The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
#MALWARE

The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques.

Collection of various malicious functionality to aid in malware development.

NEW

We keep you posted on the latest cyber threats. Learn more about what is new in the world of IT security. Knowledge is the best protection.

We are the leading creator of original DNS threat intelligence. We’re proactive, not just defensive, using our insights to track threat actor infrastructure and disrupt cybercrime where threat actors begin. We also believe in sharing knowledge to support the broader security community by publishing detailed research on select actors and associated indicators.

Explore Triage's Malware Analysis Sandbox to dissect your malware samples. Access malware trends, and a customizable environment for in-depth analysis and classification.

This encyclopedia contains the description of anti-debug tricks which work on the latest Windows releases with the most popular debuggers (such as OllyDbg, WinDbg, x64dbg). Deprecated techniques (e.g. for SoftICE, etc.) are not included (despite all the love to SoftICE).

Frictionless threat intelligence solutions for growing teams.

PCrisk cyber security portal and certified anti-virus application Combo Cleaner is brought by a company RCS LT. All content on pcrisk.com is provided by professional authors who are experts in computer security. In our removal guides we recommend using Combo Cleaner to remove malware infections. Close collaboration between expert authors of PCrisk and malware researchers of Combo Cleaner empowers us to provide the best solutions in malware removal. Every malware removal guide is closely checked by our malware researchers to ensure that Combo Cleaner can 100% detected and eliminate the threat that we write about.

The Official Blog from Kaspersky covers information to help protect you against viruses, spyware, hackers, spam & other forms of malware.

Practical and Affordable Cyber Security Training.

Blog from AhnLab Security Emergency response Center.

The Intelligence and research arm of Check Point Technologies provides leading cyber threat intelligence to Check Point customers and the greater intelligence community.

MalwareMustDie (MMD) is a prominent nonprofit whitehat security research group that emerged in August 2012, standing as a collective force against the proliferation of malware on the internet. The organization comprises a collaborative effort of IT professionals and dedicated security researchers, united by a shared mission to combat and mitigate the impact of various forms of malicious software.

Every day Kaspersky automatically processes around 400,000 new malicious files. Only one percent of these need manual work from a security expert, and only a tiny fraction of that 1% go to the company’s top-notch Global Research and Analysis Team (GReAT). Those chosen few samples belong to the rarest, most menacing new APTs (advanced persistent threats). Kaspersky Lab’s Targeted Cyberattack Logbook chronicles all of these ground-breaking malicious cybercampaigns that have been investigated by!

MalAPI.io maps Windows APIs to common techniques used by malware.

Stay up-to-date with industry insights and trends by reading Analyst1's informative blog. Explore our extensive range of topics and stay informed.

Malware Analysis, News and Indicators.

Upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data.

Access top cyber intelligence and dark web insights to navigate digital threats effectively with Daily Dark Web.

We discuss hot topics, malware behavior, techniques, practices for analyzing malicious files, and of course, we will talk more about our online interactive sandbox.

Keep up to date with Halcyon's announcements and research here.

NEW

AMSI.fail generates obfuscated PowerShell snippets that break or disable AMSI for the current process. The snippets are randomly selected from a small pool of techniques/variations before being obfuscated. Every snippet is obfuscated at runtime/request so that no generated output share the same signatures.

theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and safe way. theZoo was born by Yuval tisf Nativ and is now maintained by Shahak Shalev.

Analyse suspicious files, domains, IPs and URLs to detect malware and other breaches, automatically share them with the security community.

Sekoia.io Blog sheds light on the state of the Cybersecurity Operations industry, from Threat analyses to highlights on solutions and partnerships as well as foundational contents on XDR, CTI and more.

The largest collection of malware source code, samples, and papers on the internet.

A mix of in-depth nuanced takes on current events and highly technical original research by Marcus Hutchins. I cover a wide array of topics such as vulnerability research, threat intelligence, national security, reverse engineering, and Windows internals.

Ransomware.live monitors the extortion sites used by ransomware groups. The information posted on this website is dynamically updated in near real-time.

The EMBER dataset is a collection of features from PE files that serve as a benchmark dataset for researchers. The EMBER2017 dataset contained features from 1.1 million PE files scanned in or before 2017 and the EMBER2018 dataset contains features from 1 million PE files scanned in or before 2018. This repository makes it easy to reproducibly train the benchmark models, extend the provided feature set, or classify new PE files with the benchmark models.

Dark Vortex provides various cybersecurity trainings, products and other services.

Atomic Red Team™ is library of tests mapped to the MITRE ATT&CK framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments.

World First Visual AI Based Malware Detection. The first solution that converts files into graphical representations and checks whether malware is contained or not. We provide user-friendly, efficient and secure malware detection technology.

