Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.

Administered by:

Server stats:

8.2K
active users

mastodon.world: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.3

#rootkit

5 posts5 participants0 posts today
OTX Bot<p>DeerStealer Malware Campaign: Stealth, Persistence, and Rootkit-Like Capabilities</p><p>DeerStealer is a sophisticated information-stealing malware that targets a wide range of user and system data. It employs deception techniques, persistence mechanisms, and rootkit-like capabilities to evade detection and maintain stealth on compromised systems. The malware uses signed executables, legitimate DLLs, and multi-stage execution to perform its malicious activities. It establishes persistence through scheduled tasks and employs auto-elevated COM objects to bypass User Account Control. DeerStealer's adaptive design allows it to switch C2 servers and use obfuscated files for effective data exfiltration. The malware is actively sold and supported through dark-web forums and Telegram channels, posing a significant threat to both individuals and organizations.</p><p>Pulse ID: 68ce938ae34f725fce8b67a4<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/68ce938ae34f725fce8b67a4" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68ce9</span><span class="invisible">38ae34f725fce8b67a4</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-09-20 11:44:10</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/Rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rootkit</span></a> <a href="https://social.raytec.co/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMS</span></a> <a href="https://social.raytec.co/tags/Telegram" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Telegram</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
Alexandre Borges<p>Fantastic Rootkits: And Where to Find Them:</p><p>+ part_1: <a href="https://www.cyberark.com/resources/all-blog-posts/fantastic-rootkits-and-where-to-find-them-part-1" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cyberark.com/resources/all-blo</span><span class="invisible">g-posts/fantastic-rootkits-and-where-to-find-them-part-1</span></a></p><p>+ part_2: <a href="https://www.cyberark.com/resources/all-blog-posts/fantastic-rootkits-and-where-to-find-them-part-2" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cyberark.com/resources/all-blo</span><span class="invisible">g-posts/fantastic-rootkits-and-where-to-find-them-part-2</span></a></p><p>+ part_3: <a href="https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-3-arm-edition" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cyberark.com/resources/threat-</span><span class="invisible">research-blog/fantastic-rootkits-and-where-to-find-them-part-3-arm-edition</span></a></p><p><a href="https://infosec.exchange/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a> <a href="https://infosec.exchange/tags/windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>windows</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/arm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>arm</span></a> <a href="https://infosec.exchange/tags/informationsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>informationsecurity</span></a></p>
Ciarán McNally<p>"Fantastic rootkits and where to find them" </p><p>Decent mini blog series <a href="https://mastodon.ie/tags/windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>windows</span></a> <a href="https://mastodon.ie/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a></p><p><a href="https://www.cyberark.com/resources/all-blog-posts/fantastic-rootkits-and-where-to-find-them-part-1" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cyberark.com/resources/all-blo</span><span class="invisible">g-posts/fantastic-rootkits-and-where-to-find-them-part-1</span></a></p><p><a href="https://www.cyberark.com/resources/all-blog-posts/fantastic-rootkits-and-where-to-find-them-part-2" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cyberark.com/resources/all-blo</span><span class="invisible">g-posts/fantastic-rootkits-and-where-to-find-them-part-2</span></a></p><p><a href="https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-3-arm-edition" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cyberark.com/resources/threat-</span><span class="invisible">research-blog/fantastic-rootkits-and-where-to-find-them-part-3-arm-edition</span></a></p>
AskUbuntu<p>BIOS Problem with Installing Ubuntu <a href="https://ubuntu.social/tags/boot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>boot</span></a> <a href="https://ubuntu.social/tags/systeminstallation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>systeminstallation</span></a> <a href="https://ubuntu.social/tags/bios" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bios</span></a> <a href="https://ubuntu.social/tags/reset" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>reset</span></a> <a href="https://ubuntu.social/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a></p><p><a href="https://askubuntu.com/q/1556282/612" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">askubuntu.com/q/1556282/612</span><span class="invisible"></span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://autistics.life/@Uair" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Uair</span></a></span> Yeah, I also remember <a href="https://infosec.space/tags/MagicLantern" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MagicLantern</span></a>, tho <a href="https://infosec.space/tags/Carnivore" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Carnivore</span></a> was a <a href="https://infosec.space/tags/Rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rootkit</span></a> if I'm not mistaken...</p><p>Granted, the <a href="https://infosec.space/tags/NRO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NRO</span></a> <a href="https://en.wikipedia.org/wiki/Thuraya#Thuraya_2" rel="nofollow noopener" target="_blank">literally put</a> <a href="https://infosec.space/tags/USA202" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USA202</span></a> <a href="https://en.wikipedia.org/wiki/USA-202" rel="nofollow noopener" target="_blank">aka.</a> <a href="https://infosec.space/tags/MENTHOR4" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MENTHOR4</span></a> next to <a href="https://infosec.space/tags/Thuraya" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Thuraya</span></a>-2...</p><ul><li>Again: Cold OSINT...</li></ul>
