The background / TLDR
It was in September 2016 when we decided to move our blog and since then myself and the team had a lot of fun in learning and experimenting with "Jekyll" (based on "Poole") and "BlackDoc", and I just convert all posts statically into "Markdown" and all syntax highlighter into "Rouge" highlighter with templates coded in "Liquid", and I was seriously dealing with Ruby codes on FreeBSD for it. Wasn't easy, but with helps from the community and the team, we did that, and I have learned about several blog systems a lot.I assure you it absolutely need a great effort to move or convert a blog as big as this, but at that time, the reason why we had to move was principally way much more crucial than such resource matter. And now we have capability to move our blog to anywhere, at anytime we want too.
Then, during the process, the MMD research has been going on as usual. On posting my research I moved along to try out several platforms, it's good to actually know that we don't have to depend only into one platform, and 3 (three) fun years out there was making us learning a lot about other reliable services here and there. What myself and the mates have learned is, in using any services, either it's your own or other party's ones, they all are obviously having their pro's and con's. And frankly speaking, you won't know those con's unless you literally go there and try them yourself.
So, here we are, back to service where we first started to do MalwareMustDie blog. And I met with several cool guys found that the Blogger environment is way nicer and more in privacy efforts than before, thank you Google for doing the hard work in satisfying and securing blog users. So I just set it up and switched all access to HTTPS and hopefully the broken-links effect are minimum. For the unnoticed broken links occurs during this transition please adjust the URL's subdomain from blog.malwemustdie.org to blog2.malwaremustdie.org, this should fix that up. For those who previously had problem with broken RSS this HTTPS effort may be a good news for you. And, you can still access the MMD (MalwareMustDie) blog under sub-domain of "blog2" with HTTP, yet I won't add more posts in there though, and I will minimize its service.
The flip side of all of these 3years of adventure is, now I have my research materials scattering around all over the internet(smile). Oh yes, the activity has been actively going on as usual and we're learning a better OpSec too. The security awareness is also blooming better than before, which is happy things to see..not like what we had before in 2012, Even now I am still hanging out with our friends and we're still on to dissecting cyber threat or malware.. Linux or not.. Intel CPU or not, and to be noted: I am still a great fan of radare2 and FreeBSD!
I think some followers may not know what we've been doing all of these three years, or maybe they can't track well our activities on our security research, so I decided to list some links for you to catch up with for the public related threat only. Some of those reports are just screenshots with comments (security related pictures really paint thousand words), some are just text posts or analysis comments, but all contains important information.
Does this means I am posting analysis blog again? Well, you're going to find that out too :)
Here's the list of what's been done during these three years, enjoy:
(For the previous Linux Malware Research list can be seen in here [link])
1. Windows related malware posts
Raccoon stealer infection in the wild
Dissecting on memory post exploitation powershell beacon w/ radare2
Intel POPSS Vulnerability PoC Reversed
"FHAPPI attack" : FreeHosting APT PowerSploit Poison Ivy
2. Linux related malware posts
Honda Car's Panel's Rootkit from China
GoARM.Bot + static strip ARM ELF by ChinaZ
Linux/Mandibule (Process Injector)
So Many Mirai..Mirai on the wall)
Linux/Kaiten (modded ver) in Google clouds
Linux/Qbot or GafGyt ..in Kansas city?
ChinaZ gang is back to shellshock drops Elknot abuses USA networks
3. Mac OSX related malware posts
4. Other malware reports
Webshell/r57shell, and..
I also posted either in VirusTotal comments, or previously posted some on kernelmode(not anymore), or sometimes making several posts or notes in reddit.
We also has opened the public twitter with handle of @MalwareMustD1e, a lot of analysis screenshots as awareness are posted in there too along with several news of forensics tools for education and development matters, feel free to follow or check the time line. Again, the previous Linux Malware Research list is also available.
5. My talks on security conference
About my presentation of: "Unpacking the non-unpackable" (ELF packers talk) in R2CON2018
Epilogue
I may edit/change my posts to adjust or brush up their contents along with this post on transitioning the services, so there will be addition or changes.Please stay safe, don't code/use bad stuff, and enjoy the summary!
#MalwareMustDie!
