Technical Analysis: Killer Ultra Malware Targeting EDR Products in Ransomware Attacks
#trustedsec
<p>This post was written by John Dwyer, Director of Security Research at Binary Defense, and made possible through the contributions of TrustedSec Senior Research Analyst Kevin Haubris and Eric Gonzalez of Binary…</p>
via TrustedSec Blog (author: John Dwyer)
#trustedsec
<p>This post was written by John Dwyer, Director of Security Research at Binary Defense, and made possible through the contributions of TrustedSec Senior Research Analyst Kevin Haubris and Eric Gonzalez of Binary…</p>
via TrustedSec Blog (author: John Dwyer)
Cobalt Strike 4.10: Through the BeaconGate
#cobaltstrike
Cobalt Strike 4.10 is now available. This release introduces BeaconGate, the Postex Kit, and Sleepmask-VS. In addition, we have overhauled the Sleepmask API, refreshed the Jobs UI, added new BOF APIs, added support for hot swapping C2 hosts, and more. This has been a longer release cycle than in previous releases to allow us to [...]
via Cobalt Strike Blog (author: William Burgess)
#cobaltstrike
Cobalt Strike 4.10 is now available. This release introduces BeaconGate, the Postex Kit, and Sleepmask-VS. In addition, we have overhauled the Sleepmask API, refreshed the Jobs UI, added new BOF APIs, added support for hot swapping C2 hosts, and more. This has been a longer release cycle than in previous releases to allow us to [...]
via Cobalt Strike Blog (author: William Burgess)
The Security Principle Every Attacker Needs to Follow
#specterops
via SpecterOps Team Medium (author: Elad Shamir)
#specterops
via SpecterOps Team Medium (author: Elad Shamir)
What is Your Compliance Kryptonite?
#trustedsec
Have you ever felt frustrated about security compliance? Well, you're not alone. We've all got some kind of 'Kryptonite' when it comes to Compliance. I asked some of our InfoSec auditors to share their Kryptonite. Their…
via TrustedSec Blog (author: Steve Maxwell)
#trustedsec
Have you ever felt frustrated about security compliance? Well, you're not alone. We've all got some kind of 'Kryptonite' when it comes to Compliance. I asked some of our InfoSec auditors to share their Kryptonite. Their…
via TrustedSec Blog (author: Steve Maxwell)
Advenutures in Shellcode Obfuscation! Part 5: Base64
#redsiege
by Mike Saunders, Principal Consultant This blog is the fifth in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of the series here. […]
via RedSiege Blog (author: Red Siege)
#redsiege
by Mike Saunders, Principal Consultant This blog is the fifth in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of the series here. […]
via RedSiege Blog (author: Red Siege)
Shellcode: Modular Exponentiation for Diffie-Hellman Key Exchange.
#odzhan
Table Of Contents Introduction Symmetric vs Asymmetric Encryption with RSA Digital Signatures with RSA History Diffie-Hellman Key Exchange Crypto API Binary Exponentiation Methods Arbitrary-precision Arithmetic Addition Subtraction Multiplication Division Exponentiation Modular Multiplicative Inverse Modular Addition Modular Multiplication Modular Exponentiation Counting …
via modexp Blog (author: odzhan)
#odzhan
Table Of Contents Introduction Symmetric vs Asymmetric Encryption with RSA Digital Signatures with RSA History Diffie-Hellman Key Exchange Crypto API Binary Exponentiation Methods Arbitrary-precision Arithmetic Addition Subtraction Multiplication Division Exponentiation Modular Multiplicative Inverse Modular Addition Modular Multiplication Modular Exponentiation Counting …
via modexp Blog (author: odzhan)
🔥1
The Security Principle Every Attacker Needs to Follow
#specterops
via SpecterOps Team Medium (author: Elad Shamir)
#specterops
via SpecterOps Team Medium (author: Elad Shamir)
Medium
The Security Principle Every Attacker Needs to Follow
Earlier this year, I was tasked with developing a follow-on course for our renowned Adversary Tactics: Red Team Operations course. The new…
Adventures in Shellcode Obfuscation! Part 6: Two Array Method
#redsiege
by Mike Saunders, Principal Security Consultant This blog is the sixth in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of […]
via RedSiege Blog (author: Red Siege)
#redsiege
by Mike Saunders, Principal Security Consultant This blog is the sixth in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of […]
via RedSiege Blog (author: Red Siege)
Injecting Java in-memory payloads for post-exploitation
#synacktiv
via Synacktiv Blog (author: Clement Amic)
#synacktiv
via Synacktiv Blog (author: Clement Amic)
Vulnerabilities in AI Agents
#nettitude
LLMs are becoming increasingly accessible to everyone. It is very easy to create your own LLM system, however like with any new technology, they are challenging to secure. Many AI systems are vulnerable to various attacks - the following are three examples of such attacks on LLM agents that we have identified recently. The examples [...]