OTX Bot<p>Inside the Kimsuky Leak: How the 'Kim' Dump Exposed North Korea's Credential Theft Playbook</p><p>A data breach attributed to a North Korean-affiliated actor known as "Kim" has provided new insights into Kimsuky (APT43) tactics and infrastructure. The actor's operations focus on credential-based intrusions targeting South Korean and Taiwanese networks, utilizing Chinese-language tools and infrastructure. The leaked data includes bash histories, phishing domains, OCR workflows, compiled stagers, and rootkit evidence, revealing a hybrid operation between DPRK attribution and Chinese resource utilization. The actor demonstrated sophisticated credential harvesting techniques, including targeting South Korea's Government Public Key Infrastructure (GPKI) and reconnaissance of Taiwanese government and academic institutions. The leak exposes the evolution of DPRK cyber capabilities and highlights the complex attribution challenges in modern nation-state cyber operations.</p><p>Pulse ID: 68bea37d4c7b1bb28149b407<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/68bea37d4c7b1bb28149b407" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68bea</span><span class="invisible">37d4c7b1bb28149b407</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-09-08 09:35:57</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Chinese" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chinese</span></a> <a href="https://social.raytec.co/tags/CredentialHarvesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CredentialHarvesting</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/DPRK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DPRK</span></a> <a href="https://social.raytec.co/tags/DataBreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataBreach</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Kimsuky" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kimsuky</span></a> <a href="https://social.raytec.co/tags/Korea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Korea</span></a> <a href="https://social.raytec.co/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NorthKorea</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/Rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rootkit</span></a> <a href="https://social.raytec.co/tags/SouthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SouthKorea</span></a> <a href="https://social.raytec.co/tags/UK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UK</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
Habr<p>eBPF &amp; Security: возможности, угрозы и способы защиты</p><p>Технология eBPF не нова. Её используют повсеместно, ведь она упрощает написание кода для ядра ОС. классно и удобно, а главное безопасно! Но, как оказывается на практике, не все так гладко… Это не только удобное средство для написания кода, но и новые потенциальные векторы для атак. Поэтому давайте подробно разберём, как она работает, и как можно избежать потенциальных проблем. Для меня как безопасника интереснее всего использование eBPF сервисами и инструментами в продакшене. Именно там открываются возможные пути обхода для злоумышленников. Меня зовут Лев Хакимов, я DevOps и Kubernetes Security Lead в</p><p><a href="https://habr.com/ru/companies/oleg-bunin/articles/941560/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">habr.com/ru/companies/oleg-bun</span><span class="invisible">in/articles/941560/</span></a></p><p><a href="https://zhub.link/tags/ebpf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ebpf</span></a> <a href="https://zhub.link/tags/linux_kernel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux_kernel</span></a> <a href="https://zhub.link/tags/cilium" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cilium</span></a> <a href="https://zhub.link/tags/falco" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>falco</span></a> <a href="https://zhub.link/tags/%D1%82%D1%80%D0%B0%D1%81%D1%81%D0%B8%D1%80%D0%BE%D0%B2%D0%BA%D0%B0" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>трассировка</span></a> <a href="https://zhub.link/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a> <a href="https://zhub.link/tags/%D0%B0%D0%BD%D0%B0%D0%BB%D0%B8%D0%B7_%D1%83%D0%B3%D1%80%D0%BE%D0%B7" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>анализ_угроз</span></a> <a href="https://zhub.link/tags/maps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>maps</span></a> <a href="https://zhub.link/tags/io_uring" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>io_uring</span></a> <a href="https://zhub.link/tags/%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D1%8C" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>безопасность</span></a></p>
KuberneteseBPF &amp; Security: возможности, угрозы и способы защиты Технология eBPF не нова. Её используют повсеместно, ведь она ...<br><br><a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/ebpf" target="_blank">#ebpf</a> <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/linux" target="_blank">#linux</a> <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/kernel" target="_blank">#kernel</a> <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/cilium" target="_blank">#cilium</a> <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/falco" target="_blank">#falco</a> <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/трассировка" target="_blank">#трассировка</a> <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/rootkit" target="_blank">#rootkit</a> <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/анализ" target="_blank">#анализ</a> <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/угроз" target="_blank">#угроз</a> <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/maps" target="_blank">#maps</a> <a rel="nofollow noopener" class="mention hashtag" href="https://mastodon.social/tags/io_uring" target="_blank">#io_uring</a><br><br><a href="https://habr.com/ru/companies/oleg-bunin/articles/941560/?utm_source=habrahabr&amp;utm_medium=rss&amp;utm_campaign=941560" rel="nofollow noopener" target="_blank">Origin</a> | <a href="https://awakari.com/sub-details.html?id=Kubernetes" rel="nofollow noopener" target="_blank">Interest</a> | <a href="https://awakari.com/pub-msg.html?id=OnHSH7FxrBdM34oQADyanBFM7uq&amp;interestId=Kubernetes" rel="nofollow noopener" target="_blank">Match</a>
Patryk Krawaczyński<p>io_uring jako kolejne wejście dla szkodliwego oprogramowania ( <a href="https://nfsec.pl/security/6671" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">nfsec.pl/security/6671</span><span class="invisible"></span></a> ) <a href="https://infosec.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rootkit</span></a> <a href="https://infosec.exchange/tags/lsm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lsm</span></a> <a href="https://infosec.exchange/tags/ebpf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ebpf</span></a> </p><p><a href="https://www.youtube.com/watch?v=cwPg8gJq_Kw" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">youtube.com/watch?v=cwPg8gJq_Kw</span><span class="invisible"></span></a></p>
Patryk Krawaczyński

