♣️Further insights into Ivanti CSA 4.6 vulnerabilities exploitation
🐈Blog : https://harfanglab.io/insidethelab/insights-ivanti-csa-exploitation
♣️Detecting cases of Akira Ransomware Attacks with AhnLab EDR
🐈Blog : https://asec.ahnlab.com/ko/86186
♣️Linux Detection Engineering - Approaching the Summit on Persistence Mechanisms
🐈Blog : https://www.elastic.co/security-labs/approaching-the-summit-on-persistence
♣️Inside a Malware Campaign: A Nigerian Hacker’s Perspective
🐈Blog : https://cyberarmor.tech/inside-a-malware-campaign-a-nigerian-hackers-perspective
♣️RATatouille: Cooking Up Chaos in the I2P Kitchen
🐈Blog : https://blog.sekoia.io/ratatouille-cooking-up-chaos-in-the-i2p-kitchen
♣️Secret message: TE-558 steganism ploys in cyber attacks on enterprises of Russia and Belarus
🐈Blog : https://www.facct.ru/blog/ta558
♣️ Persistent Threats from the Kimsuky Group Using RDP Wrapper
🐈Blog : https://asec.ahnlab.com/en/86098
♣️NetSupport RAT Clickfix Distribution
🐈Blog : https://www.esentire.com/security-advisories/netsupport-rat-clickfix-distribution
⭐️@APTANALYSIS

♣️How We Hacked a Software Supply Chain for $50K
💰Blog : https://www.landh.tech/blog/20250211-hack-supply-chain-for-50k/
♣️Leaking the email of any YouTube user for $10,000
💰Blog : https://brutecat.com/articles/leaking-youtube-emails
♣️From Convenience to Contagion: The Half-Day Threat and Libarchive Vulnerabilities Lurking in Windows 11
📺Blog : https://devco.re/blog/2025/02/12/from-convenience-to-contagion-the-half-day-threat-and-libarchive-vulnerabilities-lurking-in-windows-11-en/
♣️cloud image name confusion attack
📺Blog : https://securitylabs.datadoghq.com/articles/whoami-a-cloud-image-name-confusion-attack/
⭐️@APTANALYSIS

♣️Nginx/Apache Path Confusion to Auth Bypass in PAN-OS (CVE-2025-0108)
⚰️Blog : https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os
⭐️@APTANALYSIS

♣️The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
👁Blog : https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation
♣️Curious case of AD CS ESC15 vulnerable instance and its manual exploitation
👁Blog : https://www.mannulinux.org/2025/02/Curious-case-of-AD-CS-ESC15-vulnerable-instance-and-its-manual-exploitation.html
♣️Anti-Rootkit Techniques
👁Part 1 : https://eversinc33.com/posts/anti-anti-rootkit-part-i.html
👁Part 2 : https://eversinc33.com/posts/anti-anti-rootkit-part-ii.html
👁Part 3 : https://eversinc33.com/posts/anti-anti-rootkit-part-iii.html
♣️SonicWall CVE-2024-53704: SSL VPN Session Hijacking
👁Blog : https://bishopfox.com/blog/sonicwall-cve-2024-53704-ssl-vpn-session-hijacking
♣️Exploring the DOMPurify library
👁Part 1 : https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixes
👁Part 2 : https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurations
⭐️@APTANALYSIS

♣️Malware installed using the Ivanti Connect Secure vulnerability
⚗️Blog : https://blogs.jpcert.or.jp/ja/2025/02/spawnchimera.html
♣️You've Got Malware: FINALDRAFT Hides in Your Drafts
⚗️Blog : https://www.elastic.co/security-labs/finaldraft
♣️RevivalStone: Winnti Group's attack campaign targeting Japanese organizations
⚗️Blog : https://www-lac-co-jp.translate.goog/lacwatch/report/20250213_004283.html
♣️Digital Breadcrumbs in Memory: Unmasking a Web Server Compromise
⚗️Blog : https://www.securityblue.team/blog/posts/digital-breadcrumbs-memory-web-server-compromise
♣️CTO at NCSC Summary: week ending February 16th
⚗️Blog : https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-february-db4
♣️Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
⚗️Blog : https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication
♣️Lazarus Backdoor with IT Lure
⚗️Blog : https://dmpdump.github.io/posts/Lazarus-Backdoor-ITLure/
♣️MAC(B)ypassing for Persistence
⚗️Blog : https://medium.com/@hacksplaining/mac-b-ypassing-for-persistence-22e425ca7c85
♣️Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
⚗️Blog : https://socket.dev/blog/malicious-package-exploits-go-module-proxy-caching-for-persistence
♣️Lurking in the shadows: Unsupervised decoding of beaconing communication for enhanced cyber threat hunting
⚗️Blog : https://www.sciencedirect.com/science/article/pii/S1084804525000244
⭐️@APTANALYSIS

♣️Velvet Chollima APT Adversary Simulation
🙂Blog : https://github.com/S3N4T0R-0X0/APT-Attack-Simulation/tree/main/North%20Koreans%20APT/Velvet%20Chollima
🔥Blog : https://medium.com/@S3N4T0R/labyrinth-chollima-apt-adversary-simulation-b4f6a79bb68f
♣️Concealing Payloads: Hiding Shellcode in Image Files with Python and C/C++
🐍Blog : https://wafflesexploits.github.io/posts/Hide_a_Payload_in_Plain_Sight_Embedding_Shellcode_in_a_Image_file/
🩸Repo : https://github.com/WafflesExploits/hide-payload-in-images
⭐️@APTANALYSIS

