herrcore
@herrcore
UnpacMe | OALABS
Using the UnpacMe byte-search IDA plugin we found some Scavenger related malware dating back to October 2024. At the time the malware was dubbed ExoTickler. Analysis follows...
I want to share my opinion on @GuidedHacking When GuidedHacking acted as a sponsor for vx-underground I received small amounts of criticism for it, primarily because GuidedHacking was accused of "stealing content". I can assert with 100% confidence this is not true. It is not…
We’re very excited to be sponsoring the inaugural Malware Village at DEF CON 33! Having a dedicated space for this research area is important and we look forward to supporting it!
Thank you @InvokeReversing for being a Bronze sponsor for @MalwareVillage @DEFCON 33! 🙏 Interested in learning more about their company? Visit: invokere.com #MalwareVillage #DC33
100 Days of YARA, YARA Rule Tips and The Current State of Email borne Threats with Greg Lesnewich x.com/i/broadcasts/1…
Thanks to a lot of work put in by @mrexodia, IDACode has finally gotten an official update again after 3 years of inactivity! It features stability improvements as well as IDA 9 compatibility improvements! Thanks a lot to everyone involved <3 github.com/ioncodes/idaco…
We did a full technical blog on the NPM eslint-config-prettier supply chain compromise that was used to distribute the Scavenger malware with @cyb3rjerry Check it out below 👇
Tap in to the stream this week for some YARA fun, highlighting some crazy rules, how I think about learning yara (or anything) as a mid-career professional, and more!
🔥 Ready for this week's live stream with Greg Lesnewich... youtube.com/live/JIxbM82hW…
Hey all! As promised, here's the in-depth analysis @JershMagersh from @InvokeReversing and I did of the malware strain that's been spreading through NPM in the last few days following a successful phish. We present to you: Scavenger. c-b.io/2025-07-20+-+I…
We've uploaded our stream from July 8th where we started writing a plugin for Binary Ninja to perform code emulation to recover obfuscated strings from malware with Binary Refinery. Big thanks to @huettenhain for Binary Refinery and vstack. Enjoy!
I've been poking at #Golang malware a bit lately and wrote up some tips/tricks that I use when analyzing Golang. @jstrosch and I just talked about this on his live stream too. Check it out here -> (The livestream replay is linked in the blog post) 🤓 securityliterate.com/go-big-or-go-h…
Register tomorrow (July 15) at noon PDT for #defcon workshops! Here's the link if you want to come to the evasive malware workshop taught by @d4rksystem and me: Defeating Malware Evasion: Techniques and Countermeasures events.humanitix.com/dc33ws-n258-09p
We're launching experimental ML Verdicts on urlscan Pro. Our new machine learning engine automatically classifies scan results as malicious or benign with a likelihood score. Perfect for threat hunting and for noise reduction. Available now on urlscan Pro: urlscan.io/blog/2025/07/1…
If you want to sign up, you've got to be quick! Workshops are free (if you have a DEF CON ticket) and you can register at precisely noon PDT on July 15: reddit.com/r/Defcon/comme…
Ever since I was baby I've wanted speak or give a workshop at Defcon.. This year I get to finally make that dream happen. It's on, @rpargman 😎
Rake is great. @GuidedHacking is great. When I went on a (very small) (very short) spree for game hacking shenanigans he was super kind and accommodating. There are good stories to tell there that I should organize and get the screenshots together for.