI #Malware #MalwareAnalysis #ReverseEngineering 1/4

Deconstructing Rust Binaries Since the rise of several Rust-based ransomware families in 2022, Rust has become an increasingly popular language for malware development. New Rust malware families are no longer rare sightings for…

This is 3 full days of the first comprehensive course focused solely on reverse engineering Rust binaries, using real Rust malware as practice. Save your spot now! nsec.io/training/202...

#rust #rustlang #ReverseEngineering #MalwareAnalysis #malware #infosec

Resoker: A Telegram Based Remote Access Trojan ResokerRAT is a Telegram-controlled Remote Access Trojan that uses the Telegram Bot API as its command-and-control channel to receive commands and exfiltrate data, while implementing persistence, privilege escalation, anti-analysis, and system monitoring features. It supports commands such as /screenshot, /download, /block_taskmgr, and /startup and uses hidden PowerShell execution, registry modifications, keyboard hooks, and process termination to maintain stealth. #ResokerRAT #TelegramBot

ResokerRAT leverages Telegram Bot API for stealthy remote access, enabling commands like /screenshot and /download via hidden PowerShell and registry tweaks to maintain persistence and evade detection. #RemoteAccess #TelegramBots #MalwareAnalysis

Elastic Security Labs uncovers BRUSHWORM and BRUSHLOGGER Elastic Security Labs discovered two custom tools deployed against a South Asian financial institution: BRUSHWORM, a modular backdoor that establishes persistence, downloads plugins, spreads via USB, and steals a broad set of file types; and BRUSHLOGGER, a DLL side-loading keylogger that captures system-wide keystrokes with window context and writes XOR-encrypted logs. Analysis found scheduled-task persistence, C2 communication to resources.dawnnewsisl[.]com/updtdll, AES/XOR handling of configuration and logs, and multiple iterative testing builds on VirusTotal, indicating an inexperienced or still-developing author. #BRUSHWORM #BRUSHLOGGER

Elastic Security Labs uncovered BRUSHWORM, a modular backdoor spreading via USB and stealing files, and BRUSHLOGGER, an XOR-encoded DLL side-loading keylogger targeting a South Asian financial institution. #MalwareAnalysis #SouthAsia #Backdoor

Talos Releases DispatchLogger Tool

~Talos~
Cisco Talos released DispatchLogger, an open-source tool providing deep visibility into script-based malware via transparent COM proxy interception.
-
IOCs: (None identified)
-
#DispatchLogger #MalwareAnalysis #ThreatIntel

Building an Adversarial Consensus Engine | Multi-Agent LLMs for Automated Malware Analysis The article describes a serial, multi-agent pipeline that treats each reverse-engineering tool (radare2, Ghidra, Binary Ninja, IDA Pro) as an independent, skeptical analyst to cross-validate findings and reject decompiler artifacts and parsing errors before report synthesis. It also explains why deterministic bridge scripts were chosen over the Model Context Protocol to reduce latency, non-determinism, and token costs, and documents token economics, tiered model allocation, and operational lessons from early runs. #WizardUpdate #SysJoker

A multi-agent LLM pipeline treats radare2, Ghidra, Binary Ninja, and IDA Pro as skeptical analysts to cross-validate malware analysis results, reducing errors and decompiler artifacts using deterministic bridge scripts. #MalwareAnalysis #AutomationTech

🎯 New #BSidesLuxembourg2026 Session Reveal!

A Phishing Trip with Fancy Bear – Analyze APT28 Malware Together! (2h Workshop) with 𝗠𝗔𝗥𝗜𝗨𝗦 𝗚𝗘𝗡𝗛𝗘𝗜𝗠𝗘𝗥

Join this beginner-friendly 2h workshop to walk through a real Fancy Bear (APT28) attack chain: targeted […]

[Original post on infosec.exchange]

Coruna artifact analysis, breaking down the traces, technical clues, and the wider implications behind the campaign.

blackcastle.com.au/blog/coruna-...

#CyberSecurity #ThreatIntelligence #MalwareAnalysis #Infosec #APT #DFIR #CyberResearch #Coruna #exploit #Reverse-engineering

From a memory forensics workshop I attended and completed #RAMAnalysis #Volatility #MalwareAnalysis #ThreatHunting #DFIR #CTF

🌟 Welcome to Another hashtag#BSidesLuxembourg2026 Highlight!

