Cross-team Collaboration on SOC Audits

https://www.linkedin.com/posts/alirezaghahrood_cross-team-collaboration-on-soc-audits-activity-6815847505138348032-CNOu

‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

AI-ML in Cyber Security

https://www.linkedin.com/posts/alirezaghahrood_%D9%87%D9%88%D8%B4-%D9%85%D8%B5%D9%86%D9%88%D8%B9%DB%8C-%DB%8C%D8%A7%D8%AF%DA%AF%DB%8C%D8%B1%DB%8C-%D9%85%D8%A7%D8%B4%DB%8C%D9%86-%D9%88-%D8%B9%D9%85%DB%8C%D9%82-%D8%AF%D8%B1-%D8%A7%D9%85%D9%86%DB%8C%D8%AA-activity-6815853968795688960-T89D


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

كتاب امسال🤓دوس داشتيم!


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

Bash😙


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

Cyber Operations
Building, Defending, and Attacking Modern Computer Networks


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

(گوته)
نیاسایید،
زندگی در گذر است؛
بروید و دلیری کنید،
و پیش از آنکه بمیرید چیزی نیرومند و متعالی از خود بجای گذارید تا بر زمان چیره شوید.

پ ن:
انسان نباید بیندیشد که بهتر از دیگران هست یا نیست ، بلکه باید بیندیشد که می‌تواند بهتر از آن چیزی که خودش هست باشد ! هر کسی شایسته بهتر بودن نسبت به خودش است ...


-🙂-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

GitHub has launched a new AI-powered code completion tool — Copilot — to help software developers write better code in a variety of programming languages, including Python, #JavaScript, TypeScript, Ruby, and Go.
Read details: https://thehackernews.com/2021/06/github-launches-copilot-ai-powered-code.html


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

اقاي رئيس جمهور
خيلي از آرزو هاي نسل جوان و سوخته اين خاك به واسطه
عدم مديريت مسولين به دست باد رفته، دروغ چرا در ٤٢ سال اخير
رويه رو به رشدي با محوريت رفاه مردم وعدالت ….
بصورت كلي ديده نشده حداقل از سمت جمعيتي!
حداقل با روح و روان و شعور!!!! ملت بازي نكنيد!!!

موج پله پله اوج ميگيرد🥸

يكي از مهمترين كارهاي شما
در ابتداي دولت!
زدن تو دهني با شدت زياد
بر دهان …… گوياني است
كه با جان، مال، عقيده، اعتقاد، عمر،….. ملت ايران در حال گيم هستند!


‎-آگاهي-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.09

🔥 Researchers publish a proof-of-concept exploit for a critical vulnerability (CVE-2021-1675) affecting Microsoft Windows operating systems
Details — https://thehackernews.com/2021/06/researchers-leak-poc-exploit-for.html

International law enforcement agencies seized the domain, servers and logs of the Russia-based DoubleVPN service for providing a safe haven for cybercriminals to cover their tracks.
Read: https://thehackernews.com/2021/06/authorities-seize-doublevpn-service.html


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10

5.1.3 Log Security
Infrastructure and system-level administrators need to protect the integrity and availability of log data, and often protect its confidentiality as well. Section 5.1.2 describes log storage and archival practices, which support availability. Additional security considerations for securing logs on systems, in storage, and in transit include the following:
Limit access to log files. Users should not have any access to most log files unless some level of access is necessary for creating log entries. If so, users should have append-only privileges and no read access if possible. Users should not be able to rename, delete, or perform other file-level operations on log files.
Avoid recording unneeded sensitive data. Some logs may record sensitive data, such as passwords, that does not need to be logged. When feasible, logging should be configured not to record information that is not required and would present a substantial risk if accessed by unauthorized parties.
Protect archived log files. This could include creating and securing message digests for the files, encrypting log files, and providing adequate physical protection for archival media.
Secure the processes that generate the log entries. Unauthorized parties should not be able to manipulate log source processes, executable files, configuration files, or other components of the log sources that could impact logging.
Configure each log source to behave appropriately when logging errors occur. For example, logging might be considered so important for a particular log source that the log source should be configured to suspend its functionality completely when logging fails. Another example is handling full log files, as described in Section 5.1.2.
Implement secure mechanisms for transporting log data from the system to the centralized log management servers, if such protection is needed and not provided automatically by the log management infrastructure. Many transport protocols, such as FTP and Hypertext Transfer Protocol (HTTP), do not provide protection. An administrator might need to upgrade a system’s logging software to a version that has additional security features, or to encrypt the logging communications through a separate protocol such as Internet Protocol Security (IPsec) or SSL.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10

Next Black Hills Information Security webcast is on -- Attack Tactics 8 - Poison the Well w/ Jordan Drysdale & David Fletcher -- Thursday, 7/1 - 1pm ET -- Register: https://lnkd.in/dF5uyh6

This BHIS webcast is a collection of red team tactics that demonstrate some seriously scary vulnerabilities. 

