♣️The Hunt for RedCurl
🔥Blog : https://www.huntress.com/blog/the-hunt-for-redcurl-2
⭐️@APTANALYSIS

♣️Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293)
📨Blog : https://birkep.github.io/posts/Windows-LPE/
⭐️@APTANALYSIS

♣️Reverse Engineering and Cataloging Vidar (Info stealer/Loader)
👁Blog : https://thetrueartist.co.uk/index.php/2025/02/01/reverse-engineering-and-cataloging-vidar-info-stealer-loader/
👁Full analysis: https://app.any.run/tasks/283a1f33-7238-44a1-9958-c4bb1ba65416
⭐️@APTANALYSIS

♣️Race Conditions Moderno Del Windows Kernel
📺https://wetw0rk.github.io/posts/0x08-race-conditions-moderno-del-windows-kernel
♣️Modern Windows Kernel Race Conditions
📺https://wetw0rk.github.io/posts/0x08-modern-windows-kernel-race-conditions/
⭐️@APTANALYSIS

♣️Linux Detection Engineering - A Continuation on Persistence Mechanisms
👁Blog : https://www.elastic.co/security-labs/continuation-on-persistence-mechanisms
⭐️@APTANALYSIS

♣️Exploit Development : Investigating Kernel Mode Shadow Stacks on Windows
🤩Blog : https://connormcgarr.github.io/km-shadow-stacks
♣️Disassembling a binary: linear sweep and recursive traversal
🤩Blog :https://nicolo.dev/en/blog/disassembling-binary-linear-recursive/
⭐️@APTANALYSIS

♣️Analysis of malicious HWP cases of 'APT37' group distributed through K messenger
🌎Blog : https://www.genians.co.kr/blog/threat_intelligence/k-messenger
⭐️@APTANALYSIS

♣️Malware Spotlight : RansomHub Ransomware
⚠️Blog : https://areteir.com/article/malware-spotlight-ransomhub-ransomware/
⭐️@APTANALYSIS

🎁 Computed cache list 1
♣️Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign
💫Blog : https://securityscorecard.com/blog/operation-phantom-circuit-north-koreas-global-data-exfiltration-campaign/
♣️Recent cases of watering hole attacks: Part 1,2
💫Blog : https://blog.apnic.net/2025/01/31/recent-cases-of-watering-hole-attacks-part-1/ [p2]
♣️Analysis of payloads used by the APT-C-60 (Pseudo Hunter) organization in recent years
💫Blog : QQ
♣️APT-C-26 (Lazarus) continues to upgrade its attack weapons, using Electron programs to target the cryptocurrency industry
💫Blog : QQ
♣️LockBit - Persistent TTPs in the Larger Ecosystem
💫Blog : https://redsense.com/publications/lockbit-persistent-ttps-in-larger-ecosystem/
⭐️@APTANALYSIS

🎁 Computed cache list 2
♣️OPA Gatekeeper Bypass Reveals Risks in Kubernetes Policy Engines
💫Blog : https://www.aquasec.com/blog/risks-misconfigured-kubernetes-policy-engines-opa-gatekeeper
♣️Exploiting Misconfigured Network Shares: A Gateway to Sensitive Information
💫Blog : https://habr.com/ru/companies/ussc/articles/878340
♣️Lifting Binaries, Part 0: Devirtualizing VMProtect and Themida: It's Just Flattening
💫Blog : https://nac-l.github.io/2025/01/25/lifting_0.html
⭐️@APTANALYSIS

♣️Sparkcat stealer in app store and google play
👁Blog : https://securelist.ru/sparkcat-stealer-in-app-store-and-google-play/111638
⭐️@APTANALYSIS

♣️Tracing the Path From SmartApeSG to NetSupport RAT
🐁Blog : https://www.team-cymru.com/post/tracing-the-path-from-smartapesg-to-netsupport-rat
⭐️@APTANALYSIS

♣️8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur
🔴Blog : https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/
⭐️@APTANALYSIS

♣️Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks (CVE-2025-0411)
💀Blog : https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html
⭐️@APTANALYSIS

♣️Practical Incident Response - Active Directory
😈Blog : https://nxb1t.is-a.dev/incident-response/practical_ir_ad/
💡Lab : https://nxb1t.is-a.dev/lab-setups/ad_lab
⭐️@APTANALYSIS

♣️Rat Race: ValleyRAT Malware Targets Organizations with New Delivery Techniques
⛓Blog : https://www.morphisec.com/blog/rat-race-valleyrat-malware-china
⭐️@APTANALYSIS

