Schneier on Security
https://lnkd.in/dUJq3DE
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
https://lnkd.in/dUJq3DE
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
Trust Me, I'm Certified Episode List
https://lnkd.in/dPDjN-w
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
https://lnkd.in/dPDjN-w
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
All CompTIA courses are free on ITProTV for one weekend only! Become a free member today and log in July 24-15th to access the free courses. https://bit.ly/3yKYkPV
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
کاش باور داشتیم هر روز تولدمون هست هر روز که خداوند به ما مهلت زندگی دوباره میدهد بایستی تولدمان را جشن بگیریم اما افسوس که ما فقط سالروز اولین به دنیا آمدنمان را جشن میگیریم.
اين هفته😼🤪😁 سالروز اولین به دنیا آمدنم هست و فردا سالروز دومین به دنیا امدنم.
افسوس که روزهای مهم کم اهمیت و گاه بی اهمیت میشوند.
امیدوارم هیچیک از ما دچار فراموشی نشده و از یاد نبریم که تولد یعنی دوباره زیستن به شیوه انسانی تر🤲🏻❤️✌🏼😇
پ ن:
Special Thanks of ASPC
-HBD + Fine tune 😀😊😾-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
اين هفته😼🤪😁 سالروز اولین به دنیا آمدنم هست و فردا سالروز دومین به دنیا امدنم.
افسوس که روزهای مهم کم اهمیت و گاه بی اهمیت میشوند.
امیدوارم هیچیک از ما دچار فراموشی نشده و از یاد نبریم که تولد یعنی دوباره زیستن به شیوه انسانی تر🤲🏻❤️✌🏼😇
پ ن:
Special Thanks of ASPC
-HBD + Fine tune 😀😊😾-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.23
Wireshark is a very important tool when your in Cyber, check this cool website to learn and practice more about it.
https://www.malware-traffic-analysis.net/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
https://www.malware-traffic-analysis.net/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
July 2021 Patch Tuesday updates released by:
1 — Microsoft
2 — Adobe
3 — Google Android
4 — SAP
5 — VMware
6 — Citrix
7 — Linux
8 — Siemens
9 — Schneider Electric
Read:
https://thehackernews.com/2021/07/update-your-windows-pcs-to-patch-117.html
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
1 — Microsoft
2 — Adobe
3 — Google Android
4 — SAP
5 — VMware
6 — Citrix
7 — Linux
8 — Siemens
9 — Schneider Electric
Read:
https://thehackernews.com/2021/07/update-your-windows-pcs-to-patch-117.html
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
https://github.com/CyberSecurityUP/PNPT-Preparation-Guide
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
GitHub
GitHub - CyberSecurityUP/PNPT-Preparation-Guide: PNPT Exam Preparation - TCM Security
PNPT Exam Preparation - TCM Security. Contribute to CyberSecurityUP/PNPT-Preparation-Guide development by creating an account on GitHub.
Threat Research
1. Risk Assessment of GitHub Copilot😎
https://gist.github.com/0xabad1dea/be18e11beb2e12433d93475d72016902
2. Guided tour inside WinDefender’s network inspection driver
https://blog.quarkslab.com/guided-tour-inside-windefenders-network-inspection-driver.html
Offensive security
C# port of WMImplant which uses either CIM or WMI to query remote systems🧐
https://github.com/FortyNorthSecurity/CIMplant
exploit
Windows10 21H1 - CreateProcessWithLogon Write Restricted Service EoP (PoC)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2194
Research
How the Kaseya VSA Zero Day Exploit Worked
https://blog.truesec.com/2021/07/06/kaseya-vsa-zero-day-exploit
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
1. Risk Assessment of GitHub Copilot😎
https://gist.github.com/0xabad1dea/be18e11beb2e12433d93475d72016902
2. Guided tour inside WinDefender’s network inspection driver
https://blog.quarkslab.com/guided-tour-inside-windefenders-network-inspection-driver.html
Offensive security
C# port of WMImplant which uses either CIM or WMI to query remote systems🧐
https://github.com/FortyNorthSecurity/CIMplant
exploit
Windows10 21H1 - CreateProcessWithLogon Write Restricted Service EoP (PoC)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2194
Research
How the Kaseya VSA Zero Day Exploit Worked
https://blog.truesec.com/2021/07/06/kaseya-vsa-zero-day-exploit
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
Gist
Risk Assessment of GitHub Copilot
Risk Assessment of GitHub Copilot. GitHub Gist: instantly share code, notes, and snippets.
