clibm079
@clibm079.bsky.social
Independent Malware Analyst & Researcher,Notes (Philosophy & Poetry) — The Path of Clarity & Poems of Malware Analysis.
Blog: http://malwareanalysisspace.blogspot.com
Website: http://clibm079.net
Blog: http://malwareanalysisspace.blogspot.com
Website: http://clibm079.net
Pinned
"To truly understand an adversary, you must rise to — or beyond — their depth.Because only depth reveals intent."
#CyberSecurity #MalwareAnalysis #APT #NationalLevelAPT #ThreatIntel #ReverseEngineering
#CyberSecurity #MalwareAnalysis #APT #NationalLevelAPT #ThreatIntel #ReverseEngineering
Example:
PE-Bear: Visualize DLL Side-Loading and Sample Correlation
Practical and convenient for observing malware correlations in a single window.
Also valuable for incident response and IoC collection.
PE-Bear: Visualize DLL Side-Loading and Sample Correlation
Practical and convenient for observing malware correlations in a single window.
Also valuable for incident response and IoC collection.
November 3, 2025 at 4:20 AM
Example:
PE-Bear: Visualize DLL Side-Loading and Sample Correlation
Practical and convenient for observing malware correlations in a single window.
Also valuable for incident response and IoC collection.
PE-Bear: Visualize DLL Side-Loading and Sample Correlation
Practical and convenient for observing malware correlations in a single window.
Also valuable for incident response and IoC collection.
Example:
PE‑Bear + DIE: Abilities vs Factory — Imphash & Rich Header
This helps you group variants and attribute their build environments quickly.
PE‑Bear + DIE: Abilities vs Factory — Imphash & Rich Header
This helps you group variants and attribute their build environments quickly.
November 2, 2025 at 12:59 AM
Example:
PE‑Bear + DIE: Abilities vs Factory — Imphash & Rich Header
This helps you group variants and attribute their build environments quickly.
PE‑Bear + DIE: Abilities vs Factory — Imphash & Rich Header
This helps you group variants and attribute their build environments quickly.
Example:
PE-Bear + DIE: Fast Shows Structural Evolution — and What It’s Changed.
Compare Mode is ideal for comparing related samples in a malware family.
This helps you trace the malware evolution and also study the PE structure with a GUI.
PE-Bear + DIE: Fast Shows Structural Evolution — and What It’s Changed.
Compare Mode is ideal for comparing related samples in a malware family.
This helps you trace the malware evolution and also study the PE structure with a GUI.
October 31, 2025 at 5:24 PM
Example:
PE-Bear + DIE: Fast Shows Structural Evolution — and What It’s Changed.
Compare Mode is ideal for comparing related samples in a malware family.
This helps you trace the malware evolution and also study the PE structure with a GUI.
PE-Bear + DIE: Fast Shows Structural Evolution — and What It’s Changed.
Compare Mode is ideal for comparing related samples in a malware family.
This helps you trace the malware evolution and also study the PE structure with a GUI.
Example:
PE-Bear + DIE: Fast Pack Check — and Why It’s Packed.
Combine this with other skills, like strings scanning and experience-based analysis.
This helps you decide the next step: sandbox, unpack, or reverse engineer.
PE-Bear + DIE: Fast Pack Check — and Why It’s Packed.
Combine this with other skills, like strings scanning and experience-based analysis.
This helps you decide the next step: sandbox, unpack, or reverse engineer.
October 31, 2025 at 9:13 AM
Example:
PE-Bear + DIE: Fast Pack Check — and Why It’s Packed.
Combine this with other skills, like strings scanning and experience-based analysis.
This helps you decide the next step: sandbox, unpack, or reverse engineer.
PE-Bear + DIE: Fast Pack Check — and Why It’s Packed.
Combine this with other skills, like strings scanning and experience-based analysis.
This helps you decide the next step: sandbox, unpack, or reverse engineer.
