Azure sentinel


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

Master azure security


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

Beginning Security with Microsoft Technologies


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

Quantitative Risk Analysis Step-By-Step __________________
Copyright SANS Institute 2021.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

Malware development

https://0xpat.github.io


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

Level Up Your Blue Team Skills
At the FREE SANS #BlueTeamSummit, enjoy two days of blue team & cyber defense talks from all around the world! Come learn the latest ways to mitigate the most recent attacks.

Register For Free:
https://www.sans.org/cyber-security-training-events/blue-team-summit-2021/

Early Bird Offer
Save $300 USD using the code "EarlyBird21" and pay for any 4-6 day course by 13 Aug 2021


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

فرمانده از افسر تک تیرانداز بالای برج پرسید:آیا تک تیرانداز دشمن در کارش مهارت دارد؟
افسر پاسخ داد:خیر قربان،در کارش خیلی هم ناشی است!
-پس چرا تا حالا موفق به کشتن او نشده ای؟
-میترسم او را بزنم بعدش یکی بهتر از او را بیاورند و همه ما را بکشد.بنظرم زنده بماند به نفع ماست قربان!
"و اینگونه است که کشورهای قدرتمند همواره از حضور افراد ناشایست در هدایت کشورهای ثروتمند شادمانند و حتی اگر در ظاهر بر طبل دشمنی می کوبند در باطن از ادامه حضورشان حمایت می کنند...


‎-😙-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

Cross-team Collaboration on SOC Audits

https://www.linkedin.com/posts/alirezaghahrood_cross-team-collaboration-on-soc-audits-activity-6815847505138348032-CNOu

‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

AI-ML in Cyber Security

https://www.linkedin.com/posts/alirezaghahrood_%D9%87%D9%88%D8%B4-%D9%85%D8%B5%D9%86%D9%88%D8%B9%DB%8C-%DB%8C%D8%A7%D8%AF%DA%AF%DB%8C%D8%B1%DB%8C-%D9%85%D8%A7%D8%B4%DB%8C%D9%86-%D9%88-%D8%B9%D9%85%DB%8C%D9%82-%D8%AF%D8%B1-%D8%A7%D9%85%D9%86%DB%8C%D8%AA-activity-6815853968795688960-T89D


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

كتاب امسال🤓دوس داشتيم!


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

Bash😙


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

Cyber Operations
Building, Defending, and Attacking Modern Computer Networks


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

(گوته)
نیاسایید،
زندگی در گذر است؛
بروید و دلیری کنید،
و پیش از آنکه بمیرید چیزی نیرومند و متعالی از خود بجای گذارید تا بر زمان چیره شوید.

پ ن:
انسان نباید بیندیشد که بهتر از دیگران هست یا نیست ، بلکه باید بیندیشد که می‌تواند بهتر از آن چیزی که خودش هست باشد ! هر کسی شایسته بهتر بودن نسبت به خودش است ...


-🙂-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

GitHub has launched a new AI-powered code completion tool — Copilot — to help software developers write better code in a variety of programming languages, including Python, #JavaScript, TypeScript, Ruby, and Go.
Read details: https://thehackernews.com/2021/06/github-launches-copilot-ai-powered-code.html


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

اقاي رئيس جمهور
خيلي از آرزو هاي نسل جوان و سوخته اين خاك به واسطه
عدم مديريت مسولين به دست باد رفته، دروغ چرا در ٤٢ سال اخير
رويه رو به رشدي با محوريت رفاه مردم وعدالت ….
بصورت كلي ديده نشده حداقل از سمت جمعيتي!
حداقل با روح و روان و شعور!!!! ملت بازي نكنيد!!!

موج پله پله اوج ميگيرد🥸

يكي از مهمترين كارهاي شما
در ابتداي دولت!
زدن تو دهني با شدت زياد
بر دهان …… گوياني است
كه با جان، مال، عقيده، اعتقاد، عمر،….. ملت ايران در حال گيم هستند!


