I Know What You Shipped Last Summer - RCE, SQLi and More in Logistics Software e-TMS 在一次外部渗透测试中发现Andsoft公司的运输管理软件e-TMS存在多个严重漏洞，包括远程代码执行、SQL注入、文件读取和跨站脚本攻击等，并且无需认证即可利用。这些漏洞影响了多个大型物流公司及其公开暴露的42个实例。尽管部分漏洞已修复，但其他问题仍未解决且厂商未回应。建议限制e-TMS公开访问以降低风险。... 2025-9-19 12:0:0 | 阅读: 6 | 收藏 | cyber.wtf - cyber.wtf clt tms loginfrm client

Notes on Pyarmor BCC Mode 文章探讨了Pyarmor的BCC模式如何将Python函数编译为C代码并混淆保护，分析了其工作原理、ELF文件结构、常量注入机制及与Python解释器的交互，并提供了工具支持以帮助逆向分析受保护代码。... 2025-5-30 12:30:0 | 阅读: 20 | 收藏 | cyber.wtf - cyber.wtf bcc fastcall pyarmor python ftable

.NET Deobfuscation 文章讨论了.NET框架中常见的恶意软件混淆技术，包括打包、代理/委托和字符串加密，并介绍了如何使用de4dot工具进行反混淆及扩展其功能以应对复杂情况。... 2025-4-7 13:0:0 | 阅读: 2 | 收藏 | cyber.wtf - cyber.wtf de4dot delegate getstring obfuscator

Unpacking Pyarmor v8+ scripts 这篇文章描述了一次针对钓鱼邮件的详细分析过程。攻击者通过伪装成未付账单的邮件发送包含恶意代码的SVG文件。分析人员发现该文件会引导用户下载并执行恶意HTM文件，进而通过WebDAV连接到攻击者的服务器。进一步调查揭示了三个用于分发恶意软件的域名，并发现攻击者利用Pyarmor保护Python脚本以隐藏其真实目的。通过静态解密和定制Python解释器，研究人员成功提取出最终payload，包括远程控制木马和信息窃取器等恶意程序。... 2025-2-12 13:0:0 | 阅读: 20 | 收藏 | cyber.wtf - cyber.wtf gcm pyarmor python v21 decrypted

Detection of Command and Control Traffic Using Suricata First of all, I’m pretty proud to serve the first f... 2024-12-6 08:0:0 | 阅读: 3 | 收藏 | cyber.wtf - cyber.wtf c2 suricata beacon havoc sliver

Harvesting the Database - 5 CVEs in TOPqw Webportal TOPqw Webportal is a web application developed by bi... 2024-11-11 22:0:0 | 阅读: 27 | 收藏 | cyber.wtf - cyber.wtf sysusers injection topqw payload sqlmap

Destructive IoT Malware Emulation – Part 3 of 3 – Statistics Welcome back to Part 3, the final part of our series... 2024-10-15 00:0:0 | 阅读: 6 | 收藏 | cyber.wtf - cyber.wtf acidrain cov emulation drcov qiling

Parsing Fortinet Binary Firewall Logs Earlier this year, we had a case where we were given... 2024-8-30 16:50:0 | 阅读: 12 | 收藏 | cyber.wtf - cyber.wtf endian tlog logbase llog lz4

Destructive IoT Malware Emulation – Part 2 of 3 – Hooking Techniques Welcome back to part 2 of our IoT Malware Emulation... 2024-8-1 17:37:2 | 阅读: 8 | 收藏 | cyber.wtf - cyber.wtf acidrain 0x3 mtd 0x00401a44 qiling

Give Me Your FortiGate Configuration Backup and I Rule Your Network In a recent incident response case we were as always searching for the initial ac... 2024-6-13 18:55:31 | 阅读: 6 | 收藏 | cyber.wtf - cyber.wtf mary encryption fig passwords webui

Destructive IoT Malware Emulation – Part 1 of 3 – Environment Setup Everyone who has delved a bit into malware analysis knows that you don’t actually need... 2024-3-28 19:39:46 | 阅读: 14 | 收藏 | cyber.wtf - cyber.wtf qiling emulation acidrain 0x3 sda

Recovering data from broken appliance VMDKs Once in a while, a customer may give you a virtual disk image for an appliance that nee... 2024-3-1 01:4:24 | 阅读: 12 | 收藏 | cyber.wtf - cyber.wtf vmdk sectors incomplete dealing sparse

The csharp-streamer RAT In an Incident Response case earlier this year, we encountered an interesting piece of... 2023-12-6 20:42:11 | 阅读: 19 | 收藏 | cyber.wtf - cyber.wtf powershell streamer csharp library ransomware

Config Extraction from in-memory CobaltStrike Beacons Recently we had a case where threat actors deployed CobaltStrike, which has become a co... 2023-10-13 21:43:33 | 阅读: 16 | 收藏 | cyber.wtf - cyber.wtf beacon memory dmp volatility

QakBot Takedown Payload Analysis In a recent international operation, law enforcement agencies from the US and EU... 2023-9-1 20:33:52 | 阅读: 19 | 收藏 | cyber.wtf - cyber.wtf qakbot shellcode library payload victim

Defeating VMProtect’s Latest Tricks A colleague of mine recently came across a SystemBC sample that is protected with VMPro... 2023-2-9 18:42:4 | 阅读: 53 | 收藏 | cyber.wtf - cyber.wtf vmprotect windows scyllahide packer debugger

Windows Registry Analysis – Today’s Episode: Tasks When it comes to persistence of common off-the-shelf malware, the most commonly observe... 2022-6-1 20:25:17 | 阅读: 21 | 收藏 | cyber.wtf aligned bstr duration repetition windows

What the Pack(er)? Lately, I broke one of the taboos of malware analysis: looking into the packer st... 2022-3-23 22:17:22 | 阅读: 20 | 收藏 | cyber.wtf epoch drops payload

A Chapter Closes When we registered the domain cyber.wtf, G DATA Advanced Analytics (ADAN) was onl... 2022-2-23 01:3:59 | 阅读: 24 | 收藏 | cyber.wtf adan security 25t10 grown wtfcreation

Guess who’s back tl;dr: EmotetThe (slighty) longer story:On Sunday, November 14, at around 9:2... 2021-11-16 02:21:21 | 阅读: 81 | 收藏 | cyber.wtf microsoft rundll32 rundll loader