Exploitation of a Double Free Vulnerability in Ubuntu ShiftFS Driver (CVE-2021-3492)
https://www.synacktiv.com/publications/exploitation-of-a-double-free-vulnerability-in-ubuntu-shiftfs-driver-cve-2021-3492.html
]-> PoC:
https://github.com/synacktiv/CVE-2021-3492/blob/master/exploit/main.c
Red Team Tactics
Pen-Testing Salesforce Apps
Part 1 - Concepts:
https://infosecwriteups.com/in-simple-words-pen-testing-salesforce-saas-application-part-1-the-essentials-ffae632a00e5
Part 2 - Fuzz & Exploit:
https://infosecwriteups.com/in-simple-words-pen-testing-salesforce-saas-application-part-2-fuzz-exploit-eefae11ba5ae
Blue Team Techniques
1. Walkthrough of DFIR Madness PCAP
https://www.netresec.com/?page=Blog&month=2021-07&post=Walkthrough-of-DFIR-Madness-PCAP
2. Investigating a Suspicious Service
https://www.mdsec.co.uk/2021/07/investigating-a-suspicious-service
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
https://www.synacktiv.com/publications/exploitation-of-a-double-free-vulnerability-in-ubuntu-shiftfs-driver-cve-2021-3492.html
]-> PoC:
https://github.com/synacktiv/CVE-2021-3492/blob/master/exploit/main.c
Red Team Tactics
Pen-Testing Salesforce Apps
Part 1 - Concepts:
https://infosecwriteups.com/in-simple-words-pen-testing-salesforce-saas-application-part-1-the-essentials-ffae632a00e5
Part 2 - Fuzz & Exploit:
https://infosecwriteups.com/in-simple-words-pen-testing-salesforce-saas-application-part-2-fuzz-exploit-eefae11ba5ae
Blue Team Techniques
1. Walkthrough of DFIR Madness PCAP
https://www.netresec.com/?page=Blog&month=2021-07&post=Walkthrough-of-DFIR-Madness-PCAP
2. Investigating a Suspicious Service
https://www.mdsec.co.uk/2021/07/investigating-a-suspicious-service
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
Synacktiv
Exploitation of a double free vulnerability in Ubuntu shiftfs driver
Threat Research
CVE-2021-22555 - heap out-of-bounds write vulnerability in Linux Netfilter
https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
]-> PoC Exploit:
https://github.com/google/security-research/tree/master/pocs/linux/cve-2021-22555
Red Team Tactics
1. Tool for taking over Active Directory user/computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account👍🏽
https://github.com/eladshamir/Whisker
2. Discovering an Authentication Bypass with r2 and Frida
https://bananamafia.dev/post/satisfyer
Malware analysis
1. LuminousMoth APT:
Sweeping attacks for the chosen few
https://securelist.com/apt-luminousmoth/103332
2. Joker Android Fleezware
https://blog.zimperium.com/joker-is-still-no-laughing-matter
exploit
CVE-2021-1879:
Use-After-Free in QuickTimePluginReplacement
https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-1879.html
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
CVE-2021-22555 - heap out-of-bounds write vulnerability in Linux Netfilter
https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
]-> PoC Exploit:
https://github.com/google/security-research/tree/master/pocs/linux/cve-2021-22555
Red Team Tactics
1. Tool for taking over Active Directory user/computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account👍🏽
https://github.com/eladshamir/Whisker
2. Discovering an Authentication Bypass with r2 and Frida
https://bananamafia.dev/post/satisfyer
Malware analysis
1. LuminousMoth APT:
Sweeping attacks for the chosen few
https://securelist.com/apt-luminousmoth/103332
2. Joker Android Fleezware
https://blog.zimperium.com/joker-is-still-no-laughing-matter
exploit
CVE-2021-1879:
Use-After-Free in QuickTimePluginReplacement
https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-1879.html
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
security-research
CVE-2021-22555: Turning \x00\x00 into 10000$
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.
https://courses.zero2auto.com/beginner-bundle
تحليلگران بد افزار
https://legacy.elearnsecurity.com/course/malware_analysis_professional/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
تحليلگران بد افزار
https://legacy.elearnsecurity.com/course/malware_analysis_professional/
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
A_Fresh_Look_at_Trickbots.pdf
6.2 MB
Whitepaper
"A Fresh Look at Trickbot’s Ever-Improving VNC Module", 2021.