‎-آگاهي-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

🔥 Researchers publish a proof-of-concept exploit for a critical vulnerability (CVE-2021-1675) affecting Microsoft Windows operating systems
Details — https://thehackernews.com/2021/06/researchers-leak-poc-exploit-for.html

International law enforcement agencies seized the domain, servers and logs of the Russia-based DoubleVPN service for providing a safe haven for cybercriminals to cover their tracks.
Read: https://thehackernews.com/2021/06/authorities-seize-doublevpn-service.html


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10

5.1.3 Log Security
Infrastructure and system-level administrators need to protect the integrity and availability of log data, and often protect its confidentiality as well. Section 5.1.2 describes log storage and archival practices, which support availability. Additional security considerations for securing logs on systems, in storage, and in transit include the following:
Limit access to log files. Users should not have any access to most log files unless some level of access is necessary for creating log entries. If so, users should have append-only privileges and no read access if possible. Users should not be able to rename, delete, or perform other file-level operations on log files.
Avoid recording unneeded sensitive data. Some logs may record sensitive data, such as passwords, that does not need to be logged. When feasible, logging should be configured not to record information that is not required and would present a substantial risk if accessed by unauthorized parties.
Protect archived log files. This could include creating and securing message digests for the files, encrypting log files, and providing adequate physical protection for archival media.
Secure the processes that generate the log entries. Unauthorized parties should not be able to manipulate log source processes, executable files, configuration files, or other components of the log sources that could impact logging.
Configure each log source to behave appropriately when logging errors occur. For example, logging might be considered so important for a particular log source that the log source should be configured to suspend its functionality completely when logging fails. Another example is handling full log files, as described in Section 5.1.2.
Implement secure mechanisms for transporting log data from the system to the centralized log management servers, if such protection is needed and not provided automatically by the log management infrastructure. Many transport protocols, such as FTP and Hypertext Transfer Protocol (HTTP), do not provide protection. An administrator might need to upgrade a system’s logging software to a version that has additional security features, or to encrypt the logging communications through a separate protocol such as Internet Protocol Security (IPsec) or SSL.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10

Next Black Hills Information Security webcast is on -- Attack Tactics 8 - Poison the Well w/ Jordan Drysdale & David Fletcher -- Thursday, 7/1 - 1pm ET -- Register: https://lnkd.in/dF5uyh6

This BHIS webcast is a collection of red team tactics that demonstrate some seriously scary vulnerabilities. 

Join the BHIS Discord Server to participate in live discussion with the presenters and fellow attendees during the webcast -- https://discord.gg/bhis


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10

Red Team Tactics
1. Finding DOM Polyglot XSS in PayPal the Easy Way
https://portswigger.net/research/finding-dom-polyglot-xss-in-paypal-the-easy-way
2. VNC Penetration Testing😀
https://www.hackingarticles.in/vnc-penetration-testing

Malware analysis
1. SMB Worm “Indexsinas” Uses Lateral Movement to Infect Whole Networks
https://www.guardicore.com/labs/smb-worm-indexsinas
2. Detecting new crypto mining attack targeting Kubeflow and TensorFlow
https://sysdig.com/blog/crypto-mining-kubeflow-tensorflow-falco

exploit
CVE-2020-15368:
How to exploit a vulnerable windows driver.👍🏽
Exploit for AsrDrv104.sys
https://github.com/stong/CVE-2020-15368

Multiple vulnerabilities in Cisco Identity Services Engine (XSS to RCE as root)😎
https://github.com/pedrib/PoC/blob/master/advisories/Cisco/cisco_ise_rce.md


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10

Research
"A Mirage of Safety:
Bug Finding and Exploit Techniques of Top Android Vendor's Privacy Protection Apps", 2021.
https://xlab.tencent.com/en/2021/05/14/A-Mirage-of-Safety-Bug-Finding-and-Exploit-Techniques-of-Top-Android-Vendors-Privacy-Protection-Apps
// A1: Attack from malicious apps
A2: Attack from malicious apps which can gain system previledge
A3: Attackers have physically compromise the phone

Threat Research
1. CVE-2018-18472:
Western Digital My Book Live Mass Exploitation
https://censys.io/blog/cve-2018-18472-western-digital-my-book-live-mass-exploitation
2. RTSP NAT Slipstream on Google Chrome 89.0
(PoC for CVE-2021-21210)
https://vovohelo.medium.com/how-i-found-my-first-chrome-bug-cve-2021-21210-248a21272248
]-> NAT Slipstream samples:
https://github.com/bananabr/natslipstream

Red Team Tactics
1. GateKeeper macOS Bypass
https://theevilbit.github.io/posts/gatekeeper_not_a_bypass
2. Metadata service MITM allows root privilege escalation (EKS/GKE)
https://blog.champtar.fr/Metadata_MITM_root_EKS_GKE

Threat
1. An EPYC escape:
Case-study of a KVM breakout (PoC for CVE-2021-29657)
https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html?m=0
2. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10