QFuzz.pdf
1.3 MB
Research
"QFuzz: Quantitative Fuzzing for Side Channels", 2021.
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
"QFuzz: Quantitative Fuzzing for Side Channels", 2021.
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
Offensive security
1. ETW-based process injection detection
https://github.com/xinbailu/TiEtwAgent
2. Exploiting LESS.JS to Achieve RCE
https://www.softwaresecured.com/exploiting-less-js
Blue Team Techniques
1. A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE
https://github.com/byt3bl33d3r/ItWasAllADream
2. RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps
https://github.com/BSI-Bund/RdpCacheStitcher
exploit
CVE-2021-3281:
There is a Directory Traversal vulnerability in django.utils.archive.py, lineno:171, in Class TarArchive
https://github.com/lwzSoviet/CVE-2021-3281
CVE-2020-7378:
Password Reset Vulnerability in OpenCRX (Unauthenticated Account Take Over)
https://github.com/ruthvikvegunta/openCRX-CVE-2020-7378
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
1. ETW-based process injection detection
https://github.com/xinbailu/TiEtwAgent
2. Exploiting LESS.JS to Achieve RCE
https://www.softwaresecured.com/exploiting-less-js
Blue Team Techniques
1. A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE
https://github.com/byt3bl33d3r/ItWasAllADream
2. RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps
https://github.com/BSI-Bund/RdpCacheStitcher
exploit
CVE-2021-3281:
There is a Directory Traversal vulnerability in django.utils.archive.py, lineno:171, in Class TarArchive
https://github.com/lwzSoviet/CVE-2021-3281
CVE-2020-7378:
Password Reset Vulnerability in OpenCRX (Unauthenticated Account Take Over)
https://github.com/ruthvikvegunta/openCRX-CVE-2020-7378
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
GitHub
GitHub - xuanxuan0/TiEtwAgent: PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
PoC memory injection detection agent based on ETW, for offensive and defensive research purposes - xuanxuan0/TiEtwAgent
Microsoft AutoML - Neural Architecture Search
Github: https://github.com/microsoft/AutoML
Paper: https://arxiv.org/abs/2107.00651v1
Models: https://drive.google.com/drive/folders/1NLGAbBF9bA1IUAxKlk2VjgRXhr6RHvRW
Dataset: https://paperswithcode.com/dataset/cifar-10
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
Github: https://github.com/microsoft/AutoML
Paper: https://arxiv.org/abs/2107.00651v1
Models: https://drive.google.com/drive/folders/1NLGAbBF9bA1IUAxKlk2VjgRXhr6RHvRW
Dataset: https://paperswithcode.com/dataset/cifar-10
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
GitHub
GitHub - microsoft/Cream: This is a collection of our NAS and Vision Transformer work.
This is a collection of our NAS and Vision Transformer work. - microsoft/Cream
از Copilot ، ابزار هوش مصنوعی گیتهاب و OpenAI رونمایی شد
این ابزار به اپلیکیشن ویژوال استودیو کد ادیتور اضافه شود و در کدنویسی به کاربر کامل کند. گیتهاب اعلام کرد که ابزار Copilot قادر به ارائه عملکردی فراتر از ارائه کدهای از پیش تعریفشده به آن است. بدین معنی که میتواند کدی را که پیشتر نوشته شده را تجزیه و تحلیل کرده و یک کد جدید مطابق با آن را ایجاد کند.
نمونههایی که در وبسایت این پروژه ثبت شده، نشان میدهد که این ابزار قادر است به صورت خودکار، کدهایی را برای ایمپورت (وارد) کردن توییتها، ترسیم نقشههای پراکندگی و به دست آوردن رتبه در Goodreads را بنویسد.
به گفته نت فریمن، مدیرعامل گیتهاب، ابزار Copilot با زبانهای برنامهنویسی پایتون، جاوا اسکریپ، تایپ اسکریپ، رابی (Ruby) و Go سازگار است. گیتها از این دستاورد به عنوان تحولی بزرگ در برنامهنویسی دو نفره یاد میکند. جایی که دو کدنویس روی یک پروژه کار میکنند و اشکالات یکدیگر را اصلاح کنند و فرآیند توسعه را سرعت ببخشند. در اینجا، ابزار Copilot نقش کدنویس دوم را ایفا و به صورت مجازی همراهی میکند.
https://copilot.github.com/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
این ابزار به اپلیکیشن ویژوال استودیو کد ادیتور اضافه شود و در کدنویسی به کاربر کامل کند. گیتهاب اعلام کرد که ابزار Copilot قادر به ارائه عملکردی فراتر از ارائه کدهای از پیش تعریفشده به آن است. بدین معنی که میتواند کدی را که پیشتر نوشته شده را تجزیه و تحلیل کرده و یک کد جدید مطابق با آن را ایجاد کند.