Training announcement:

Full-Day Malware Training on May 6th our workshop/training day: 𝗠𝗔𝗟𝗪𝗔𝗥𝗘 𝗗𝗘𝗩𝗘𝗟𝗢𝗣𝗠𝗘𝗡𝗧 𝗙𝗢𝗥 𝗘𝗧𝗛𝗜𝗖𝗔𝗟 𝗛𝗔𝗖𝗞𝗘𝗥𝗦 (𝗪𝗜𝗡𝗗𝗢𝗪𝗦, 𝗟𝗜𝗡𝗨𝗫, 𝗔𝗡𝗗𝗥𝗢𝗜𝗗) with zhassulan zhussupov aka cocomelonc […]

[Original post on infosec.exchange]

Deconstructing Rust Binaries Deconstructing Rust Binaries is the first comprehensive training course focused solely on reverse engineering Rust binaries. This course is for any reverse engineer who needs a rapid, practical…

Last day before prices go up for Deconstructing Rust Binaries at Ringzer0, March 23-26! If you've been thinking about this fully remote, 16-hour Rust reverse engineering training: now is the time to book!

ringzer0.training/countermeasu...

#infosec #ReverseEngineering #rustlang #MalwareAnalysis

WannaCry — Campaign Intelligence, Reverse Engineering, and Detection During 2017, WannaCry became a national headline for the United Kingdom and many other nations targeting companies, such as FedEx, Honda, Ni...

Finished writing my first post for my new blog, it focuses on WannaCry but across multiple different areas of the campaign. This was to brush the rust off my writing and malware analysis skills.

#WannaCry #MalwareAnalysis #ReverseEngineering

blog.overresearched.net/2026/02/wann...

Invite Only: A Threat Intelligence Investigation and Malware Analysis writeup A practical SOC analyst investigation of malicious hashes, phishing techniques, and malware delivery chains from the Invite Only TryHackMe…

New Cyber Threat Intelligence Write-Up 🔎

I investigated a suspicious artifact in a threat intel scenario — pivoting from IOCs to uncover malware behavior, infrastructure, and attacker activity.

#cybersecurity #threatintel #malwareanalysis #threathunting #socanalyst #infosec #dfir #blueteam

Leveraging Generative AI to Reverse Engineer XLoader Check Point Research succeeded in understanding the infamous malware family, Xloader, by leveraging Generative AI

A comprehensive article from #CheckPoint Research

"Beating XLoader at Speed: Generative AI as a Force Multiplier for Reverse Engineering"

research.checkpoint.com/2025/generat...

#ai #aislop #hype #reverse #reverseengineering #reversing #malware #malwareanalysis #mcp

Deconstructing Rust Binaries Deconstructing Rust Binaries is the first comprehensive training course focused solely on reverse engineering Rust binaries. This course is for any reverse engineer who needs a rapid, practical…

Deconstructing Rust Binaries @ Ringzer0 is 16 hours of fully remote training, 4 hours each day x 4 days, March 23-26. Prices go up March 8, so reserve your spot now!

ringzer0.training/countermeasu...

#MalwareAnalysis #Rust #RustLang #ReverseEngineering #Reversing #Infosec

Deconstructing Rust Binaries Deconstructing Rust Binaries is the first comprehensive training course focused solely on reverse engineering Rust binaries. This course is for any reverse engineer who needs a rapid, practical…

Just a few weeks left until our training, Deconstructing Rust Binaries, starting March 23 at Ringzer0! This course is for any reverse engineer who needs real techniques for reversing Rust binaries.

ringzer0.training/countermeasu...

#MalwareAnalysis #RustLang #ReverseEngineering #Reversing

How to Use YARA Retrohunting for Detection Engineering | ReversingLabs Learn how to leverage ReversingLabs’s dynamic analysis of <em>pkr_mtsi</em> for defense using YARA Rules in Spectra Analyze.