🎁 Computed cache list 3
♣️Queries can be used to coerce SMB authentication from SCCM client hosts
💀Blog : https://posts.specterops.io/further-adventures-with-cmpivot-client-coercion-38b878b740ac
♣️Super-charging Bug Bounty Hunting with the Power of AI
💀Blog : https://blog.ethiack.com/blog/supercharging-bug-bounty-hunting-with-ai
♣️Replacing a Space Heater Firmware Over WiFi
💀Blog : https://blog.includesecurity.com/2025/02/replacing-a-space-heater-firmware-over-wifi/
♣️GreenSpot APT Targets 163.com Users with Fake Download Pages & Spoofed Domains
💀Blog : https://hunt.io/blog/greenspot-apt-targets-163com-fake-downloads-spoofing
♣️Infrastructure Laundering: Silent Push Exposes Cloudy Behavior Around FUNNULL CDN Renting IPs from Big Tech
💀Blog :https://www.silentpush.com/blog/infrastructure-laundering/
♣️Coyote Banking Trojan: A Stealthy Attack via LNK Files
💀Blog : https://www.fortinet.com/blog/threat-research/coyote-banking-trojan-a-stealthy-attack-via-lnk-files
⭐️@APTANALYSIS

♣️Exploiting Reversing (ER) series
🚬File-List : https://exploitreversing.com/wp-content/uploads/2025/02/exploit_reversing_04.pdf
♣️Mali-cious Intent: Exploiting GPU Vulnerabilities (CVE-2022-22706 / CVE-2021-39793)
👁Blog : https://starlabs.sg/blog/2025/12-mali-cious-intent-exploiting-gpu-vulnerabilities-cve-2022-22706/
⭐️@APTANALYSIS

♣️Cybereason Research List (2024-2025)
🎣THREAT ALERT: DarkGate Loader
➡️Blog : https://www.cybereason.com/blog/threat-alert-darkgate-loader
🎣THREAT ALERT: Ivanti Connect Secure VPN Zero-Day Exploitation
➡️Blog : https://www.cybereason.com/blog/threat-alert-ivanti-connect-secure-vpn-zero-day-exploitation
🎣From Cracked to Hacked: Malware Spread via YouTube Videos
➡️Blog : https://www.cybereason.com/blog/from-cracked-to-hacked-malware-spread-via-youtube-videos
🎣Unboxing Snake - Python Infostealer Lurking Through Messaging Services
➡️Blog : https://www.cybereason.com/blog/unboxing-snake-python-infostealer-lurking-through-messaging-service
🎣Beware of the Messengers, Exploiting ActiveMQ Vulnerability
➡️Blog : https://www.cybereason.com/blog/beware-of-the-messengers-exploiting-activemq-vulnerability
🎣Threat Alert: The Anydesk Breach Aftermath
➡️Blog : https://www.cybereason.com/blog/threat-alert-the-anydesk-breach-aftermath
🎣Behind Closed Doors: The Rise of Hidden Malicious Remote Access
➡️Blog : https://www.cybereason.com/blog/behind-closed-doors-the-rise-of-hidden-malicious-remote-access
🎣THREAT ALERT: The XZ Backdoor - Supply Chaining Into Your SSH
➡️Blog : https://www.cybereason.com/blog/threat-alert-the-xz-backdoor
🎣I am Goot (Loader)
➡️Blog : https://www.cybereason.com/blog/i-am-goot-loader
🎣Hardening of HardBit
➡️Blog : https://www.cybereason.com/blog/hardening-of-hardbit
🎣Cuckoo Spear – the latest Nation-state Threat Actor targeting Japanese companies
➡️Blog : https://www.cybereason.com/blog/cuckoo-spear
🎣Capability vs. Usability
➡️Blog : https://www.cybereason.com/blog/capability-vs-usability
🎣CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective
➡️Blog : https://www.cybereason.com/blog/cuckoo-spear-analyzing-noopdoor
🎣CUCKOO SPEAR Part 2: Threat Actor Arsenal
➡️Blog : https://www.cybereason.com/blog/cuckoo-spear-pt2-threat-actor-arsenal
🎣The Great Debate: On-Premise vs. Cloud based EDR
➡️Blog : https://www.cybereason.com/blog/on-premise-vs-cloud-based-edr
🎣THREAT ANALYSIS: Beast Ransomware
➡️Blog : https://www.cybereason.com/blog/threat-analysis-beast-ransomware
🎣Stellar Discovery of A New Cluster of Andromeda/Gamarue C2
➡️Blog :https://www.cybereason.com/blog/new-cluster-andromeda-gamrue-c2
🎣Your Data Is Under New Lummanagement: The Rise of LummaStealer
➡️Blog : https://www.cybereason.com/blog/threat-analysis-rise-of-lummastealer
🎣Phorpiex - