A threat actor calling herself as ‘0xFF’ advertised a new RAT in HackForums. According to the threat actor, this new RAT tool is supporting Windows (amd64, i386, arm, arm64), Linux (amd64, i386, arm, arm64), Darwin (MacOS) (amd64(Intel), arm64(m1)) and Android (bin) (amd64, i386, arm, arm64). This Multi-OS RAT has featuresContinue Reading

AT&T Alien Labs last week announced that the source code of BotenaGo malware has been published in GitHub. BotenaGo was discovered and named in November 2021 by Alien Labs again, and according to the post of Alien Labs, the source code of this malware has been published on 16th ofContinue Reading

Modules are typically work in Powershell directly. “Get-Module” command can be used to see imported modules. “Get-Module -ListAvailable” command show the modules available. For the additional modules we want to use, we should import them first. Once we import the module, we can use its all commands anymore. We willContinue Reading

Redline is a free tool for investigation malicious activity through memory and file analysis. It has a lot of features for investigation but in this post, we will only mention searching for IoCs in the endpoint with Redline. In previous post, we created an IoC to detect WinSCP.exe. Now, weContinue Reading

An effective threat hunting is critical because it is hard to think like attackers and to search for the unknown in an enterprise network. This post may help organizations for an effective and successful threat hunting. Knowledge of Topology and Environment The purpose of threat hunting is to find theContinue Reading

Last week, I hearth that an organization did not add antivirus agent to their PC image. They are formatting the PC with their image, then connecting to the network and waiting for the sccm installing the antivirus software to the PC. Also, for remote users working on the field, someContinue Reading