#tools
#Malware_analysis
#Blue_Team_Techniques
Automating Malware Analysis Operations (MAOps)
https://blogs.jpcert.or.jp/en/2023/01/cloud_malware_analysis.html
]-> Malware C2 Monitoring:
https://github.com/JPCERTCC/Lucky-Visitor-Scam-IoC
]-> Malware Hunting using Cloud:
https://github.com/JPCERTCC/CobaltStrike-Config
]-> YARA CI/CD system:
https://github.com/JPCERTCC/HUILoader-research
]-> Surface Analysis System on Cloud:
https://github.com/JPCERTCC/SurfaceAnalysis-on-Cloud
]-> Memory Forensic on Cloud:
https://github.com/JPCERTCC/MemoryForensic-on-Cloud
#Malware_analysis
#Blue_Team_Techniques
Automating Malware Analysis Operations (MAOps)
https://blogs.jpcert.or.jp/en/2023/01/cloud_malware_analysis.html
]-> Malware C2 Monitoring:
https://github.com/JPCERTCC/Lucky-Visitor-Scam-IoC
]-> Malware Hunting using Cloud:
https://github.com/JPCERTCC/CobaltStrike-Config
]-> YARA CI/CD system:
https://github.com/JPCERTCC/HUILoader-research
]-> Surface Analysis System on Cloud:
https://github.com/JPCERTCC/SurfaceAnalysis-on-Cloud
]-> Memory Forensic on Cloud:
https://github.com/JPCERTCC/MemoryForensic-on-Cloud
JPCERT/CC Eyes
Automating Malware Analysis Operations (MAOps) - JPCERT/CC Eyes
I believe that automating analysis is a challenge that all malware analysts are working on for more efficient daily incident investigations. Cloud-based technologies (CI/CD, serverless, IaC, etc.) are great solutions that can automate MAOps efficiently. In…
#reversing
#IoT_Security
Reversing embedded device bootloader (U-Boot)
Part 1: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.1
Part 2: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.2
#IoT_Security
Reversing embedded device bootloader (U-Boot)
Part 1: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.1
Part 2: https://www.shielder.com/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.2
Shielder
Shielder - Reversing embedded device bootloader (U-Boot) - p.1
In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.
Forwarded from ㅤㅤㅤㅤㅤㅤ ㅤㅤㅤㅤㅤㅤ
Linux sysadmins, beware!
Hackers are exploiting a critical RCE vulnerability in Control Web Panel (CWP) to gain elevated privileges on web servers.
Read: https://thehackernews.com/2023/01/alert-hackers-actively-exploiting.html
Patch your servers ASAP!
Hackers are exploiting a critical RCE vulnerability in Control Web Panel (CWP) to gain elevated privileges on web servers.
Read: https://thehackernews.com/2023/01/alert-hackers-actively-exploiting.html
Patch your servers ASAP!
Forwarded from 卩ro 爪Cracker
Exfiltration Over a Blocked Port on a Next-Gen Firewall
https://ift.tt/fUmqaGz
Submitted January 12, 2023 at 02:37PM by cuptugout
via reddit https://ift.tt/OtUCM2b
https://ift.tt/fUmqaGz
Submitted January 12, 2023 at 02:37PM by cuptugout
via reddit https://ift.tt/OtUCM2b
Cymulate
Exfiltration Over a Blocked Port on a Next-Gen Firewall
How Does Cymulate Assess for Data Exfiltration? Learn more in this blog post by security advisor David Kellerman.
Forwarded from 卩ro 爪Cracker
List of git commits before and after a security audit
https://ift.tt/MG3AVgk
Submitted January 13, 2023 at 02:29AM by kruksym
via reddit https://ift.tt/d58VE4O
https://ift.tt/MG3AVgk
Submitted January 13, 2023 at 02:29AM by kruksym
via reddit https://ift.tt/d58VE4O
Forwarded from 卩ro 爪Cracker
GraphQL exploitation – All you need to know – Cybervelia
https://ift.tt/lILWoxS
Submitted January 13, 2023 at 02:28AM by Necessary-Reality-80
via reddit https://ift.tt/SLsfWgA
https://ift.tt/lILWoxS
Submitted January 13, 2023 at 02:28AM by Necessary-Reality-80
via reddit https://ift.tt/SLsfWgA
Forwarded from ㅤㅤㅤ
#windows #system call #bypass
Interception of system calls in Windows 11 22 H2 like Avast antivirus.
Research, analysis and bypass:
https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
Interception of system calls in Windows 11 22 H2 like Avast antivirus.
Research, analysis and bypass:
https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
Forwarded from 卩ro 爪Cracker
#exploit
1. PoC for arbitrary file delete/move in Razer Synapse 3 Macro module
https://github.com/Wh04m1001/RazerEoP
2. CVE-2023-21752:
PoC for arbitrary file delete vulnerability in Windows Backup service
https://github.com/Wh04m1001/CVE-2023-21752
1. PoC for arbitrary file delete/move in Razer Synapse 3 Macro module
https://github.com/Wh04m1001/RazerEoP
2. CVE-2023-21752:
PoC for arbitrary file delete vulnerability in Windows Backup service
https://github.com/Wh04m1001/CVE-2023-21752
GitHub
GitHub - Wh04m1001/RazerEoP
Contribute to Wh04m1001/RazerEoP development by creating an account on GitHub.