Join the BHIS Discord Server to participate in live discussion with the presenters and fellow attendees during the webcast -- https://discord.gg/bhis


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10

Red Team Tactics
1. Finding DOM Polyglot XSS in PayPal the Easy Way
https://portswigger.net/research/finding-dom-polyglot-xss-in-paypal-the-easy-way
2. VNC Penetration Testing😀
https://www.hackingarticles.in/vnc-penetration-testing

Malware analysis
1. SMB Worm “Indexsinas” Uses Lateral Movement to Infect Whole Networks
https://www.guardicore.com/labs/smb-worm-indexsinas
2. Detecting new crypto mining attack targeting Kubeflow and TensorFlow
https://sysdig.com/blog/crypto-mining-kubeflow-tensorflow-falco

exploit
CVE-2020-15368:
How to exploit a vulnerable windows driver.👍🏽
Exploit for AsrDrv104.sys
https://github.com/stong/CVE-2020-15368

Multiple vulnerabilities in Cisco Identity Services Engine (XSS to RCE as root)😎
https://github.com/pedrib/PoC/blob/master/advisories/Cisco/cisco_ise_rce.md


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10

Research
"A Mirage of Safety:
Bug Finding and Exploit Techniques of Top Android Vendor's Privacy Protection Apps", 2021.
https://xlab.tencent.com/en/2021/05/14/A-Mirage-of-Safety-Bug-Finding-and-Exploit-Techniques-of-Top-Android-Vendors-Privacy-Protection-Apps
// A1: Attack from malicious apps
A2: Attack from malicious apps which can gain system previledge
A3: Attackers have physically compromise the phone

Threat Research
1. CVE-2018-18472:
Western Digital My Book Live Mass Exploitation
https://censys.io/blog/cve-2018-18472-western-digital-my-book-live-mass-exploitation
2. RTSP NAT Slipstream on Google Chrome 89.0
(PoC for CVE-2021-21210)
https://vovohelo.medium.com/how-i-found-my-first-chrome-bug-cve-2021-21210-248a21272248
]-> NAT Slipstream samples:
https://github.com/bananabr/natslipstream

Red Team Tactics
1. GateKeeper macOS Bypass
https://theevilbit.github.io/posts/gatekeeper_not_a_bypass
2. Metadata service MITM allows root privilege escalation (EKS/GKE)
https://blog.champtar.fr/Metadata_MITM_root_EKS_GKE

Threat
1. An EPYC escape:
Case-study of a KVM breakout (PoC for CVE-2021-29657)
https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html?m=0
2. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10

#بحراني #تهديد #حمله-سايبري

انتشار اکسپلویت- آسیب‌پذیری بحرانی
PrintNightmare (CVE-2021-1675)
Remote code execution in Windows Spooler Service

این آسیب‌پذیری بحرانی بوده و تمامی سیستم‌عامل‌های ویندوزی را تحت تاثیر قرار داده و انتشار اکسپلویت آن بصورت عمومی و گسترده بسیار حساس و خطرناک است.

اطلاعات بيشتر

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675

https://github.com/afwu/PrintNightmare

https://github.com/cube0x0/CVE-2021-1675

مايكروسافت هنوز وصله نداده
اما رول هاي شناسايي اين تهديد 😀
براي هوش امنيتي siem هاي وندور هاي مختلف اومده، حالا سازمان شما هوش امنيتي نداره يا درست كانفيگ نشده يا حتي خاموشه نترسيد، نترسيد ما همه با هم هستيم🤲🏻
https://github.com/SigmaHQ/sigma/pull/1588/files

ميبايست تا زمان ارائه وصله از مایکروسافت، در اقدامی فوری بدون چنچ😁مثل ساير اقداماتي كه درس سازمان هاي مختلف ثبت سوابق نميشود و در كميته cab اي مطرح نمي شود🥸 سرویس spooler روی Domain Controllerها
غير فعال
شود


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10

بعد از فارابی، ابن سینا و مولوی و... اکنون نوبت نظامی است .
پرژه‌ای مشترک از باکو و ترکیه چند روز پیش در دانشگاه آتاترک ترکیه جمع شدند و نظامی را هم تُرک کردند مانده‌ام با اشعارش چکار خواهند کرد:
همه عالم تنست و ایران دل نیست
گوینده زین قیاس خجل


-از درو و ديوار ميخوريم!-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10

List of awesome reverse engineering resources
https://github.com/wtsxDev/reverse-engineering


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10

Bug Bounty Bootcamp - The Guide to Finding and Reporting Web Vulnerabilities 2021

Info: https://lnkd.in/dwujwzq


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10


#bugbounty #bugbountytips #bughunting #bugcrowd #hackerone

Bug Bounty Bootcamp - The Guide to Finding and Reporting Web Vulnerabilities 2021


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10


#bugbounty #bugbountytips #bughunting #bugcrowd #hackerone

Researchers warn of ongoing cyberattacks coordinated by a Chinese-speaking threat actor targeting the Afghan government.

https://thehackernews.com/2021/07/indigozebra-apt-hacking-campaign.html


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10

https://azurecloudai.blog/2021/06/30/how-to-use-the-watchlists-logic-app-connector-for-azure-sentinel/amp/


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10

حاصل نظام تربیت و آموزش

راي به براندازي نظام آموزشي داخل كشور آيا!


- نظر شما چيست!؟-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.10