نمونههایی که در وبسایت این پروژه ثبت شده، نشان میدهد که این ابزار قادر است به صورت خودکار، کدهایی را برای ایمپورت (وارد) کردن توییتها، ترسیم نقشههای پراکندگی و به دست آوردن رتبه در Goodreads را بنویسد.
به گفته نت فریمن، مدیرعامل گیتهاب، ابزار Copilot با زبانهای برنامهنویسی پایتون، جاوا اسکریپ، تایپ اسکریپ، رابی (Ruby) و Go سازگار است. گیتها از این دستاورد به عنوان تحولی بزرگ در برنامهنویسی دو نفره یاد میکند. جایی که دو کدنویس روی یک پروژه کار میکنند و اشکالات یکدیگر را اصلاح کنند و فرآیند توسعه را سرعت ببخشند. در اینجا، ابزار Copilot نقش کدنویس دوم را ایفا و به صورت مجازی همراهی میکند.
https://copilot.github.com/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
GitHub
GitHub Copilot
AI that builds with you
Abusing SIP for Cross-Site Scripting? Most definitely
https://www.rtcsec.com/post/2021/06/abusing-sip-for-cross-site-scripting-most-definitely/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
https://www.rtcsec.com/post/2021/06/abusing-sip-for-cross-site-scripting-most-definitely/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
AZ-500 Study Guide: Microsoft Azure Security Technologies 2021
يك منبع خوب براي ادرس دهي سرفصل هاي دوره ترند و جذاب امنيت آژور ابري
The content of the AZ-500 Microsoft Azure Security Technologies exam was just updated in January 2021. That is why I want to share my new updated AZ-500: Microsoft Azure Security Technologies Certification Exam Study Guide for 2021 with you. If you are passing the AZ-500 exam, you will earn the Microsoft Certified: Azure Security Engineer Associate certification, that you understand how to implement security controls and threat protection; manage identity and access; and protect data, applications, and networks in cloud and hybrid environments as part of end-to-end infrastructure
https://www.thomasmaurer.ch/2020/05/az-500-study-guide-microsoft-azure-security-technologies-2021/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
يك منبع خوب براي ادرس دهي سرفصل هاي دوره ترند و جذاب امنيت آژور ابري
The content of the AZ-500 Microsoft Azure Security Technologies exam was just updated in January 2021. That is why I want to share my new updated AZ-500: Microsoft Azure Security Technologies Certification Exam Study Guide for 2021 with you. If you are passing the AZ-500 exam, you will earn the Microsoft Certified: Azure Security Engineer Associate certification, that you understand how to implement security controls and threat protection; manage identity and access; and protect data, applications, and networks in cloud and hybrid environments as part of end-to-end infrastructure
https://www.thomasmaurer.ch/2020/05/az-500-study-guide-microsoft-azure-security-technologies-2021/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
Thomas Maurer
AZ-500 Study Guide: Microsoft Azure Security Technologies 2021
The content of the AZ-500 Microsoft Azure Security Technologies exam was just updated in January 2021. That is why I want to share my new updated AZ-500: Microsoft Azure Security Technologies Certification Exam Study Guide for 2021 with you. If you are passing…
در سلوک قرآنی، تو باید از هفت موقف بگذری.
این هفت موقف را می توانی در هفت آیه سوره ی "حمد" ببینی.
حرکت از پایین به بالاست.
از هفتمین آیه، تا اولین آن.
یعنی از "ضالّین" (گمگشتگان) تا خود "بسم الله الرحمن الرحیم".
تو با این سیر، از تاریکی به نور، از جهل به آگاهی، و از رنج به رحمت مطلق نائل می شوی.
این عروجی از اسفل به اعلی❤️ است.
ابتدا به گمگشتگی ات واقف و خود را ازسیطره ی غضب شدگان می رهانی و به حوزه ی اهل نعمت وارد می کنی
آنگاه هدایت الهی را تسلیم وار می پذیری، سپس از چندگانگی رها، و فقط یگانگی را پاس میداری
قیامتت در آیه ی چهارم برپا می شود
آنگاه رحمت واسعه تو را پذیرا شده و پس از این پیروزی، سرشار از "حمد" به پروردگار جهانیان میگردی، و همو مهربانانه تو را به مرجع اصلی ات، واصِل می نماید.
این است سیر "اِنّا لِله و اِنّا اِلَیهِ راجِعُونَ".
