#tools
#Blue_Team_Techniques
1. DeTT&CT: Automate your detection coverage with dettectinator
https://blog.nviso.eu/2023/01/04/dettct-automate-your-detection-coverage-with-dettectinator
]-> Python library to DeTT&CT YAML files:
https://github.com/siriussecurity/dettectinator
2. Actively hunt for attacker infrastructure by filtering Shodan results with URLScan data
https://github.com/montysecurity/InfraHunter
#Blue_Team_Techniques
1. DeTT&CT: Automate your detection coverage with dettectinator
https://blog.nviso.eu/2023/01/04/dettct-automate-your-detection-coverage-with-dettectinator
]-> Python library to DeTT&CT YAML files:
https://github.com/siriussecurity/dettectinator
2. Actively hunt for attacker infrastructure by filtering Shodan results with URLScan data
https://github.com/montysecurity/InfraHunter
NVISO Labs
DeTT&CT: Automate your detection coverage with dettectinator
Introduction Last year, I published an article on mapping detection to the MITRE ATT&CK framework using DeTT&CT. In the article, we introduced DeTT&CT and explored its features and usagโฆ
#Malware_analysis
1. Unpacking RedLine Stealer
https://dr4k0nia.github.io/posts/Unpacking-RedLine-Stealer
2. String Obfuscation The Malware Way
https://dr4k0nia.github.io/posts/String-Obfuscation-The-Malware-Way
1. Unpacking RedLine Stealer
https://dr4k0nia.github.io/posts/Unpacking-RedLine-Stealer
2. String Obfuscation The Malware Way
https://dr4k0nia.github.io/posts/String-Obfuscation-The-Malware-Way
dr4k0nia
Unpacking RedLine Stealer
In this post, we are going to take a look at Redline Stealer, a well-known .NET based credential stealer. I will focus on unpacking the managed payload and extracting itโs config, for a more detailed analysis of the payload you can check out this post byโฆ
NASim.pdf
1.7 MB
#Threat_Research
#Red_Team_Tactics
"Autonomous Penetration Testing using Reinforcement Learning"
]-> Network Attack Simulator: https://github.com/Jjschwartz/NetworkAttackSimulator
#Red_Team_Tactics
"Autonomous Penetration Testing using Reinforcement Learning"
]-> Network Attack Simulator: https://github.com/Jjschwartz/NetworkAttackSimulator
#exploit
1. CVE-2022-46164:
NodeBB Account Takeover Flaw
https://github.com/stephenbradshaw/CVE-2022-46164-poc
2. CVE-2022-23087:
"Escaping from bhyve"
https://www.synacktiv.com/publications/escaping-from-bhyve.html
https://github.com/synacktiv/bhyve
1. CVE-2022-46164:
NodeBB Account Takeover Flaw
https://github.com/stephenbradshaw/CVE-2022-46164-poc
2. CVE-2022-23087:
"Escaping from bhyve"
https://www.synacktiv.com/publications/escaping-from-bhyve.html
https://github.com/synacktiv/bhyve
GitHub
GitHub - stephenbradshaw/CVE-2022-46164-poc: Basic POC exploit for CVE-2022-46164
Basic POC exploit for CVE-2022-46164. Contribute to stephenbradshaw/CVE-2022-46164-poc development by creating an account on GitHub.
#DFIR
New Windows 11 Pro (22H2) Evidence of Execution Artifact
https://aboutdfir.com/new-windows-11-pro-22h2-evidence-of-execution-artifact
New Windows 11 Pro (22H2) Evidence of Execution Artifact
https://aboutdfir.com/new-windows-11-pro-22h2-evidence-of-execution-artifact
AboutDFIR - The Definitive Compendium Project
New Windows 11 Pro (22H2) Evidence of Execution Artifact! - AboutDFIR - The Definitive Compendium Project
By: Andrew Rathbun and Lucas Gonzalez Background In the last week of December 2022, on the Digital Forensics Discord Server, some discussion was brought up by a member in the #computer-forensics channel asking if anyone knew a Windows 11 folder path of interestโฆ
๐1
Zero_Click_Attacks.pdf
1.2 MB
#Research
"Experience Report on the Challenges and Opportunities in Securing Smartphones Against Zero-Click Attacks", 2022.