🔵Revisiting SubVirt & Blue Pill: From Attacker Proof-of-Concepts to Defensive Foundations
🔗https://malwareanalysisspace.blogspot.com/2025/10/revisiting-subvirt-blue-pill-from.html
#SubVirt #BluePill #VMBasedRootkit #UEFI #BootKit #RootkitDefense #SystemSecurity
🔗https://malwareanalysisspace.blogspot.com/2025/10/revisiting-subvirt-blue-pill-from.html
#SubVirt #BluePill #VMBasedRootkit #UEFI #BootKit #RootkitDefense #SystemSecurity
October 29, 2025 at 2:47 PM
🔵Revisiting SubVirt & Blue Pill: From Attacker Proof-of-Concepts to Defensive Foundations
🔗https://malwareanalysisspace.blogspot.com/2025/10/revisiting-subvirt-blue-pill-from.html
#SubVirt #BluePill #VMBasedRootkit #UEFI #BootKit #RootkitDefense #SystemSecurity
🔗https://malwareanalysisspace.blogspot.com/2025/10/revisiting-subvirt-blue-pill-from.html
#SubVirt #BluePill #VMBasedRootkit #UEFI #BootKit #RootkitDefense #SystemSecurity
"To truly understand an adversary, you must rise to — or beyond — their depth.Because only depth reveals intent."
#CyberSecurity #MalwareAnalysis #APT #NationalLevelAPT #ThreatIntel #ReverseEngineering
#CyberSecurity #MalwareAnalysis #APT #NationalLevelAPT #ThreatIntel #ReverseEngineering
October 29, 2025 at 3:51 AM
"To truly understand an adversary, you must rise to — or beyond — their depth.Because only depth reveals intent."
#CyberSecurity #MalwareAnalysis #APT #NationalLevelAPT #ThreatIntel #ReverseEngineering
#CyberSecurity #MalwareAnalysis #APT #NationalLevelAPT #ThreatIntel #ReverseEngineering
PE-bear provides rapid string scanning and plaintext visibility inside suspicious binaries. Like DiE and Malcat Lite, it’s an effective first-step triage tool for malware such as ransomware — a quick way to spot early indicators before diving deeper into reverse engineering.
October 29, 2025 at 3:39 AM
PE-bear provides rapid string scanning and plaintext visibility inside suspicious binaries. Like DiE and Malcat Lite, it’s an effective first-step triage tool for malware such as ransomware — a quick way to spot early indicators before diving deeper into reverse engineering.
I used PE-bear for the first time to dump an embedded binary. Its intuitive UI made extraction effortless. Because malware often embeds payloads with the form A in B to evade detection, pulling out the inner binary was crucial for deeper analysis and IoCs hunting.
October 19, 2025 at 8:45 AM
I used PE-bear for the first time to dump an embedded binary. Its intuitive UI made extraction effortless. Because malware often embeds payloads with the form A in B to evade detection, pulling out the inner binary was crucial for deeper analysis and IoCs hunting.
🌿💻 2025.08 Share
Poems of Malware Analysis
Shadows in the Stack: Notes from the Binary Jungle
🔗https://malwareanalysisspace.blogspot.com/2025/08/poems-of-malware-analysis-shadows-in.html
#MalwareAnalysis #ReverseEngineering #BinaryPoetry
Poems of Malware Analysis
Shadows in the Stack: Notes from the Binary Jungle
🔗https://malwareanalysisspace.blogspot.com/2025/08/poems-of-malware-analysis-shadows-in.html
#MalwareAnalysis #ReverseEngineering #BinaryPoetry
October 18, 2025 at 3:47 PM
🌿💻 2025.08 Share
Poems of Malware Analysis
Shadows in the Stack: Notes from the Binary Jungle
🔗https://malwareanalysisspace.blogspot.com/2025/08/poems-of-malware-analysis-shadows-in.html
#MalwareAnalysis #ReverseEngineering #BinaryPoetry
Poems of Malware Analysis
Shadows in the Stack: Notes from the Binary Jungle
🔗https://malwareanalysisspace.blogspot.com/2025/08/poems-of-malware-analysis-shadows-in.html
#MalwareAnalysis #ReverseEngineering #BinaryPoetry
🌿 The Path of Clarity
Notes from a Stage of Quiet Exploration — Not a Guide, But a Trace
📖 A personal pdf documenting thoughts behind my research journey.
🌀 It’s not about malware report.
🔗 malwareanalysisspace.blogspot.com/2025/06/the-...
#MalwareAnalysis #InnerExploration #ResearchJourney
Notes from a Stage of Quiet Exploration — Not a Guide, But a Trace
📖 A personal pdf documenting thoughts behind my research journey.
🌀 It’s not about malware report.
🔗 malwareanalysisspace.blogspot.com/2025/06/the-...
#MalwareAnalysis #InnerExploration #ResearchJourney
Malware Analysis Space: The Path of Clarity
malwareanalysisspace.blogspot.com
October 18, 2025 at 3:44 PM
🌿 The Path of Clarity
Notes from a Stage of Quiet Exploration — Not a Guide, But a Trace
📖 A personal pdf documenting thoughts behind my research journey.
