clibm079
@clibm079.bsky.social
Independent Malware Analyst & Researcher,Notes (Philosophy & Poetry) — The Path of Clarity & Poems of Malware Analysis.
Blog: http://malwareanalysisspace.blogspot.com
Website: http://clibm079.net
Blog: http://malwareanalysisspace.blogspot.com
Website: http://clibm079.net
Example:
PE-Bear: Visualize DLL Side-Loading and Sample Correlation
Practical and convenient for observing malware correlations in a single window.
Also valuable for incident response and IoC collection.
PE-Bear: Visualize DLL Side-Loading and Sample Correlation
Practical and convenient for observing malware correlations in a single window.
Also valuable for incident response and IoC collection.
November 3, 2025 at 4:20 AM
Example:
PE-Bear: Visualize DLL Side-Loading and Sample Correlation
Practical and convenient for observing malware correlations in a single window.
Also valuable for incident response and IoC collection.
PE-Bear: Visualize DLL Side-Loading and Sample Correlation
Practical and convenient for observing malware correlations in a single window.
Also valuable for incident response and IoC collection.
Example:
PE‑Bear + DIE: Abilities vs Factory — Imphash & Rich Header
This helps you group variants and attribute their build environments quickly.
PE‑Bear + DIE: Abilities vs Factory — Imphash & Rich Header
This helps you group variants and attribute their build environments quickly.
November 2, 2025 at 12:59 AM
Example:
PE‑Bear + DIE: Abilities vs Factory — Imphash & Rich Header
This helps you group variants and attribute their build environments quickly.
PE‑Bear + DIE: Abilities vs Factory — Imphash & Rich Header
This helps you group variants and attribute their build environments quickly.
Example:
PE-Bear + DIE: Fast Shows Structural Evolution — and What It’s Changed.
Compare Mode is ideal for comparing related samples in a malware family.
This helps you trace the malware evolution and also study the PE structure with a GUI.
PE-Bear + DIE: Fast Shows Structural Evolution — and What It’s Changed.
Compare Mode is ideal for comparing related samples in a malware family.
This helps you trace the malware evolution and also study the PE structure with a GUI.
October 31, 2025 at 5:24 PM
Example:
PE-Bear + DIE: Fast Shows Structural Evolution — and What It’s Changed.
Compare Mode is ideal for comparing related samples in a malware family.
This helps you trace the malware evolution and also study the PE structure with a GUI.
PE-Bear + DIE: Fast Shows Structural Evolution — and What It’s Changed.
Compare Mode is ideal for comparing related samples in a malware family.
This helps you trace the malware evolution and also study the PE structure with a GUI.
Example:
PE-Bear + DIE: Fast Pack Check — and Why It’s Packed.
Combine this with other skills, like strings scanning and experience-based analysis.
This helps you decide the next step: sandbox, unpack, or reverse engineer.
PE-Bear + DIE: Fast Pack Check — and Why It’s Packed.
Combine this with other skills, like strings scanning and experience-based analysis.
This helps you decide the next step: sandbox, unpack, or reverse engineer.
October 31, 2025 at 9:13 AM
Example:
PE-Bear + DIE: Fast Pack Check — and Why It’s Packed.
Combine this with other skills, like strings scanning and experience-based analysis.
This helps you decide the next step: sandbox, unpack, or reverse engineer.
PE-Bear + DIE: Fast Pack Check — and Why It’s Packed.
Combine this with other skills, like strings scanning and experience-based analysis.
This helps you decide the next step: sandbox, unpack, or reverse engineer.
🔵Revisiting SubVirt & Blue Pill: From Attacker Proof-of-Concepts to Defensive Foundations
🔗https://malwareanalysisspace.blogspot.com/2025/10/revisiting-subvirt-blue-pill-from.html
#SubVirt #BluePill #VMBasedRootkit #UEFI #BootKit #RootkitDefense #SystemSecurity
🔗https://malwareanalysisspace.blogspot.com/2025/10/revisiting-subvirt-blue-pill-from.html
#SubVirt #BluePill #VMBasedRootkit #UEFI #BootKit #RootkitDefense #SystemSecurity
October 29, 2025 at 2:47 PM
🔵Revisiting SubVirt & Blue Pill: From Attacker Proof-of-Concepts to Defensive Foundations
🔗https://malwareanalysisspace.blogspot.com/2025/10/revisiting-subvirt-blue-pill-from.html
#SubVirt #BluePill #VMBasedRootkit #UEFI #BootKit #RootkitDefense #SystemSecurity
🔗https://malwareanalysisspace.blogspot.com/2025/10/revisiting-subvirt-blue-pill-from.html
#SubVirt #BluePill #VMBasedRootkit #UEFI #BootKit #RootkitDefense #SystemSecurity
PE-bear provides rapid string scanning and plaintext visibility inside suspicious binaries. Like DiE and Malcat Lite, it’s an effective first-step triage tool for malware such as ransomware — a quick way to spot early indicators before diving deeper into reverse engineering.
October 29, 2025 at 3:39 AM
PE-bear provides rapid string scanning and plaintext visibility inside suspicious binaries. Like DiE and Malcat Lite, it’s an effective first-step triage tool for malware such as ransomware — a quick way to spot early indicators before diving deeper into reverse engineering.
Love it: PE-bear supports dumping multi-layer embedded binary repeatedly—it lists them in a clean tree so you can extract multiple payloads fast. Excellent UX, practical features, and clearly designed for analysts. Recorded a short follow-up demo showing repeated extraction. 💙
October 20, 2025 at 5:24 PM
Love it: PE-bear supports dumping multi-layer embedded binary repeatedly—it lists them in a clean tree so you can extract multiple payloads fast. Excellent UX, practical features, and clearly designed for analysts. Recorded a short follow-up demo showing repeated extraction. 💙
I used PE-bear for the first time to dump an embedded binary. Its intuitive UI made extraction effortless. Because malware often embeds payloads with the form A in B to evade detection, pulling out the inner binary was crucial for deeper analysis and IoCs hunting.
October 19, 2025 at 8:45 AM
I used PE-bear for the first time to dump an embedded binary. Its intuitive UI made extraction effortless. Because malware often embeds payloads with the form A in B to evade detection, pulling out the inner binary was crucial for deeper analysis and IoCs hunting.