Advent Of Configuration Extraction – Part 4: Turning capa Into A Configuration Extractor For TinyShell variant

blog.sekoia.io

Advent Of Configuration Extraction – Part 4: Turning capa Into A Configuration Extractor For TinyShell variant

blog.sekoia.io

digicatM to

blueteamsecEnglish · 5 days ago

Learn how to extract TinyShell configuration data using capa, Capstone and Python to recover RC4-encrypted C2 settings from Linux malware.

You must log in or # to comment.

Chat

blueteamsec

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !blueteamsec@infosec.pub

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

16 users / day
103 users / week
269 users / month
865 users / 6 months
218 local subscribers
579 subscribers
1.78K Posts
147 Comments
Modlog

mods:
digicat