ReversingLabs' Ashlee Benge shares how to use YARA retrohunting for detection engineering by leverageing RL's dynamic analysis of "pkr_mtsi" for defense in Spectra Analyze.
👉 hubs.ly/Q043qJY-0

#yararules #detectionengineering #malwareanalysis

REMnux v8 brings AI integration to the Linux malware analysis toolkit - Help Net Security REMnux, a specialized Linux distribution for malware analysis, has released version 8 with a rebuilt platform based on Ubuntu 24.04.

REMnux v8 brings AI integration to the Linux malware analysis toolkit

📖 Read more: www.helpnetsecurity.com/2026/02/17/r...

#cybersecurity #cybersecuritynews #Linux #malwareanalysis #opensource @lennyzeltser.com

REMnux 8: la nuova versione della distro per l’analisi di malware e la sicurezza digitale REMnux 8 è la nuova versione della distribuzione Linux dedicata all’analisi di malware, con strumenti aggiornati e container ottimizzati

REMnux 8 è la nuova versione della distribuzione Linux dedicata all’analisi di malware, con strumenti aggiornati, container ottimizzati e un ambiente più stabile per ricercatori e analisti. #REMnux #MalwareAnalysis #Forensics #CyberSecurity #Linux

REMnux v8 is live.
AI-assisted workflows.
Ubuntu 24.04 base.
200+ curated tools.
New additions like YARA-X & GoReSym.
Malware analysis is getting smarter.
Would you integrate AI into your reverse engineering stack?

#CyberSecurity #MalwareAnalysis #ReverseEngineering #Infosec #AI

🔍 La API de CodeHunter integra modelos de IA deterministas en flujos DevSecOps

Integra análisis de malware conductual en tu workflow con la n

devops.com/codehunter-api-integrate...

#DevSecOps #ThreatIntelligence #MalwareAnalysis #RoxsRoss

AI-Generated Malware Exploits React2Shell Vulnerability as LLM-Assisted Cyberattacks Target Cloud Infrastructure AI-generated malware is exploiting the React2Shell vulnerability in Docker environments, highlighting the rise of LLM-assisted cyberattacks.

Full Article: www.technadu.com/ai-generated...

💬 What does this mean for cloud and container security moving forward? Join the discussion.
#CyberNews #AIInCyber #CloudSecurity #MalwareAnalysis #Infosec

🏋️ 𝗡𝗼𝗿𝘁𝗵𝗦𝗲𝗰 𝟮𝟬𝟮𝟲 𝗙𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻𝘀/𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴𝘀 (5/12): "Deconstructing Rust Binaries" 𝗽𝗮𝗿/𝗯𝘆 Cindy Xiao

📅 Dates: May 11, 12 and 13, 2026 (3 days)
📊 Difficulty: Medium
🖥️ Mode: Hybrid (on-site & remote)

🔗 Training details: nsec.io/training/202...

#NorthSec #cybersecurity #malwareanalysis #reverseengineering

New PDFly malware variant employs custom PyInstaller modifications to evade detection, challenging traditional analysis methods. #CyberSecurity #MalwareAnalysis #ThreatDetection Link: thedailytechfeed.com/new-pdfly-ma...

Inside Black Basta: The Rise and Fall of a Ransomware Empire & Cybercrime's Next Threat Podcast Episode · TechDaily.ai · 01/23/2026 · 15m

Dive into the Black Basta ransomware group—its rise, attack tactics, and eventual downfall. Learn about emerging ransomware trends and how organizations can stay ahead of evolving cyber threats.

podcasts.apple.com/us/podcast/i...

#BlackBasta #Ransomware #MalwareAnalysis #DataProtection

Hunting Lazarus Part IV: Real Blood on the Wire It has been only days since we published Part III—where we asked whether we were hunting Lazarus or walking into a honeypot. We did not expect to be back this soon. But what we found makes everything ...

oh, we didn't expect that...

redasgard.com/blog/hunting...

what are your thoughts?

#lazarus #dprk #threatintelligence #malwareanalysis #ottercookie

TryHackMe ShadowTrace Walkthrough: Malware Analysis and IOC Extraction Complete writeup with binary analysis, alert decoding, and DFIR techniques

Just published a ShadowTrace walkthrough from TryHackMe, covering malware analysis, IOC extraction, and alert decoding.

#Cybersecurity #MalwareAnalysis #DFIR #TryHackMe #IncidentResponse