"Experience Report on the Challenges and Opportunities in Securing Smartphones Against Zero-Click Attacks", 2022.
Open_CyKG.pdf
1.5 MB
#Research
#Threat_Research
"Open-CyKG: An Open Cyber Threat Intelligence Knowledge Graph", 2021.
]-> https://github.com/IS5882/Open-CyKG
#Threat_Research
"Open-CyKG: An Open Cyber Threat Intelligence Knowledge Graph", 2021.
]-> https://github.com/IS5882/Open-CyKG
API_Security_Best_Practices.pdf
2.4 MB
#Whitepaper
API Security Best Practices Guide: Comprehensive list of security best practices to secure your APIs throughout their lifecycle + API Security Checklist
]-> APIKit: Discovery, Scan and Audit APIs Toolkit: https://github.com/API-Security/APIKit
API Security Best Practices Guide: Comprehensive list of security best practices to secure your APIs throughout their lifecycle + API Security Checklist
]-> APIKit: Discovery, Scan and Audit APIs Toolkit: https://github.com/API-Security/APIKit
Security_Strategies_Linux.epub
32.1 MB
#Tech_book
"Security Strategies in Linux Platforms and Applications. Third Edition", 2022.
"Security Strategies in Linux Platforms and Applications. Third Edition", 2022.
๐1
rsa_2048.pdf
6.2 MB
#Research
#cryptography
"Factoring integers with sublinear resources on a superconducting quantum processor", Dec. 2022.
#cryptography
"Factoring integers with sublinear resources on a superconducting quantum processor", Dec. 2022.
iOS_macOS_Kernel_Trenches.pdf
2.2 MB
#Offensive_security
"More Tales from the iOS/macOS Kernel Trenches (Kernel: CVE-2022-22640, IOGPU (Kernel Driver): CVE-2022-32821)"
"More Tales from the iOS/macOS Kernel Trenches (Kernel: CVE-2022-22640, IOGPU (Kernel Driver): CVE-2022-32821)"
๐น Usefull Websites ๐น
1. Digital Library - Archive.org
2. Online Courses - w3schools.com
3. Screenshot Taker (Permanent) - Archive.is
4. Learn Languages - Duolingo.com
5. Screenshot Taker (HD) - Screenshot.guru
6. Bypass Login (Websites) - Bugmenot.com
7. Graphic Softwares - Vectr.com
8. Cracked Softwares - CrackingPatching.com
9. File Sharing (2GB) - wetransfer.com
10. Autodraw (A.I) - Autodraw.com
1. Digital Library - Archive.org
2. Online Courses - w3schools.com
3. Screenshot Taker (Permanent) - Archive.is
4. Learn Languages - Duolingo.com
5. Screenshot Taker (HD) - Screenshot.guru
6. Bypass Login (Websites) - Bugmenot.com
7. Graphic Softwares - Vectr.com
8. Cracked Softwares - CrackingPatching.com
9. File Sharing (2GB) - wetransfer.com
10. Autodraw (A.I) - Autodraw.com
๐1
๐2
#Analytics
#Infographics
Systematization of attacks on the perimeter of L2/L3 network equipment. Ver. 3.0.
#Infographics
Systematization of attacks on the perimeter of L2/L3 network equipment. Ver. 3.0.
#Offensive_security
1. Pure-python implementation of MemoryModule technique to load a dll entirely from memory
https://github.com/naksyn/PythonMemoryModule
2. Nuclei template generator for WordPress plugins
https://github.com/ricardomaia/nuclei-template-generator-for-wordpress-plugins
]-> https://github.com/projectdiscovery/nuclei-templates/pull/6202
1. Pure-python implementation of MemoryModule technique to load a dll entirely from memory
https://github.com/naksyn/PythonMemoryModule
2. Nuclei template generator for WordPress plugins
https://github.com/ricardomaia/nuclei-template-generator-for-wordpress-plugins
]-> https://github.com/projectdiscovery/nuclei-templates/pull/6202
GitHub
GitHub - naksyn/PythonMemoryModule: pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirelyโฆ
pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory - naksyn/PythonMemoryModule