♣️Hidden in Plain Sight: PDF Mishing Attack
😈Blog : https://zimpstage.wpengine.com/blog/hidden-in-plain-sight-pdf-mishing-attack/
♣️ROPing our way to RCE
😈Blog : https://modzero.com/en/blog/roping-our-way-to-rce/
♣️Beyond the Chatbot: Meta Phishing with Fake Live Support
😈Blog : https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/beyond-the-chatbot-meta-phishing-with-fake-live-support/
♣️Lynx Ransomware: Exposing How INC Ransomware Rebrands Itself
😈Blog : https://www.picussecurity.com/resource/blog/lynx-ransomware
♣️Premium Panel : phishing tool used in longstanding campaigns worldwide
😈Blog : https://www.intrinsec.com/wp-content/uploads/2025/01/TLP-CLEAR-Live-Control-Panel-Premium-EN.pdf
♣️FinStealer
😈Blog : https://www.cyfirma.com/research/finstealer/
♣️SiphonDNS: covert data exfiltration via DNS
😈Blog :https://ttp.report/evasion/2025/02/03/siphondns-covert-dns-exfiltration.html
⭐️@APTANALYSIS

♣️Do the CONTEC CMS8000 Patient Monitors Contain a Chinese Backdoor? The Reality is More Complicated…(claroty-t82)
👁Blog : https://claroty.com/team82/research/are-contec-cms8000-patient-monitors-infected-with-a-chinese-backdoor-the-reality-is-more-complicated
⭐️@APTANALYSIS

♣️Exploitable Episode One - Breaking IoT
🦖Blog : https://blog.doyensec.com/2025/02/11/exploitable-iot.html
⭐️@APTANALYSIS

♣️Build Your Own Offensive Security Lab A Step-by-Step Guide with Ludus
✝️Blog : https://xphantom.nl/posts/Offensive-Security-Lab
⭐️@APTANALYSIS

♣️Fault Injection – Looking for a Unicorn
🔮Blog : https://security.humanativaspa.it/fault-injection-looking-for-a-unicorn

♣️PsExec’ing the right way and why zero trust is mandatory
😈Blog : https://sensepost.com/blog/2025/psexecing-the-right-way-and-why-zero-trust-is-mandatory
⭐️@APTANALYSIS

♣️Exploring a VPN Appliance: A Researcher’s Journey
🔴Blog : https://www.akamai.com/blog/security-research/2025-february-fortinet-critical-vulnerabilities#vulnerabilities
♣️CVE-2025-0693: AWS IAM User Enumeration
🔴Blog : https://rhinosecuritylabs.com/research/unauthenticated-username-enumeration-in-aws
♣️How auto-generated passwords in Sitevision leads to signing key leakage - CVE-2022-35202
🔴Blog : https://www.shelltrail.com/research/how-auto-generated-passwords-in-sitevision-leads-to-signing-key-leakage-cve-2022-35202
⭐️@APTANALYSIS

♣️The auditor has arrived: pg_anon checks whether everything is hidden
😈Blog : https://habr.com/ru/companies/rostelecom/articles/876124
♣️BitLocker Stale Recovery Key Cleanup: No More Silent Encryption Failures
🔪Blog : https://patchmypc.com/bitlocker-recovery-key-cleanup-fix-200-key-limit
♣️No need to RSVP: a closer look at the Tria stealer campaign
😈Blog : https://securelist.com/tria-stealer-collects-sms-data-from-android-devices/115295
♣️Infostealer malware linked to Lazarus Group campaigns
🔪Blog : https://medium.com/@rayssac/infostealer-malware-linked-to-lazarus-group-campaigns-a510ad5f3e4f
♣️Targeted Threats Research - South & North Korea (a breakdown of 3 years of civil society threat research in Korea)
😈Blog : https://www.0x0v1.com/targeted-threats-research-south-north-korea
♣️Malicious ML models discovered on Hugging Face platform
🔪Blog : https://www.reversinglabs.com/blog/rl-identifies-malware-ml-model-hosted-on-hugging-face
♣️Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns
😈Blog : https://blog.eclecticiq.com/sandworm-apt-targets-ukrainian-users-with-trojanized-microsoft-kms-activation-tools-in-cyber-espionage-campaigns
♣️How to Investigate Malware WMI Event Consumers 2025
🔪Blog : https://www.cybertriage.com/blog/how-to-investigate-malware-wmi-event-consumers-2025/
⭐️@APTANALYSIS

