@ha-kril.bsky.social
Reposted
I'm glad to share my talk at @botconf.infosec.exchange.ap.brid.gy 2025!
Do you want to know how we compare a sample with 150k others in seconds on @exalyze.bsky.social? This talk is made for you🚀
At the end, you'll get a hint on what's coming next for Exalyze 😉
youtube.com/watch?v=TS8X...
exalyze.io
Do you want to know how we compare a sample with 150k others in seconds on @exalyze.bsky.social? This talk is made for you🚀
At the end, you'll get a hint on what's coming next for Exalyze 😉
youtube.com/watch?v=TS8X...
exalyze.io
10 Years of Large-Scale Malware Comparison: Going Deeper With Machoke
YouTube video by botconf eu
youtube.com
July 23, 2025 at 8:16 AM
I'm glad to share my talk at @botconf.infosec.exchange.ap.brid.gy 2025!
Do you want to know how we compare a sample with 150k others in seconds on @exalyze.bsky.social? This talk is made for you🚀
At the end, you'll get a hint on what's coming next for Exalyze 😉
youtube.com/watch?v=TS8X...
exalyze.io
Do you want to know how we compare a sample with 150k others in seconds on @exalyze.bsky.social? This talk is made for you🚀
At the end, you'll get a hint on what's coming next for Exalyze 😉
youtube.com/watch?v=TS8X...
exalyze.io
I wanted to know how WMI Win32_OperatingSystem.Caption get the correct Version number (ex: "Microsoft Windows 11 Pro").
Turns out it's a DLL export: winbrand!BrandingLoadString.
And there is a patent for that : patentimages.storage.googleapis.com/94/ab/cb/7c1...
Turns out it's a DLL export: winbrand!BrandingLoadString.
And there is a patent for that : patentimages.storage.googleapis.com/94/ab/cb/7c1...
patentimages.storage.googleapis.com
January 7, 2025 at 5:19 PM
I wanted to know how WMI Win32_OperatingSystem.Caption get the correct Version number (ex: "Microsoft Windows 11 Pro").
Turns out it's a DLL export: winbrand!BrandingLoadString.
And there is a patent for that : patentimages.storage.googleapis.com/94/ab/cb/7c1...
Turns out it's a DLL export: winbrand!BrandingLoadString.
And there is a patent for that : patentimages.storage.googleapis.com/94/ab/cb/7c1...
Reposted
A companion blog to my Bluehat 2024 presentation on OleView.NET is up now. googleprojectzero.blogspot.com/2024/12/wind...
googleprojectzero.blogspot.com
December 12, 2024 at 11:32 PM
A companion blog to my Bluehat 2024 presentation on OleView.NET is up now. googleprojectzero.blogspot.com/2024/12/wind...
Reposted
3+ YEARS of stealth! We uncovered new tactics used by the perfctl malware, including a userland rootkit & an SSH backdoor (a single SPACE in /etc/passwd!). More insights: blog.exatrack.com/Perfctl-usin... #cybersecurity #threat_hunting #linux #infosec #perfctl #rootkit #ssh #exatrack
Perfctl malware exploiting exposed Portainer agent and using new SSH persistenceExaTrack
blog.exatrack.com
December 17, 2024 at 10:02 AM
3+ YEARS of stealth! We uncovered new tactics used by the perfctl malware, including a userland rootkit & an SSH backdoor (a single SPACE in /etc/passwd!). More insights: blog.exatrack.com/Perfctl-usin... #cybersecurity #threat_hunting #linux #infosec #perfctl #rootkit #ssh #exatrack