Please open Telegram to view this post
VIEW IN TELEGRAM
APT-C-36 (Blind Eagle) group escalates its tactics in new attack campaigns
[1]https://mp.weixin.qq.com/s/wLDUwr3WVuO37eAOrXs8ag
[2]https://mp.weixin.qq.com/s/DDCCjhBjUTa7Ia4Hggsa1A
⭐️@APTANALYSIS
[1]https://mp.weixin.qq.com/s/wLDUwr3WVuO37eAOrXs8ag
[2]https://mp.weixin.qq.com/s/DDCCjhBjUTa7Ia4Hggsa1A
⭐️@APTANALYSIS
CVE-2025–32713: Windows Common Log File System Driver Local Privilege Escalation Vulnerability
https://hackyboiz.github.io/2025/08/13/ogu123/cve-2025%E2%80%9332713/
⭐️@APTANALYSIS
https://hackyboiz.github.io/2025/08/13/ogu123/cve-2025%E2%80%9332713/
⭐️@APTANALYSIS
This media is not supported in your browser
VIEW IN TELEGRAM
FileJacking – Initial Access with File System API
https://print3m.github.io/blog/filejacking-initial-access-with-file-system-api
⭐️@APTANALYSIS
https://print3m.github.io/blog/filejacking-initial-access-with-file-system-api
⭐️@APTANALYSIS
Please open Telegram to view this post
VIEW IN TELEGRAM
What is KawaLocker ransomware?
https://www.huntress.com/blog/kawalocker-ransomware-deployed
⭐️@APTANALYSIS
https://www.huntress.com/blog/kawalocker-ransomware-deployed
⭐️@APTANALYSIS
Netexec Workshop Active Directory Lab Writeup
Blog: https://blog.anh4ckin.ch/posts/netexec-workshop2k25/
⭐️@APTANALYSIS
Blog: https://blog.anh4ckin.ch/posts/netexec-workshop2k25/
⭐️@APTANALYSIS
CrossC2 framework
generate CobaltStrike's cross-platform payload:
https://github.com/gloxec/CrossC2.git
Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon's Reach to Linux and macOS
https://thehackernews.com/2025/08/researchers-warn-crossc2-expands-cobalt.html?m=1
⭐️@APTANALYSIS
generate CobaltStrike's cross-platform payload:
https://github.com/gloxec/CrossC2.git
Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon's Reach to Linux and macOS
https://thehackernews.com/2025/08/researchers-warn-crossc2-expands-cobalt.html?m=1
⭐️@APTANALYSIS
Dissecting PipeMagic: Inside the architecture of a modular backdoor framework
https://www.microsoft.com/en-us/security/blog/2025/08/18/dissecting-pipemagic-inside-the-architecture-of-a-modular-backdoor-framework/
⭐️@APTANALYSIS
https://www.microsoft.com/en-us/security/blog/2025/08/18/dissecting-pipemagic-inside-the-architecture-of-a-modular-backdoor-framework/
⭐️@APTANALYSIS
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
Bring your own vulnerable driver’ attack technique is becoming popular among threat actors
https://cybernews.com/security/bring-your-own-vulnerable-driver-attack/
To practice Bring Your Own Vulnerable Driver (BYOVD) techniques from the CETP course, I set out to develop a toolkit leveraging a kernel-level read/write primitive to bypass security mechanisms such as LSASS’s RunasPPL protection and to enumerate and remove EDR telemetry via kernel callback manipulation. For the vulnerable driver, I used the well-known RTCore64.sys from MSI Afterburner.
⭐️@APTANALYSIS
https://cybernews.com/security/bring-your-own-vulnerable-driver-attack/
To practice Bring Your Own Vulnerable Driver (BYOVD) techniques from the CETP course, I set out to develop a toolkit leveraging a kernel-level read/write primitive to bypass security mechanisms such as LSASS’s RunasPPL protection and to enumerate and remove EDR telemetry via kernel callback manipulation. For the vulnerable driver, I used the well-known RTCore64.sys from MSI Afterburner.
⭐️@APTANALYSIS
APT ANALYSIS
Bring your own vulnerable driver’ attack technique is becoming popular among threat actors https://cybernews.com/security/bring-your-own-vulnerable-driver-attack/ To practice Bring Your Own Vulnerable Driver (BYOVD) techniques from the CETP course, I set…
Bypassing Enrollment Restrictions to Break BYOD Barriers in Intune
Blog: https://temp43487580.github.io/intune/bypass-enrollment-restictions-to-break-byod-barriers-in-intune/
⭐️@APTANALYSIS
Blog: https://temp43487580.github.io/intune/bypass-enrollment-restictions-to-break-byod-barriers-in-intune/
⭐️@APTANALYSIS
temp43487580.github.io
Bypassing Enrollment Restrictions to Break BYOD Barriers in Intune
Ways of device ownership spoofing and more for persistent access to Intune
Please open Telegram to view this post
VIEW IN TELEGRAM
Blog : https://specterops.io/blog/2025/08/22/operating-outside-the-box-ntlm-relaying-low-privilege-http-auth-to-ldap
Please open Telegram to view this post
VIEW IN TELEGRAM
Machine Account Takeover with LsaStorePrivateData()
Blog: https://pentest.party/posts/2025/ksetup-machine-password/
⭐️@APTANALYSIS
Blog: https://pentest.party/posts/2025/ksetup-machine-password/
⭐️@APTANALYSIS
This media is not supported in your browser
VIEW IN TELEGRAM
Finding Malware: DIRTYBULK and Friends - USB Infections To Fuel Cybercriminal Coinmining Operations
Blog: https://security.googlecloudcommunity.com/community-blog-42/finding-malware-dirtybulk-and-friends-usb-infections-to-fuel-cybercriminal-coinmining-operations-5552
⭐️@APTANALYSIS
Blog: https://security.googlecloudcommunity.com/community-blog-42/finding-malware-dirtybulk-and-friends-usb-infections-to-fuel-cybercriminal-coinmining-operations-5552
⭐️@APTANALYSIS
AppSuite PDF Editor Backdoor: A Detailed Technical Analysis
Blog: https://www.gdatasoftware.com/blog/2025/08/38257-appsuite-pdf-editor-backdoor-analysis
⭐️@APTANALYSIS
Blog: https://www.gdatasoftware.com/blog/2025/08/38257-appsuite-pdf-editor-backdoor-analysis
⭐️@APTANALYSIS
Three Lazarus RATs coming for your cheese
Blog:https://blog.fox-it.com/2025/09/01/three-lazarus-rats-coming-for-your-cheese/
⭐️@APTANALYSIS
Blog:https://blog.fox-it.com/2025/09/01/three-lazarus-rats-coming-for-your-cheese/
⭐️@APTANALYSIS