♣️Further insights into Ivanti CSA 4.6 vulnerabilities exploitation
🐈Blog : https://harfanglab.io/insidethelab/insights-ivanti-csa-exploitation
♣️Detecting cases of Akira Ransomware Attacks with AhnLab EDR
🐈Blog : https://asec.ahnlab.com/ko/86186
♣️Linux Detection Engineering - Approaching the Summit on Persistence Mechanisms
🐈Blog : https://www.elastic.co/security-labs/approaching-the-summit-on-persistence
♣️Inside a Malware Campaign: A Nigerian Hacker’s Perspective
🐈Blog : https://cyberarmor.tech/inside-a-malware-campaign-a-nigerian-hackers-perspective
♣️RATatouille: Cooking Up Chaos in the I2P Kitchen
🐈Blog : https://blog.sekoia.io/ratatouille-cooking-up-chaos-in-the-i2p-kitchen
♣️Secret message: TE-558 steganism ploys in cyber attacks on enterprises of Russia and Belarus
🐈Blog : https://www.facct.ru/blog/ta558
♣️ Persistent Threats from the Kimsuky Group Using RDP Wrapper
🐈Blog : https://asec.ahnlab.com/en/86098
♣️NetSupport RAT Clickfix Distribution
🐈Blog : https://www.esentire.com/security-advisories/netsupport-rat-clickfix-distribution
⭐️@APTANALYSIS

♣️How We Hacked a Software Supply Chain for $50K
💰Blog : https://www.landh.tech/blog/20250211-hack-supply-chain-for-50k/
♣️Leaking the email of any YouTube user for $10,000
💰Blog : https://brutecat.com/articles/leaking-youtube-emails
♣️From Convenience to Contagion: The Half-Day Threat and Libarchive Vulnerabilities Lurking in Windows 11
📺Blog : https://devco.re/blog/2025/02/12/from-convenience-to-contagion-the-half-day-threat-and-libarchive-vulnerabilities-lurking-in-windows-11-en/
♣️cloud image name confusion attack
📺Blog : https://securitylabs.datadoghq.com/articles/whoami-a-cloud-image-name-confusion-attack/
⭐️@APTANALYSIS

♣️Nginx/Apache Path Confusion to Auth Bypass in PAN-OS (CVE-2025-0108)
⚰️Blog : https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os
⭐️@APTANALYSIS

♣️The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
👁Blog : https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation
♣️Curious case of AD CS ESC15 vulnerable instance and its manual exploitation
👁Blog : https://www.mannulinux.org/2025/02/Curious-case-of-AD-CS-ESC15-vulnerable-instance-and-its-manual-exploitation.html
♣️Anti-Rootkit Techniques
👁Part 1 : https://eversinc33.com/posts/anti-anti-rootkit-part-i.html
👁Part 2 : https://eversinc33.com/posts/anti-anti-rootkit-part-ii.html
👁Part 3 : https://eversinc33.com/posts/anti-anti-rootkit-part-iii.html
♣️SonicWall CVE-2024-53704: SSL VPN Session Hijacking
👁Blog : https://bishopfox.com/blog/sonicwall-cve-2024-53704-ssl-vpn-session-hijacking
♣️Exploring the DOMPurify library
👁Part 1 : https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixes
👁Part 2 : https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurations
⭐️@APTANALYSIS

♣️Malware installed using the Ivanti Connect Secure vulnerability
⚗️Blog : https://blogs.jpcert.or.jp/ja/2025/02/spawnchimera.html
♣️You've Got Malware: FINALDRAFT Hides in Your Drafts
⚗️Blog : https://www.elastic.co/security-labs/finaldraft
♣️RevivalStone: Winnti Group's attack campaign targeting Japanese organizations
⚗️Blog : https://www-lac-co-jp.translate.goog/lacwatch/report/20250213_004283.html
♣️Digital Breadcrumbs in Memory: Unmasking a Web Server Compromise
⚗️Blog : https://www.securityblue.team/blog/posts/digital-breadcrumbs-memory-web-server-compromise
♣️CTO at NCSC Summary: week ending February 16th
⚗️Blog : https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-february-db4
♣️Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
⚗️Blog : https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication
♣️Lazarus Backdoor with IT Lure
⚗️Blog : https://dmpdump.github.io/posts/Lazarus-Backdoor-ITLure/
♣️MAC(B)ypassing for Persistence
⚗️Blog : https://medium.com/@hacksplaining/mac-b-ypassing-for-persistence-22e425ca7c85
♣️Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
⚗️Blog : https://socket.dev/blog/malicious-package-exploits-go-module-proxy-caching-for-persistence
♣️Lurking in the shadows: Unsupervised decoding of beaconing communication for enhanced cyber threat hunting
⚗️Blog : https://www.sciencedirect.com/science/article/pii/S1084804525000244
⭐️@APTANALYSIS