Linux rootkits – wykrywanie ukrytych plików i katalogów ( nfsec.pl/security/6609 ) #linux #rootkit #detection #twittermigration

youtube.com/watch?v=QlDZY8L5-KE

nfsec.plNF.sec – Bezpieczeństwo systemu Linux - Linux rootkits – wykrywanie ukrytych plików i katalogówO programownie typu rootkit stanowi klasę złośliwego oprogramowania (ang. malware), które zostało zaprojektowane w celu zapewnienia ukrytego, trwałego i uprzywilejowanego dostępu do skompromitowanego systemu. Jako post-eksploatacyjne narzędzie (stanowiące końcowy wektor ataku) zazwyczaj uzbrojone jest w funkcje umożliwiające: persystencję działania; eksfiltrację danych; eskalację uprawnień; ukrywanie swoich złośliwych komponentów pod postacią procesów, połączeń sieciowych, a przede wszystkim […]
Security Dungeon

Prvé video na našom #youtube kanáli.
Rýchla analýza malvéru Koske, pri ktorého vytvárani bola použítá umelá inteligencia.
Je to síce "iba" coinminer, teda malvér na ťaženie kryptomien. Má však aj zopár zaujímavostí. Napríklad obsahuje #rootkit, ktorý v systéme skrýva jeho časti.

youtube.com/watch?v=1OSPp996XQ4

Viac o tomto malvéri si môžete prečíta na malwarelab.eu/posts/koske-pand

YouTubeQuick behavioral analysis of Koske minerBy Security Dungeon
*
MalwareLab

Analysis of #Koske #miner.

It is an AI-generated #Linux #malware which was hidden in images with pandas. It supports wide variety of coinminers for various cryptocurrencies and for GPU and different CPU architectures. Its another component, #rootkit #hideproc, tries to hide the Koske miner from file listings and processes.

malwarelab.eu/posts/koske-pand

Video from #anyrun analysis:

youtube.com/watch?v=1OSPp996XQ4

#koskeminer#coinminer#blueteam
TrendingLive feeds
About