همه از خداییم و به سوی خدا بازمیگردیم
http://www.coca.ir/wp-content/uploads/2019/04/babel-music.mp3
- دمت گرم تو هستي24/7
، سرت سلامت يا هو-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
این هفت موقف را می توانی در هفت آیه سوره ی "حمد" ببینی.
حرکت از پایین به بالاست.
از هفتمین آیه، تا اولین آن.
یعنی از "ضالّین" (گمگشتگان) تا خود "بسم الله الرحمن الرحیم".
تو با این سیر، از تاریکی به نور، از جهل به آگاهی، و از رنج به رحمت مطلق نائل می شوی.
این عروجی از اسفل به اعلی❤️ است.
ابتدا به گمگشتگی ات واقف و خود را ازسیطره ی غضب شدگان می رهانی و به حوزه ی اهل نعمت وارد می کنی
آنگاه هدایت الهی را تسلیم وار می پذیری، سپس از چندگانگی رها، و فقط یگانگی را پاس میداری
قیامتت در آیه ی چهارم برپا می شود
آنگاه رحمت واسعه تو را پذیرا شده و پس از این پیروزی، سرشار از "حمد" به پروردگار جهانیان میگردی، و همو مهربانانه تو را به مرجع اصلی ات، واصِل می نماید.
این است سیر "اِنّا لِله و اِنّا اِلَیهِ راجِعُونَ".
همه از خداییم و به سوی خدا بازمیگردیم
http://www.coca.ir/wp-content/uploads/2019/04/babel-music.mp3
- دمت گرم تو هستي24/7
، سرت سلامت يا هو-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
https://m365internals.com/2021/07/05/why-are-windows-defender-av-logs-so-important-and-how-to-monitor-them-with-azure-sentinel/amp/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
If your super new to Hacking and want to learn how to get started ? Just sign up to Tryhackme and keep working on from fundamentals hands on
https://tryhackme.com/signup?referrer=1ccc5534746cbb252bb294b80df1ce7c7ebe2037
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
https://tryhackme.com/signup?referrer=1ccc5534746cbb252bb294b80df1ce7c7ebe2037
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
TryHackMe
TryHackMe | Cyber Security Training
TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!
https://www.xmind.net/m/8Hkymg/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
Xmind
2FA Bypass Techniques
A Mind Map about 2FA Bypass Techniques submitted by Harsh Bothra on Jun 5, 2021. Created with Xmind.
WARNING — Microsoft's emergency patch update for the PrintNightmare RCE exploit fails to fully address the Windows vulnerability & can be bypassed in certain scenarios, allowing attackers to execute arbitrary code on infected systems.
Details: https://thehackernews.com/2021/07/microsofts-emergency-patch-fails-to.html
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
Details: https://thehackernews.com/2021/07/microsofts-emergency-patch-fails-to.html
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
Phishing links (T1566.002) are still one of the most used initial access techniques. A long time ago, I wrote a blog about how to analyze URLs that users click inside the Outlook app with Sysmon.
Hunting Phishing URLs in Emails with Sysmon
Being an important attack vector, phishing emails are hard to detect. Thanks to Microsoft Sysmon, we can track or detect…
mergene.medium.com
In this post, I’ll explain how to extract those URLs with KQL and perform threat hunting. Since the new attacks are evolved and a phishing link can be inside a PDF or a Word file, I’ll cover Office, PDF, and other apps as well.
https://posts.bluraven.io/hunting-for-phishing-links-using-sysmon-and-kql-e87d1118ce5e
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
Hunting Phishing URLs in Emails with Sysmon
Being an important attack vector, phishing emails are hard to detect. Thanks to Microsoft Sysmon, we can track or detect…
mergene.medium.com
In this post, I’ll explain how to extract those URLs with KQL and perform threat hunting. Since the new attacks are evolved and a phishing link can be inside a PDF or a Word file, I’ll cover Office, PDF, and other apps as well.
https://posts.bluraven.io/hunting-for-phishing-links-using-sysmon-and-kql-e87d1118ce5e
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
Medium
Hunting Phishing URLs in Emails with Sysmon
Being a important attack vector, phishing emails are hard to detect. Thanks to Microsoft Sysmon, we can track or detect phishing attacks.
SideCopy cyber-espionage APT group—potentially linked to Pakistan—has been observed increasingly targeting Indian government personnel with as many as 4 new custom remote-access #malware.
Details: https://thehackernews.com/2021/07/sidecopy-hackers-target-indian.html
Cybersecurity researchers uncovered a new ongoing cyberespionage campaign targeting corporate networks with malware in Spanish-speaking countries, specifically Venezuela, to spy on their victims.
