The Hacker News

China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes

Cisco Talos reports China-linked UAT-7290 spying on telecoms since 2022 using Linux malware, edge exploits, and ORB ...

VMware ESXi zero-days likely exploited a year before disclosure

Chinese-speaking threat actors used a compromised SonicWall VPN appliance to deliver a VMware ESXi exploit toolkit that seems to have been developed more than a year before the targeted ...
The Hacker News

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

Mustang Panda deployed TONESHELL via a signed kernel-mode rootkit, targeting Asian government networks and evading security ...
SecurityWeek

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit

The China-linked Mustang Panda APT has been using a kernel-mode rootkit in attacks leading to ToneShell backdoor deployments.
GitHub

Real fucking shellcode encryptor & obfuscator.

Supernova is an open-source tool that empowers users to securely encrypt and/or obfuscate their raw shellcode. Supernova supports various features beyond those typically found in a common shellcode ...
GitHub

Example of run-time manual PLT in C.

TL;DR: Write a C program that calls libc functions, compile it to a shellcode, load it in memory. Featuring function scraping from ELF as "procedure linkage", code & compilation tricks, and more. If ...
Microsoft

Submit a file for malware analysis

Microsoft security researchers analyze suspicious files to determine if they are threats, unwanted applications, or normal files. Submit files you think are malware or files that you believe have been ...