#Malware_analysis
1. Drokbk Malware
https://www.secureworks.com/blog/drokbk-malware-uses-github-as-dead-drop-resolver
2. Typosquat/Ransomware Campaign in PyPI and NPM
https://blog.phylum.io/phylum-detects-active-typosquatting-campaign-in-pypi
1. Drokbk Malware
https://www.secureworks.com/blog/drokbk-malware-uses-github-as-dead-drop-resolver
2. Typosquat/Ransomware Campaign in PyPI and NPM
https://blog.phylum.io/phylum-detects-active-typosquatting-campaign-in-pypi
Secureworks
Drokbk Malware Uses GitHub as Dead Drop Resolver
A subgroup of the Iranian COBALT MIRAGE threat group leverages Drokbk for persistence.
#Malware_analysis
1. Invisbile npm malware evading security checks
https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions
2. Azov Ransomware: Polymorphic Wiper
https://research.checkpoint.com/2022/pulling-the-curtains-on-azov-ransomware-not-a-skidsware-but-polymorphic-wiper
1. Invisbile npm malware evading security checks
https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions
2. Azov Ransomware: Polymorphic Wiper
https://research.checkpoint.com/2022/pulling-the-curtains-on-azov-ransomware-not-a-skidsware-but-polymorphic-wiper
JFrog
Invisible npm malware - evading security checks with crafted versions
The npm CLI has a very convenient and well-known security feature – when installing an npm package, the CLI checks the package and all of its dependencies for well-known vulnerabilities – The check is triggered on package installation (when running npm install)…
👍1
#exploit
1. CVE-2022-45025:
Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)
https://github.com/yuriisanin/CVE-2022-45025
2. Exploring Chrome’s CVE-2020-6418
https://blog.haboob.sa/blog/exploring-chromes-cve-2020-6418-part1
3. CVE-2022-39066:
SQL Injection Vulnerability in ZTE MF286R
https://github.com/v0lp3/CVE-2022-39066
1. CVE-2022-45025:
Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)
https://github.com/yuriisanin/CVE-2022-45025
2. Exploring Chrome’s CVE-2020-6418
https://blog.haboob.sa/blog/exploring-chromes-cve-2020-6418-part1
3. CVE-2022-39066:
SQL Injection Vulnerability in ZTE MF286R
https://github.com/v0lp3/CVE-2022-39066
GitHub
GitHub - yuriisanin/CVE-2022-45025: [PoC] Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)
[PoC] Command injection via PDF import in Markdown Preview Enhanced (VSCode, Atom) - yuriisanin/CVE-2022-45025
PCI_Sec_Soft_Std_1_2.pdf
914.3 KB
#Infosec_Standards
"PCI Software Security Framework - Secure Software Requirements and Assessment Procedures", Version 1.2, Dec. 2022.
"PCI Software Security Framework - Secure Software Requirements and Assessment Procedures", Version 1.2, Dec. 2022.
#Offensive_security
1. AV Evasion Methodology
https://book.hacktricks.xyz/windows-hardening/av-bypass
2. Bypassing MacOS Privacy Controls
https://blog.xpnsec.com/bypassing-macos-privacy-controls
1. AV Evasion Methodology
https://book.hacktricks.xyz/windows-hardening/av-bypass
2. Bypassing MacOS Privacy Controls
https://blog.xpnsec.com/bypassing-macos-privacy-controls
#Threat_Research
1. Exploitable memory corruption using CVE-2020-25669 and Linux Kernel
https://www.synopsys.com/blogs/software-security/cyrc-case-study-linux-kernel-vulnerability
2. Zeek-Formatted Threat Intelligence Feeds
https://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds
1. Exploitable memory corruption using CVE-2020-25669 and Linux Kernel
https://www.synopsys.com/blogs/software-security/cyrc-case-study-linux-kernel-vulnerability
2. Zeek-Formatted Threat Intelligence Feeds
https://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds
Blackduck
In-Depth Analysis of Linux Kernel Vulnerability: CVE-2020-25669 | Black Duck Blog
Delve into our comprehensive analysis of the Linux Kernel vulnerability CVE-2020-25669, exploring the memory corruption issue and its exploitability.
#Infographics
#Infosec_Standards
Types of VPN
]-> RFC4026: "Provider Provisioned VPN Terminology", 2018.
https://datatracker.ietf.org/doc/rfc4026
#Infosec_Standards
Types of VPN
]-> RFC4026: "Provider Provisioned VPN Terminology", 2018.
https://datatracker.ietf.org/doc/rfc4026
Dirty_Vanity.pdf
2.3 MB
#Red_Team_Tactics
BlackHat Europe 2022:
"Dirty Vanity: A New Approach to Code injection & EDR bypass".
]-> A PoC for the new injection technique, abusing windows fork API to evade EDRs:
https://github.com/deepinstinct/Dirty-Vanity
BlackHat Europe 2022:
"Dirty Vanity: A New Approach to Code injection & EDR bypass".
]-> A PoC for the new injection technique, abusing windows fork API to evade EDRs:
https://github.com/deepinstinct/Dirty-Vanity
Routing_security.pdf
3.3 MB
#Whitepaper
"Routing Security: BGP Incidents, Mitigation Techniques and Policy Actions", 2022.