How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare (CVE-2021-34527)
https://thehackernews.com/2021/07/how-to-mitigate-microsoft-print-spooler.html
Read: https://thehackernews.com/2021/07/experts-uncover-malware-attacks.html
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
Details: https://thehackernews.com/2021/07/sidecopy-hackers-target-indian.html
Cybersecurity researchers uncovered a new ongoing cyberespionage campaign targeting corporate networks with malware in Spanish-speaking countries, specifically Venezuela, to spy on their victims.
How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare (CVE-2021-34527)
https://thehackernews.com/2021/07/how-to-mitigate-microsoft-print-spooler.html
Read: https://thehackernews.com/2021/07/experts-uncover-malware-attacks.html
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
“Security and development teams need to discuss standards for languages and frameworks to make sure risk is acceptable before deployment.”
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
امنيت انفرادي نيست، تيم محور است.
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
مركز عمليات امنيت شما در چه وضعيتي هست!؟اصلا كمكي به تداوم امن كسب و كار شما داشته!؟آيا پيش نياز هاي آن را در نظر گرفتيد!؟الان كه اين مركز در سازمان شما وجود دارد،نسبت به قبل چه متريك هاي اثر بخشي را ميتوانيد مديريت كنيد!؟
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
“Today, organizations can build in security as an integrated part of the migration to IaaS services, optimizing security processes so they can be extended to work seamlessly across both local and external services.”
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.17
WATCH OUT!
Hackers have been found to use a new technique to completely disable macro security warnings in Office files—without requiring user interaction—and infect victims' computers with malware.
Read: https://thehackernews.com/2021/07/hackers-use-new-trick-to-disable-macro.html
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.18
Hackers have been found to use a new technique to completely disable macro security warnings in Office files—without requiring user interaction—and infect victims' computers with malware.
Read: https://thehackernews.com/2021/07/hackers-use-new-trick-to-disable-macro.html
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.18
Red Team Tactics
1. Open-Source PE Packer
https://iwantmore.pizza/posts/PEzor4.html
]-> https://github.com/phra/PEzor
2. XNU IPC - Mach messages
https://dmcyk.xyz/post/xnu_ipc_i_mach_messages
3. Avoiding Fork&Run .NET Execution With InlineExecute-Assembly
https://securityintelligence.com/posts/net-execution-inlineexecute-assembly
]-> Beacon Object File PoC:
https://github.com/xforcered/InlineExecute-Assembly
Blue Team Techniques
API Security Need to Know:
Top 5 Authentication Pitfalls
https://www.cequence.ai/blog/api-security-need-to-know-top-5-authentication-pitfalls
Threat Research
CVE-2021-28474:
SharePoint RCE via Server-Side Control Interpretation Conflict
https://www.zerodayinitiative.com/blog/2021/7/7/cve-2021-28474-sharepoint-remote-code-execution-via-server-side-control-interpretation-conflict
Cloud Security
REST API Fuzz Testing (RAFT):
Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enables developers to embed security tooling into their CI/CD workflows
https://github.com/microsoft/rest-api-fuzz-testing
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.18
1. Open-Source PE Packer
https://iwantmore.pizza/posts/PEzor4.html
]-> https://github.com/phra/PEzor
2. XNU IPC - Mach messages
https://dmcyk.xyz/post/xnu_ipc_i_mach_messages
3. Avoiding Fork&Run .NET Execution With InlineExecute-Assembly
https://securityintelligence.com/posts/net-execution-inlineexecute-assembly
]-> Beacon Object File PoC:
https://github.com/xforcered/InlineExecute-Assembly
Blue Team Techniques
API Security Need to Know:
Top 5 Authentication Pitfalls
https://www.cequence.ai/blog/api-security-need-to-know-top-5-authentication-pitfalls
Threat Research
CVE-2021-28474:
SharePoint RCE via Server-Side Control Interpretation Conflict
https://www.zerodayinitiative.com/blog/2021/7/7/cve-2021-28474-sharepoint-remote-code-execution-via-server-side-control-interpretation-conflict
Cloud Security
REST API Fuzz Testing (RAFT):
Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enables developers to embed security tooling into their CI/CD workflows
https://github.com/microsoft/rest-api-fuzz-testing
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.18
GitHub
GitHub - phra/PEzor: Open-Source Shellcode & PE Packer
Open-Source Shellcode & PE Packer. Contribute to phra/PEzor development by creating an account on GitHub.
ما برق نداریم یکیتون تلوزیون رو روشن کنه ببینه صداوسیما در مورد مزیتهای رفتن برق داره چی میگه؟
-😨-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.18
-😨-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.18