Leviathan.pdf
5.2 MB
#Sec_code_review
"SELECT Bugs FROM Binary WHERE Pattern LIKE CVE-1337-DAYS".
"SELECT Bugs FROM Binary WHERE Pattern LIKE CVE-1337-DAYS".
#Malware_analysis
1. NeedleDropper Analysis
https://decoded.avast.io/threatresearch/needledropper
2. Gootkit Loader
https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html
3. "Pre-Owned" malware in ROM on T95 Android TV Box (AllWinner H616)
https://github.com/DesktopECHO/T95-H616-Malware
1. NeedleDropper Analysis
https://decoded.avast.io/threatresearch/needledropper
2. Gootkit Loader
https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html
3. "Pre-Owned" malware in ROM on T95 Android TV Box (AllWinner H616)
https://github.com/DesktopECHO/T95-H616-Malware
Gendigital
NeedleDropper
New dropper strain hides payloads effectively
Threema_analysis.pdf
413.9 KB
#Research
"Three Lessons From Threema: Analysis of a Secure Messenger", 2022.
"Three Lessons From Threema: Analysis of a Secure Messenger", 2022.
#Threat_Research
1.Practice of Automatic Vulnerability Mining Based on Code Attribute Graph
https://blog.0kami.cn/blog/2023/%E5%9F%BA%E4%BA%8E%E4%BB%A3%E7%A0%81%E5%B1%9E%E6%80%A7%E5%9B%BE%E7%9A%84%E8%87%AA%E5%8A%A8%E5%8C%96%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98%E5%AE%9E%E8%B7%B5
2. ReVoLTE Attack - Voice calls in LTE
https://blog.cryptographyengineering.com/2020/08/12/attack-of-the-week-voice-calls-in-lte
]-> Demo/App: https://revolte-attack.net
]-> Android App that allows you to detect vulnerabilities in deployed LTE/5G networks:
https://github.com/RUB-SysSec/mobile_sentinel
]-> USENIX document:
https://www.usenix.org/conference/usenixsecurity20/presentation/rupprecht
1.Practice of Automatic Vulnerability Mining Based on Code Attribute Graph
https://blog.0kami.cn/blog/2023/%E5%9F%BA%E4%BA%8E%E4%BB%A3%E7%A0%81%E5%B1%9E%E6%80%A7%E5%9B%BE%E7%9A%84%E8%87%AA%E5%8A%A8%E5%8C%96%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98%E5%AE%9E%E8%B7%B5
2. ReVoLTE Attack - Voice calls in LTE
https://blog.cryptographyengineering.com/2020/08/12/attack-of-the-week-voice-calls-in-lte
]-> Demo/App: https://revolte-attack.net
]-> Android App that allows you to detect vulnerabilities in deployed LTE/5G networks:
https://github.com/RUB-SysSec/mobile_sentinel
]-> USENIX document:
https://www.usenix.org/conference/usenixsecurity20/presentation/rupprecht
blog.0kami.cn
基于代码属性图的自动化漏洞挖掘实践 - wh1t3p1g's blog
happy hunting bugs <feedId:69986037923968000+userId:56297007026754560>
👍1
EyeSpyVPN.pdf
8.6 MB
#Whitepaper
"EyeSpy - Iranian Spyware Delivered in VPN Installers", 2023.
"EyeSpy - Iranian Spyware Delivered in VPN Installers", 2023.
Forwarded from 卩ro 爪Cracker
SUDO_KILLER
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
https://github.com/TH3xACE/SUDO_KILLER
#linux #sudo
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
https://github.com/TH3xACE/SUDO_KILLER
#linux #sudo
👍1
Forwarded from 卩ro 爪Cracker
code-inspector
Java code inspector for web vulnerability scan.
https://github.com/4ra1n/code-inspector
Java code inspector for web vulnerability scan.
https://github.com/4ra1n/code-inspector
Forwarded from 卩ro 爪Cracker
Load testing private endpoints
https://ift.tt/QnT9HYL
Submitted January 14, 2023 at 02:51AM by krstCB
via reddit https://ift.tt/qAUkBEV
https://ift.tt/QnT9HYL
Submitted January 14, 2023 at 02:51AM by krstCB
via reddit https://ift.tt/qAUkBEV
Getanteon
Kubernetes Monitoring with a 1-min Setup | Anteon
Explore how to thoroughly test the performance of user authentication flows
CVE-2023-21752
PoC for arbitrary file delete vulnerability in Windows Backup service
https://system32.ink/news-feed/p/133/
PoC for arbitrary file delete vulnerability in Windows Backup service
https://system32.ink/news-feed/p/133/