"Routing Security: BGP Incidents, Mitigation Techniques and Policy Actions", 2022.
Forwarded from CYBER TRICKS ZONE 🇮🇳🚩 (𝙋𝙧𝙤𝙩𝙤𝙘𝙤𝙡 𝙉𝙞𝙘𝙠)
Git cheat-sheet.pdf
987.4 KB
Media is too big
VIEW IN TELEGRAM
🇮🇷 Iranian rap about corrupt actors who are in the position of spies
Based on observations in Iran, there are actors who are willing to sell their homeland for money and spy for other countries.
This issue has made the people of Iran very angry with some famous actors.
It is expected that the Iranian government will take care of the request of its people and deal seriously with these spies.
via "shabzadeh".
#Celebrity_2zari #Green_card #Iranian_rap
@YourJiniNews
Based on observations in Iran, there are actors who are willing to sell their homeland for money and spy for other countries.
This issue has made the people of Iran very angry with some famous actors.
It is expected that the Iranian government will take care of the request of its people and deal seriously with these spies.
via "shabzadeh".
#Celebrity_2zari #Green_card #Iranian_rap
@YourJiniNews
👍1
I Can Help You To Clear & Give the training & exam solutions on the below certifications
1_CEH.
2_CEH Practical.
3_eJPT.
4_eCCPTv2.
5_eWPT.
6_eWPTxv2.
7_CRTP.
8_CRTO.
9_OSCP.
10_OSWE.
11_OSEP.
12_OSWP.
13_CPENT
14_CHFI
15_eCPTxv2
16_PNPT
17_Burpsuite exam
Remote Exam Support possible.
If anyone needs message me.
Lower prices & passing guaranteed!
Follow: https://t.me/alexserviceez
Ping @examsolutionz
We have added new exam of burpsuite solutions
1_CEH.
2_CEH Practical.
3_eJPT.
4_eCCPTv2.
5_eWPT.
6_eWPTxv2.
7_CRTP.
8_CRTO.
9_OSCP.
10_OSWE.
11_OSEP.
12_OSWP.
13_CPENT
14_CHFI
15_eCPTxv2
16_PNPT
17_Burpsuite exam
Remote Exam Support possible.
If anyone needs message me.
Lower prices & passing guaranteed!
Follow: https://t.me/alexserviceez
Ping @examsolutionz
We have added new exam of burpsuite solutions
Telegram
Exam solutions
ALL EXAM SOLUTIONS FROM OFFENSIVE SECURITY , ELEARNSECURITY , PENTESTER ACEDEMY and much more are shared by us.
👍2
#Fuzzing
1. Fuzzing ping(8)… and finding a 24 year old bug
https://tlakh.xyz/fuzzing-ping.html
2. Finding JIT Optimizer Bugs using SMT Solvers and Fuzzing
https://www.pypy.org/posts/2022/12/jit-bug-finding-smt-fuzzing.html
3. Fuzzing the Shield: CVE-2022-24548
https://medium.com/s2wblog/fuzzing-the-shield-cve-2022-24548-96f568980c0
1. Fuzzing ping(8)… and finding a 24 year old bug
https://tlakh.xyz/fuzzing-ping.html
2. Finding JIT Optimizer Bugs using SMT Solvers and Fuzzing
https://www.pypy.org/posts/2022/12/jit-bug-finding-smt-fuzzing.html
3. Fuzzing the Shield: CVE-2022-24548
https://medium.com/s2wblog/fuzzing-the-shield-cve-2022-24548-96f568980c0
PyPy
Finding JIT Optimizer Bugs using SMT Solvers and Fuzzing
In this blog post I want to describe a recent bug finding technique that I've
added to the PyPy JIT testing infrastructure. This technique uses the Z3
theorem prover to find bugs in the optimizer of P
added to the PyPy JIT testing infrastructure. This technique uses the Z3
theorem prover to find bugs in the optimizer of P
#tools
#Offensive_security
1. Nightly builds of common C# offensive tools
https://github.com/Flangvik/SharpCollection
2. Nemo - An offensive Remote Access Tool & Post-Exploitation Framework
https://github.com/CompeyDev/nemo
#Offensive_security
1. Nightly builds of common C# offensive tools
https://github.com/Flangvik/SharpCollection
2. Nemo - An offensive Remote Access Tool & Post-Exploitation Framework
https://github.com/CompeyDev/nemo
GitHub
GitHub - Flangvik/SharpCollection: Nightly builds of common C# offensive tools, fresh from their respective master branches built…
Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines. - Flangvik/SharpCollection
#Threat_Research
Diamond/Sapphire Ticket:
The New Generation of Kerberos Attacks
https://unit42.paloaltonetworks.com/next-gen-kerberos-attacks
Diamond/Sapphire Ticket:
The New Generation of Kerberos Attacks
https://unit42.paloaltonetworks.com/next-gen-kerberos-attacks
Unit 42
Precious Gemstones: The New Generation of Kerberos Attacks
Unit 42 researchers show new methods to improve detection of a next-gen line of Kerberos attacks, which allow attackers to modify Kerberos tickets to maintain privileged access.
DISTDET.pdf
3.2 MB
#Research
"DISTDET: A Cost-Effective Distributed Cyber Threat Detection System", 2022.
"DISTDET: A Cost-Effective Distributed Cyber Threat Detection System", 2022.