APT ANALYSIS

Bring your own vulnerable driver’ attack technique is becoming popular among threat actors
https://cybernews.com/security/bring-your-own-vulnerable-driver-attack/

To practice Bring Your Own Vulnerable Driver (BYOVD) techniques from the CETP course, I set out to develop a toolkit leveraging a kernel-level read/write primitive to bypass security mechanisms such as LSASS’s RunasPPL protection and to enumerate and remove EDR telemetry via kernel callback manipulation. For the vulnerable driver, I used the well-known RTCore64.sys from MSI Afterburner.

⭐️@APTANALYSIS

1.14K views20:08

APT ANALYSIS

Bring your own vulnerable driver’ attack technique is becoming popular among threat actors https://cybernews.com/security/bring-your-own-vulnerable-driver-attack/ To practice Bring Your Own Vulnerable Driver (BYOVD) techniques from the CETP course, I set…

Bypassing Enrollment Restrictions to Break BYOD Barriers in Intune
Blog: https://temp43487580.github.io/intune/bypass-enrollment-restictions-to-break-byod-barriers-in-intune/

⭐️@APTANALYSIS

temp43487580.github.io

Bypassing Enrollment Restrictions to Break BYOD Barriers in Intune

Ways of device ownership spoofing and more for persistent access to Intune

989 views15:33

APT ANALYSIS

♣️Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware
🌟Blog : https://www.trendmicro.com/en_us/research/25/h/warlock-ransomware.html
♣️Investigation Report: APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Delivery
🌟Blog : https://www.cloudsek.com/blog/investigation-report-apt36-malware-campaign-using-desktop-entry-files-and-google-drive-payload-delivery
♣️APT MuddyWater Deploys Multi-Stage Phishing to Target CFOs
🌟Blog : https://hunt.io/blog/apt-muddywater-deploys-multi-stage-phishing-to-target-cfos
♣️Phantom Pains: A Massive Cyber Espionage Campaign and Possible Split of the PhantomCore APT Group
🌟Blog : https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/phantom-pains-a-large-scale-cyber-espionage-campaign-and-a-possible-split-of-the-apt-group-phantomcore/#id1
♣️Think before you Click(Fix): Analyzing the ClickFix social engineering technique
🌟Blog : https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/
♣️A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor
🌟Blog : https://cloud.google.com/blog/topics/threat-intelligence/analyzing-cornflake-v3-backdoor/
♣️Examining the tactics of BQTLOCK Ransomware & its variants
🌟Blog : https://labs.k7computing.com/index.php/examining-the-tactics-of-bqtlock-ransomware-its-variants/

⭐️

@APTANALYSIS

Please open Telegram to view this post

VIEW IN TELEGRAM

1.25K views17:09

APT ANALYSIS

♣️

Operating Outside the Box: NTLM Relaying Low-Privilege HTTP Auth to LDAP
Blog : https://specterops.io/blog/2025/08/22/operating-outside-the-box-ntlm-relaying-low-privilege-http-auth-to-ldap

⭐️

@APTANALYSIS

Please open Telegram to view this post

VIEW IN TELEGRAM

1.14K views07:19

APT ANALYSIS

Machine Account Takeover with LsaStorePrivateData()
Blog: https://pentest.party/posts/2025/ksetup-machine-password/
⭐️@APTANALYSIS

1.17K views23:35

APT ANALYSIS

This media is not supported in your browser

VIEW IN TELEGRAM

Finding Malware: DIRTYBULK and Friends - USB Infections To Fuel Cybercriminal Coinmining Operations
Blog: https://security.googlecloudcommunity.com/community-blog-42/finding-malware-dirtybulk-and-friends-usb-infections-to-fuel-cybercriminal-coinmining-operations-5552
⭐️@APTANALYSIS

1.43K views09:54

APT ANALYSIS

AppSuite PDF Editor Backdoor: A Detailed Technical Analysis
Blog: https://www.gdatasoftware.com/blog/2025/08/38257-appsuite-pdf-editor-backdoor-analysis
⭐️@APTANALYSIS

1.71K views08:20

APT ANALYSIS

Three Lazarus RATs coming for your cheese
Blog:https://blog.fox-it.com/2025/09/01/three-lazarus-rats-coming-for-your-cheese/
⭐️@APTANALYSIS

1.46K views18:23

APT ANALYSIS

The One-Man APT, Part I: A Picture That Can Execute Code on the Target
Blog:https://hackers-arise.com/the-one-man-apt-part-i-a-picture-that-can-execute-code-on-the-target/
⭐️@APTANALYSIS

1.93K views05:25

APT ANALYSIS

♣️Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs
Blog :https://thedfirreport.com/2025/09/08/blurring-the-lines-intrusion-shows-connection-with-three-major-ransomware-gangs/

⭐️

@APTANALYSIS

Please open Telegram to view this post

VIEW IN TELEGRAM

2.02K views10:49

APT ANALYSIS

An analysis of the Gentlemen ransomware group, which employs advanced, adaptive tactics, techniques, and procedure to target critical industries worldwide.
Blog: https://www.trendmicro.com/en_us/research/25/i/unmasking-the-gentlemen-ransomware.html
⭐️@APTANALYSIS

2.46K views01:05

APT ANALYSIS

Remote DLL Injection with Timer-based Shellcode Execution
https://github.com/andreisss/Remote-DLL-Injection-with-Timer-based-Shellcode-Execution
⭐️@APTANALYSIS

2.59K views05:40

APT ANALYSIS

♣️

Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets
🐈‍⬛Blog : https://dti.domaintools.com/threat-intelligence-report-apt35-internal-leak-of-hacking-campaigns-against-lebanon-kuwait-turkey-saudi-arabia-korea-and-domestic-iranian-targets

⭐️

@APTANALYSIS

Please open Telegram to view this post

VIEW IN TELEGRAM

1.71K views08:23