♣️Unraveling the Many Stages and Techniques Used by RedCurl/EarthKapre APT
#️⃣Blog : https://www.esentire.com/blog/unraveling-the-many-stages-and-techniques-used-by-redcurl-earthkapre-apt
♣️How to check for OAuth apps with specific Graph permissions assigned
#️⃣Blog : https://jeffreyappel.nl/how-to-check-for-oauth-apps-with-specific-graph-permissions-assigned/
♣️Writing a Ghidra processor module
#️⃣Blog : https://irisc-research-syndicate.github.io/2025/02/14/writing-a-ghidra-processor-module/
♣️Infostealing Malware Infections in the U.S. Military & Defense Sector: A Cybersecurity Disaster in the Making
#️⃣Blog : https://www.infostealers.com/article/infostealing-malware-infections-in-the-u-s-military-defense-sector-a-cybersecurity-disaster-in-the-making/
♣️Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the Popular Vulnerability Scanner (CVE-2024-43405)
#️⃣Blog : https://www.wiz.io/blog/nuclei-signature-verification-bypass
♣️How Wiz found a Critical NVIDIA AI vulnerability:  Deep Dive into a container escape (CVE-2024-0132)
#️⃣Blog : https://www.wiz.io/blog/nvidia-ai-vulnerability-deep-dive-cve-2024-0132
♣️Debugging An Undebuggable App
#️⃣Blog : https://bryce.co/undebuggable/
⭐️@APTANALYSIS

♣️BTMOB RAT: Newly Discovered Android Malware Spreading via Phishing Sites
♣️Hunters International Ransomware: Tactics, Impact, and Defense Strategies
♣️Threat updates: AidLocker/Frag - new variants of HellCat/Morpheus ransomware
♣️Dark Web Profile: Fog Ransomware
♣️Merlin, Loki buddy: another agent for Mythic attacks Russian companies
♣️JavaScript to Command-and-Control (C2) Server Malware
♣️Magento Credit Card Stealer Disguised in an <img> Tag
♣️New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs
♣️Ransomware Roundup – Lynx
♣️ Hey SDDL SDDL: Breaking Down Windows Security One ACE at a Time
♣️Qilin Ransomware: Exposing the TTPs Behind One of the Most Active Ransomware Campaigns of 2024
♣️Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks
♣️Don’t Ghost the SocGholish: GhostWeaver Backdoor
♣️Lumma Stealer Chronicles: PDF-themed Campaign Using Compromised Educational Institutions' Infrastructure
♣️LDAPNightmare Spoof Stealer
⭐️@APTANALYSIS

♣️Все резервные копии были загружены в канал Telegram Black Market, и с этого момента вы можете получить доступ к этим материалам только по следующей ссылке. Также эти файлы будут обновляться, и к ним будут добавляться другие элементы.
所有备份文件已上传到Telegram频道Black Market，从现在开始，您只能通过以下链接访问这些内容。此外，这些文件将会被更新，并且会添加其他内容。
https://t.me/c/2254860811/492
⭐️@APTANALYSIS

♣️Evading Microsoft Defender
🤷Blog : https://blog.shellntel.com/p/evading-microsoft-defender
⭐️@APTANALYSIS

♣️CVE-2022-31199 : NETWRIX AUDITOR ADVISORY SUMMARY
👁Blog : https://bishopfox.com/blog/netwrix-auditor-advisory
♣️CVE-2025-1094 : PostgreSQL SQLi
👁Blog : [Emulation] [Repo2] [3]
⭐️@APTANALYSIS

♣️By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)
👁Blog : https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in-veeam-backup-replication-cve-2025-23120/
⭐️@APTANALYSIS

♣️IngressNightmare : Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX
✨CVE-2025-1097
👁‍🗨CVE-2025-1098
🔪CVE-2025-24514
😐CVE-2025-1974
🚬Blog : https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
⭐️@APTANALYSIS

♣️C2 Redirectors: Advanced Infrastructure for Modern Red Team Operations
👹Blog : https://xbz0n.sh/blog/c2-redirectors
⭐️@APTANALYSIS

♣️Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor's Infrastructure
🔥Blog : https://www.resecurity.com/blog/article/blacklock-ransomware-a-late-holiday-gift-with-intrusion-into-the-threat-actors-infrastructure
⭐️@APTANALYSIS

♣️wsrp4echo - 0day Chain Vulnerability
🔥Blog : https://medium.com/@aryanchehreghani/wsrp4echo-0day-chain-vulnerability-fd2c395dc45b
⭐️@APTANALYSIS

♣️Bypassing Windows Defender antivirus in 2025. Using Direct Syscalls and XOR encryption.
🎩Part 1 : https://www.hackmosphere.fr/bypass-windows-defender-antivirus-2025-part-1/
🎩Part 2 :
https://www.hackmosphere.fr/bypass-windows-defender-antivirus-2025-part-2/
⭐️@APTANALYSIS

♣️Operation SyncHole: Lazarus APT goes back to the well
💀Blog : https://securelist.com/operation-synchole-watering-hole-attacks-by-lazarus/116326
⭐️@APTANALYSIS

♣️Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations
👼Blog : https://www.trendmicro.com/en_us/research/25/d/russian-infrastructure-north-korean-cybercrime.html
⭐️@APTANALYSIS