via Nettitude Labs Blog (author: Jakub Partyka)
#nettitude
LLMs are becoming increasingly accessible to everyone. It is very easy to create your own LLM system, however like with any new technology, they are challenging to secure. Many AI systems are vulnerable to various attacks - the following are three examples of such attacks on LLM agents that we have identified recently. The examples [...]
via Nettitude Labs Blog (author: Jakub Partyka)
Lapse of Control: Applauding PCI SSC for FAQ 1572
#trustedsec
I want to applaud the PCI Security Standards Council (PCI SSC) for FAQ 1572 published in March of 2024 for simply and effectively answering a question asked by countless assessors for several years.The question is: Can…
via TrustedSec Blog (author: Steve Maxwell)
#trustedsec
I want to applaud the PCI Security Standards Council (PCI SSC) for FAQ 1572 published in March of 2024 for simply and effectively answering a question asked by countless assessors for several years.The question is: Can…
via TrustedSec Blog (author: Steve Maxwell)
Out of Chaos: Applying Structure to Web Application Penetration Testing
#redsiege
By Stuart Rorer, Security Consultant As a kid, I remember watching shopping contest shows where people, wildly, darted through a store trying to obtain specific objects, or gather as much […]
via RedSiege Blog (author: Red Siege)
#redsiege
By Stuart Rorer, Security Consultant As a kid, I remember watching shopping contest shows where people, wildly, darted through a store trying to obtain specific objects, or gather as much […]
via RedSiege Blog (author: Red Siege)
Specula - Turning Outlook Into a C2 With One Registry Change
#trustedsec
There exist a few singular Registry changes that any non-privileged user can make that transform the Outlook email client into a beaconing C2 agent. Given that outlook.exe is a trusted process, this allows an attacker…
via TrustedSec Blog (author: Christopher Paschen)
#trustedsec
There exist a few singular Registry changes that any non-privileged user can make that transform the Outlook email client into a beaconing C2 agent. Given that outlook.exe is a trusted process, this allows an attacker…
via TrustedSec Blog (author: Christopher Paschen)
TrustedSec
Specula - Turning Outlook Into a C2 With One Registry Change
Unlock enhanced API scanning with Burp Suite
#portswigger
More comprehensive scans. More vulnerabilities identified. More time saved. Enhance your API scanning with Burp Suite. As web portfolios have diversified, APIs have become an increasingly critical fun
via PortSwigger Blog
#portswigger
More comprehensive scans. More vulnerabilities identified. More time saved. Enhance your API scanning with Burp Suite. As web portfolios have diversified, APIs have become an increasingly critical fun
via PortSwigger Blog
Persisting on Entra ID applications and User Managed Identities with Federated Credentials
#dirkjanm
Using applications and service principals for persistence and privilege escalation is a well-known topic in Entra ID (Azure AD). I’ve written about these kind of attacks many years ago, and talked about how we can use certificates and application passwords to authenticate as applications and abuse the permissions they have. In this blog, we cover a third way of authenticating as an application: using federated credentials. Federated credentials have been around for a few years, but haven’t been covered much yet from the offensive side. For Entra ID applications, there is no large difference between configuring federated credentials or regular client secrets/certificates. The more interesting part on this topic is that we can also configure federated credentials on User Managed Identities in Azure. This is unusual, because normally Managed Identities have their authentication controlled by Microsoft, and their authentication is tied to a certain resource such as a Virtual Machine. With federated credentials, we can bypass that limitation, given that we have sufficient privileges, and authenticate as this managed identity without requiring access to another resource in Azure. With this blog I’m also introducing a new utility to the ROADtools family: roadoidc, which can set up a minimal Identity Provider (IdP), allowing us to authenticate using federated credentials as apps and user managed identities with roadtx.
via Dirk-jan Blog (author: Dirk-jan Mollema)
#dirkjanm
Using applications and service principals for persistence and privilege escalation is a well-known topic in Entra ID (Azure AD). I’ve written about these kind of attacks many years ago, and talked about how we can use certificates and application passwords to authenticate as applications and abuse the permissions they have. In this blog, we cover a third way of authenticating as an application: using federated credentials. Federated credentials have been around for a few years, but haven’t been covered much yet from the offensive side. For Entra ID applications, there is no large difference between configuring federated credentials or regular client secrets/certificates. The more interesting part on this topic is that we can also configure federated credentials on User Managed Identities in Azure. This is unusual, because normally Managed Identities have their authentication controlled by Microsoft, and their authentication is tied to a certain resource such as a Virtual Machine. With federated credentials, we can bypass that limitation, given that we have sufficient privileges, and authenticate as this managed identity without requiring access to another resource in Azure. With this blog I’m also introducing a new utility to the ROADtools family: roadoidc, which can set up a minimal Identity Provider (IdP), allowing us to authenticate using federated credentials as apps and user managed identities with roadtx.
via Dirk-jan Blog (author: Dirk-jan Mollema)