29 year old cybersecurity specialist, speaker, and ex-hacker. Best known for stopping the global WannaCry ransomware attack. Background in programming & threat intelligence.

TIPS & GUIDANCE Ransomware incidents can severely impact business processes and leave organizations without the data they need to operate and deliver.

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

Blog from cocomelonc, a cybersec enthusiast, CTF player.

Ransomwhere is the open, crowdsourced ransomware payment tracker. Browse and download ransomware payment data or help build our dataset by reporting ransomware demands you have received.

Red Teaming and offensive stuff.

With a massive growth in new malware and infections, macOS security awareness is now more important than ever. Yet many people believe that if they are using macOS they are safe and should not be concerned about getting infected. Even though malware for macOS is years behind Windows malware in the sense of sophistication, complexity and number of infections, macOS malware is becoming more sophisticated as time goes by. Furthermore, it uses more ways to infect, evade and abuse the macOS architecture to deliver malware, for example - using applications signed with legitimate Apple developer certificates to avoid detection.

NEW

Stay up to date with the latest cybersecurity insights, practical advice, articles and news from the Veriti Experts.

List of evasion techniques provided by Check Point Research.

Malcore is designed to automate malware analysis and was designed by Internet 2.0’s top malware analysts Thomas Perkins. Malcore’s sandbox powered by AI is designed with speed and scalability. Malcore automates malware analysis, checks files and links.

Scan, Track, Secure Proactive C&C Infrastructure Monitoring Across the Web.

The RRA (Recent Ransomware Attacks) site acts as a watchtower, providing near real-time ransomware tracking of attacks, groups and their victims. Given threat actors' overarching. lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

This service is collecting, indexing, and centralizing ransomware information from most ransomware groups and their victims.

Stop Malvertising investigates current Malware Trends and the distribution of malware exploits through online advertising networks.

Malpedia is a free service offered by Fraunhofer FKIE. The primary goal of Malpedia is to provide a resource for rapid identification and actionable context when investigating malware. Openness to curated contributions shall ensure an accountable level of quality in order to foster meaningful and reproducible research.

Cybersecurity, red team, blue team, hacking.

A cybersecurity and technology news platform that also publishes in-depth guides, tutorials, and reviews.

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

HackMag is an educational ecosystem where cybersecurity specialists share practical knowledge in exchange for financial rewards and recognition. Access to this knowledge significantly increases the hands-on educational level of fellow specialists and the security of computer systems throughout the world.

Real Intrusions by Real Attackers, The Truth Behind the Intrusion.

These are notes about all things focusing on, but not limited to, red teaming and offensive security.

Weekly Cybersecurity news, techniques, exploits, and tools every Monday.

Frontline Mandiant investigations, expert analysis, tools and guidance, and in-depth security research.

Researchers in the Lookout Threat Lab leverage the world’s largest mobile telemetry dataset to track APT activity, discover new mobile malware, and provide actionable intelligence.

RansomLook is an open-source project aimed at assisting users in tracking ransomware-related posts and activities across various sites, forums, and Telegram channels.

Ransomwatch trails the extortion sites used by ransomware groups and surfaces an aggregated feed of claims.

Get up-to-date hot takes on the state of cybersecurity today, from responses to US-CERT alerts, to using the MITRE ATT&CK framework.

It is the golden age of Command and Control (C2) frameworks. The goal of this site is to point you to the best C2 framework for your needs based on your adversary emulation plan and the target environment. Take a look at the matrix or use the questionnaire to determine which fits your needs.

GitHub public repositories matching the '#malware' topic.

NEW

Living Off The Land Payload Generator.

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Check out our latest threat hunting articles, tips and stories.

A comprehensive module-based malware development course that provides fundamental to advanced level training|

Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain.

URLhaus is a project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution.

NEW

Adversary techniques for credential theft and data compromise.

Interactive Online Malware Sandbox.

A global community of people helping each other with their Security, Technology and Technical Support questions.

NEW

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and web addresses for threats, malware, viruses

Collection of malware source code for a variety of platforms in an array of different programming languages.

A community driven public malware repository that works to provide free access to malware samples and tooling to the infomation security community.

NEW

Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance.

The latest updates on cybersecurity from today’s experts. Read about ransomware, vulnerabilities, and threat intelligence impacting businesses.

A free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology.

Online Virus Scanner Without Result Distribution. Scan your file online with multiple different antiviruses without distributing the results of your scan.

Analyze files in seconds! Zero Miss for Office Malware Threats.

HijackLibs provides an curated list of DLL Hijacking candidates, mappings between DLLs and vulnerable executables, with additional metadata for more context. For defenders, this project can provide valuable information when trying to detect DLL Hijacking attempts; for red teamers, this project can help identify DLLs that can be used to achieve DLL Hijacking.

Browse indicators of compromise (IOCs) on ThreatFox.