// This new research focuses on an updated VNC module, which includes new functionalities for monitoring and intelligence gathering
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
"A Fresh Look at Trickbot’s Ever-Improving VNC Module", 2021.
// This new research focuses on an updated VNC module, which includes new functionalities for monitoring and intelligence gathering
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
Machine_Learning_and_Cybersecurity.pdf
2.4 MB
Analytics
Machine Learning and Cybersecurity, 2021.
// This report explores the history of machine learning in cybersecurity and the potential it has for transforming cyber defense in the near future
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
Machine Learning and Cybersecurity, 2021.
// This report explores the history of machine learning in cybersecurity and the potential it has for transforming cyber defense in the near future
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
AI_Accidents_An_Emerging_Threat.pdf
319.8 KB
Whitepaper
"AI Accidents: An Emerging Threat", July 2021.
// This policy brief describes how trends we already see today - both in newly deployed artificial intelligence systems and in older technologies - show how damaging the AI accidents of the future could be
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
"AI Accidents: An Emerging Threat", July 2021.
// This policy brief describes how trends we already see today - both in newly deployed artificial intelligence systems and in older technologies - show how damaging the AI accidents of the future could be
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
New_to_Cyber_Field_Manual_1626315498.pdf
315.8 KB
New to Cyber Field Manual
The Ultimate Guide to Getting into Cyber
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
The Ultimate Guide to Getting into Cyber
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
Global Cybersecurity Index 2020.pdf
4.6 MB
Global Cybersecurity Index
2020
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
2020
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
https://github.com/CyberSecurityUP/eWPTX-Preparation
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
-آگاهي رساني امنيت سايبري-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
GitHub
GitHub - CyberSecurityUP/eWPTX-Preparation
Contribute to CyberSecurityUP/eWPTX-Preparation development by creating an account on GitHub.
گاردین با استناد به نتایج یک تحقیق نوشت: هزینه ساخت خودروها و وانت های برقی تا سال ۲۰۲۷ ارزان تر از تولید خودروهای احتراقی با سوخت فسیلی خواهد بود و مقررات محدود کننده انتشار گازهای آلاینده می تواند این خودروها را تا اواسط دهه آینده در رده خودروهای پرفروش قرار دهد.
گاردین افزود: این تحقیق که به سفارش یک سازمان غیرانتفاعی حمل و نقل و محیط زیست مستقر در بروکسل -که برای حمل و نقل پاک در اروپا فعالیت می کند- انجام شده پیش بینی می کند که قیمت باتری های جدید بین سالهای ۲۰۲۰ تا ۲۰۳۰ به میزان ۵۸ درصد کاهش یافته و به ۵۸ دلار در هر کیلووات ساعت می رسد. بر اساس پیش بینی بلومبرگ نِف (Bloomberg NEF) تا سال ۲۰۲۶ وسایل نقلیه بزرگ مانند خودروهای شاسی بلند برقی به نسبت مدل های ساخته شده با استفاده از سوخت فسیلی ارزان تر خواهند بود و خودروهای کوچکتر در سال بعد از آن به همین آستانه خواهند رسید. برابری قیمتی خودروهای برقی با انواع خودروهای سوخت فسیلی، نقطه عطف مهمی در تاریخ حمل و نقل جهان از سوخت فسیلی محسوب خواهد شد.
-trend-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24
گاردین افزود: این تحقیق که به سفارش یک سازمان غیرانتفاعی حمل و نقل و محیط زیست مستقر در بروکسل -که برای حمل و نقل پاک در اروپا فعالیت می کند- انجام شده پیش بینی می کند که قیمت باتری های جدید بین سالهای ۲۰۲۰ تا ۲۰۳۰ به میزان ۵۸ درصد کاهش یافته و به ۵۸ دلار در هر کیلووات ساعت می رسد. بر اساس پیش بینی بلومبرگ نِف (Bloomberg NEF) تا سال ۲۰۲۶ وسایل نقلیه بزرگ مانند خودروهای شاسی بلند برقی به نسبت مدل های ساخته شده با استفاده از سوخت فسیلی ارزان تر خواهند بود و خودروهای کوچکتر در سال بعد از آن به همین آستانه خواهند رسید. برابری قیمتی خودروهای برقی با انواع خودروهای سوخت فسیلی، نقطه عطف مهمی در تاریخ حمل و نقل جهان از سوخت فسیلی محسوب خواهد شد.
-trend-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.04.24