🌀 It’s not about malware report.
🔗 malwareanalysisspace.blogspot.com/2025/06/the-...
#MalwareAnalysis #InnerExploration #ResearchJourney
Notes from a Stage of Quiet Exploration — Not a Guide, But a Trace
📖 A personal pdf documenting thoughts behind my research journey.
🌀 It’s not about malware report.
🔗 malwareanalysisspace.blogspot.com/2025/06/the-...
#MalwareAnalysis #InnerExploration #ResearchJourney
🚨 2025.05 RESEARCH
Static Analysis of Turla’s Uroboros: Revealing Core Tactics and Technical Mindset
🔗http://malwareanalysisspace.blogspot.com/2025/05/static-analysis-of-turlas-uroboros.html
#Turla #Uroboros #kernel #rootkit #CoreTactics #TechnicalMindset
Static Analysis of Turla’s Uroboros: Revealing Core Tactics and Technical Mindset
🔗http://malwareanalysisspace.blogspot.com/2025/05/static-analysis-of-turlas-uroboros.html
#Turla #Uroboros #kernel #rootkit #CoreTactics #TechnicalMindset
October 18, 2025 at 3:19 PM
🚨 2025.05 RESEARCH
Static Analysis of Turla’s Uroboros: Revealing Core Tactics and Technical Mindset
🔗http://malwareanalysisspace.blogspot.com/2025/05/static-analysis-of-turlas-uroboros.html
#Turla #Uroboros #kernel #rootkit #CoreTactics #TechnicalMindset
Static Analysis of Turla’s Uroboros: Revealing Core Tactics and Technical Mindset
🔗http://malwareanalysisspace.blogspot.com/2025/05/static-analysis-of-turlas-uroboros.html
#Turla #Uroboros #kernel #rootkit #CoreTactics #TechnicalMindset
🚨 2025.08 RESEARCH
Analysis of Equation Group’s nls_933w.dll: Revealing Core Tactics and Technical Mindset
🔗http://malwareanalysisspace.blogspot.com/2025/08/analysis-of-equation-groups-nls933wdll.html
#EquationGroup #nls_933w #kernel #rootkit #Firmware #CoreTactics #TechnicalMindset
Analysis of Equation Group’s nls_933w.dll: Revealing Core Tactics and Technical Mindset
🔗http://malwareanalysisspace.blogspot.com/2025/08/analysis-of-equation-groups-nls933wdll.html
#EquationGroup #nls_933w #kernel #rootkit #Firmware #CoreTactics #TechnicalMindset
October 18, 2025 at 3:19 PM
🚨 2025.08 RESEARCH
Analysis of Equation Group’s nls_933w.dll: Revealing Core Tactics and Technical Mindset
🔗http://malwareanalysisspace.blogspot.com/2025/08/analysis-of-equation-groups-nls933wdll.html
#EquationGroup #nls_933w #kernel #rootkit #Firmware #CoreTactics #TechnicalMindset
Analysis of Equation Group’s nls_933w.dll: Revealing Core Tactics and Technical Mindset
🔗http://malwareanalysisspace.blogspot.com/2025/08/analysis-of-equation-groups-nls933wdll.html
#EquationGroup #nls_933w #kernel #rootkit #Firmware #CoreTactics #TechnicalMindset
⏳💻 Regin: Static Analysis of Its Lightweight VFS Abstraction Layer
🔗 Full report: malwareanalysisspace.blogspot.com/2025/10/regi...
#Regin #Rootkit #VFS #KernelMode #ReverseEngineering #TopTierAPT
🔗 Full report: malwareanalysisspace.blogspot.com/2025/10/regi...
#Regin #Rootkit #VFS #KernelMode #ReverseEngineering #TopTierAPT
Malware Analysis Space: Regin: Static Analysis of Its Lightweight VFS Abstraction Layer
malwareanalysisspace.blogspot.com
October 18, 2025 at 3:16 PM
⏳💻 Regin: Static Analysis of Its Lightweight VFS Abstraction Layer
🔗 Full report: malwareanalysisspace.blogspot.com/2025/10/regi...
#Regin #Rootkit #VFS #KernelMode #ReverseEngineering #TopTierAPT
🔗 Full report: malwareanalysisspace.blogspot.com/2025/10/regi...
#Regin #Rootkit #VFS #KernelMode #ReverseEngineering #TopTierAPT