♣️Velvet Chollima APT Adversary Simulation
🙂Blog : https://github.com/S3N4T0R-0X0/APT-Attack-Simulation/tree/main/North%20Koreans%20APT/Velvet%20Chollima
🔥Blog : https://medium.com/@S3N4T0R/labyrinth-chollima-apt-adversary-simulation-b4f6a79bb68f
♣️Concealing Payloads: Hiding Shellcode in Image Files with Python and C/C++
🐍Blog : https://wafflesexploits.github.io/posts/Hide_a_Payload_in_Plain_Sight_Embedding_Shellcode_in_a_Image_file/
🩸Repo : https://github.com/WafflesExploits/hide-payload-in-images
⭐️@APTANALYSIS

♣️Unraveling the Many Stages and Techniques Used by RedCurl/EarthKapre APT
#️⃣Blog : https://www.esentire.com/blog/unraveling-the-many-stages-and-techniques-used-by-redcurl-earthkapre-apt
♣️How to check for OAuth apps with specific Graph permissions assigned
#️⃣Blog : https://jeffreyappel.nl/how-to-check-for-oauth-apps-with-specific-graph-permissions-assigned/
♣️Writing a Ghidra processor module
#️⃣Blog : https://irisc-research-syndicate.github.io/2025/02/14/writing-a-ghidra-processor-module/
♣️Infostealing Malware Infections in the U.S. Military & Defense Sector: A Cybersecurity Disaster in the Making
#️⃣Blog : https://www.infostealers.com/article/infostealing-malware-infections-in-the-u-s-military-defense-sector-a-cybersecurity-disaster-in-the-making/
♣️Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the Popular Vulnerability Scanner (CVE-2024-43405)
#️⃣Blog : https://www.wiz.io/blog/nuclei-signature-verification-bypass
♣️How Wiz found a Critical NVIDIA AI vulnerability:  Deep Dive into a container escape (CVE-2024-0132)
#️⃣Blog : https://www.wiz.io/blog/nvidia-ai-vulnerability-deep-dive-cve-2024-0132
♣️Debugging An Undebuggable App
#️⃣Blog : https://bryce.co/undebuggable/
⭐️@APTANALYSIS

♣️BTMOB RAT: Newly Discovered Android Malware Spreading via Phishing Sites
♣️Hunters International Ransomware: Tactics, Impact, and Defense Strategies
♣️Threat updates: AidLocker/Frag - new variants of HellCat/Morpheus ransomware
♣️Dark Web Profile: Fog Ransomware
♣️Merlin, Loki buddy: another agent for Mythic attacks Russian companies
♣️JavaScript to Command-and-Control (C2) Server Malware
♣️Magento Credit Card Stealer Disguised in an <img> Tag
♣️New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs
♣️Ransomware Roundup – Lynx
♣️ Hey SDDL SDDL: Breaking Down Windows Security One ACE at a Time
♣️Qilin Ransomware: Exposing the TTPs Behind One of the Most Active Ransomware Campaigns of 2024
♣️Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks
♣️Don’t Ghost the SocGholish: GhostWeaver Backdoor
♣️Lumma Stealer Chronicles: PDF-themed Campaign Using Compromised Educational Institutions' Infrastructure
♣️LDAPNightmare Spoof Stealer
⭐️@APTANALYSIS

♣️Все резервные копии были загружены в канал Telegram Black Market, и с этого момента вы можете получить доступ к этим материалам только по следующей ссылке. Также эти файлы будут обновляться, и к ним будут добавляться другие элементы.
所有备份文件已上传到Telegram频道Black Market，从现在开始，您只能通过以下链接访问这些内容。此外，这些文件将会被更新，并且会添加其他内容。
https://t.me/c/2254860811/492
⭐️@APTANALYSIS

♣️Evading Microsoft Defender
🤷Blog : https://blog.shellntel.com/p/evading-microsoft-defender
⭐️@APTANALYSIS

♣️CVE-2022-31199 : NETWRIX AUDITOR ADVISORY SUMMARY
👁Blog : https://bishopfox.com/blog/netwrix-auditor-advisory
♣️CVE-2025-1094 : PostgreSQL SQLi
👁Blog : [Emulation] [Repo2] [3]
⭐️@APTANALYSIS

♣️By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)
👁Blog : https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in-veeam-backup-replication-cve-2025-23120/
⭐️@APTANALYSIS