♣️Practical Incident Response - Active Directory
😈Blog : https://nxb1t.is-a.dev/incident-response/practical_ir_ad/
💡Lab : https://nxb1t.is-a.dev/lab-setups/ad_lab
⭐️@APTANALYSIS

♣️Rat Race: ValleyRAT Malware Targets Organizations with New Delivery Techniques
⛓Blog : https://www.morphisec.com/blog/rat-race-valleyrat-malware-china
⭐️@APTANALYSIS

🎁 Computed cache list 3
♣️Queries can be used to coerce SMB authentication from SCCM client hosts
💀Blog : https://posts.specterops.io/further-adventures-with-cmpivot-client-coercion-38b878b740ac
♣️Super-charging Bug Bounty Hunting with the Power of AI
💀Blog : https://blog.ethiack.com/blog/supercharging-bug-bounty-hunting-with-ai
♣️Replacing a Space Heater Firmware Over WiFi
💀Blog : https://blog.includesecurity.com/2025/02/replacing-a-space-heater-firmware-over-wifi/
♣️GreenSpot APT Targets 163.com Users with Fake Download Pages & Spoofed Domains
💀Blog : https://hunt.io/blog/greenspot-apt-targets-163com-fake-downloads-spoofing
♣️Infrastructure Laundering: Silent Push Exposes Cloudy Behavior Around FUNNULL CDN Renting IPs from Big Tech
💀Blog :https://www.silentpush.com/blog/infrastructure-laundering/
♣️Coyote Banking Trojan: A Stealthy Attack via LNK Files
💀Blog : https://www.fortinet.com/blog/threat-research/coyote-banking-trojan-a-stealthy-attack-via-lnk-files
⭐️@APTANALYSIS

♣️Exploiting Reversing (ER) series
🚬File-List : https://exploitreversing.com/wp-content/uploads/2025/02/exploit_reversing_04.pdf
♣️Mali-cious Intent: Exploiting GPU Vulnerabilities (CVE-2022-22706 / CVE-2021-39793)
👁Blog : https://starlabs.sg/blog/2025/12-mali-cious-intent-exploiting-gpu-vulnerabilities-cve-2022-22706/
⭐️@APTANALYSIS

♣️Cybereason Research List (2024-2025)
🎣THREAT ALERT: DarkGate Loader
➡️Blog : https://www.cybereason.com/blog/threat-alert-darkgate-loader
🎣THREAT ALERT: Ivanti Connect Secure VPN Zero-Day Exploitation
➡️Blog : https://www.cybereason.com/blog/threat-alert-ivanti-connect-secure-vpn-zero-day-exploitation
🎣From Cracked to Hacked: Malware Spread via YouTube Videos
➡️Blog : https://www.cybereason.com/blog/from-cracked-to-hacked-malware-spread-via-youtube-videos
🎣Unboxing Snake - Python Infostealer Lurking Through Messaging Services
➡️Blog : https://www.cybereason.com/blog/unboxing-snake-python-infostealer-lurking-through-messaging-service
🎣Beware of the Messengers, Exploiting ActiveMQ Vulnerability
➡️Blog : https://www.cybereason.com/blog/beware-of-the-messengers-exploiting-activemq-vulnerability
🎣Threat Alert: The Anydesk Breach Aftermath
➡️Blog : https://www.cybereason.com/blog/threat-alert-the-anydesk-breach-aftermath
🎣Behind Closed Doors: The Rise of Hidden Malicious Remote Access
➡️Blog : https://www.cybereason.com/blog/behind-closed-doors-the-rise-of-hidden-malicious-remote-access
🎣THREAT ALERT: The XZ Backdoor - Supply Chaining Into Your SSH
➡️Blog : https://www.cybereason.com/blog/threat-alert-the-xz-backdoor
🎣I am Goot (Loader)
➡️Blog : https://www.cybereason.com/blog/i-am-goot-loader
🎣Hardening of HardBit
➡️Blog : https://www.cybereason.com/blog/hardening-of-hardbit
🎣Cuckoo Spear – the latest Nation-state Threat Actor targeting Japanese companies
➡️Blog : https://www.cybereason.com/blog/cuckoo-spear
🎣Capability vs. Usability
➡️Blog : https://www.cybereason.com/blog/capability-vs-usability
🎣CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective
➡️Blog : https://www.cybereason.com/blog/cuckoo-spear-analyzing-noopdoor
🎣CUCKOO SPEAR Part 2: Threat Actor Arsenal
➡️Blog : https://www.cybereason.com/blog/cuckoo-spear-pt2-threat-actor-arsenal
🎣The Great Debate: On-Premise vs. Cloud based EDR
➡️Blog : https://www.cybereason.com/blog/on-premise-vs-cloud-based-edr
🎣THREAT ANALYSIS: Beast Ransomware
➡️Blog : https://www.cybereason.com/blog/threat-analysis-beast-ransomware
🎣Stellar Discovery of A New Cluster of Andromeda/Gamarue C2
➡️Blog :https://www.cybereason.com/blog/new-cluster-andromeda-gamrue-c2
🎣Your Data Is Under New Lummanagement: The Rise of LummaStealer
➡️Blog : https://www.cybereason.com/blog/threat-analysis-rise-of-lummastealer
🎣Phorpiex - Downloader Delivering Ransomware
➡️Blog :https://www.cybereason.com/blog/threat-analysis-phorpiex-downloader
⭐️@APTANALYSIS

♣️Accidentally uncovering a seven years old vulnerability in the Linux kernel
🌙Blog : https://allelesecurity.com/accidentally-uncovering-a-seven-years-old-vulnerability-in-the-linux-kernel/
⭐️@APTANALYSIS

♣️Stealers on the Rise: A Closer Look at a Growing macOS Threat
🍭Blog : https://unit42.paloaltonetworks.com/macos-stealers-growing
⭐️@APTANALYSIS

♣️Analyzing a Fully Undetectable (FUD) macOS Backdoor
🔴Blog : https://denwp.com/fully-undetectable-fud-macos-backdoor
⭐️@APTANALYSIS

♣️From Credit Card Skimming to Exploiting Zero-Days
📺Blog : https://intezer.com/blog/research/xe-group-exploiting-zero-days/
⭐️@APTANALYSIS

♣️The Anatomy of Abyss Locker Ransomware Attack
😈Blog : https://www.sygnia.co/blog/abyss-locker-ransomware-attack-analysis
⭐️@APTANALYSIS

♣️LegionLoader exposed ...
💀Blog : https://tehtris.com/en/blog/legionloader-exposed
⭐️@APTANALYSIS

♣️Unmasking : Technological Advancement and Evolution of MuddyWater in 2024
🖐Blog : https://www.gov.il/BlobFolder/reports/maddy_water_2024/en/ALERT_CERT_IL_W_1858.pdf
⭐️@APTANALYSIS

♣️ASyncRAT [IR/Malware Analysis]
🧪Blog : https://ventdrop.github.io/posts/asyncrat
⭐️@APTANALYSIS

♣️AiTM/ MFA phishing attacks in combination with “new” Microsoft protections (2025 edition)
🎣Blog : https://jeffreyappel.nl/aitm-mfa-phishing-attacks-in-combination-with-new-microsoft-protections-2023-edt
⭐️@APTANALYSIS

♣️Bitcoin to the moon: Trump endorsing, scammers exploiting
👁Blog : https://www.cloudflare.com/en-au/threat-intelligence/research/report/bitcoin-to-the-moon-trump-endorsing-scammers-exploiting/
♣️Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst
📺Blog : https://www.fortinet.com/blog/threat-research/analyzing-elf-sshdinjector-with-a-human-and-artificial-analyst
♣️GetSmoked: UAC-0006 Returns With SmokeLoader Targeting Ukraine's Largest State-Owned Bank
👁 Blog : https://www.cloudsek.com/blog/getsmoked-uac-0006-returns-with-smokeloader-targeting-ukraines-largest-state-owned-bank
♣️Dual Injection Undermines Chromes App-Bound Encryption
📺Blog : https://cyble.com/blog/dual-injection-undermines-chromes-encryption/
⭐️@APTANALYSIS

♣️ALPHV Ransomware : Analyzing the BlackCat After Change Healthcare Attack
🐈‍⬛Blog : https://www.picussecurity.com/resource/blog/alphv-ransomware
⭐️@APTANALYSIS

♣️Funksec Ransomware Teams Up with Another Ransomware Group to Double Down on Targets
🐦Blog : https://www.sonicwall.com/blog/funksec-ransomware-teams-up-with-another-ransomware-group-to-double-down-on-targets
⭐️@APTANALYSIS

♣️CVE-2023-6080: A Case Study on Third-Party Installer Abuse
👁Blog : https://cloud.google.com/blog/topics/threat-intelligence/cve-2023-6080-third-party-installer-abuse
♣️Silent Lynx APT Targets Various Entities Across Kyrgyzstan & Neighbouring Nations
👁Blog : https://www.seqrite.com/blog/silent-lynx-apt-targeting-central-asian-entities/
♣️Scalable Vector Graphics files pose a novel phishing threat
👁‍🗨Blog : https://news.sophos.com/en-us/2025/02/05/svg-phishing/
⭐️@APTANALYSIS

♣️NowSecure Uncovers Multiple Security and Privacy Flaws in DeepSeek iOS Mobile App
🐦Blog : https://www.nowsecure.com/blog/2025/02/06/nowsecure-uncovers-multiple-security-and-privacy-flaws-in-deepseek-ios-mobile-app/
♣️Malicious NPM packages target marked-js library
😶Blog : https://sourcecodered.com/npm-packages-target-marked-js
⭐️@APTANALYSIS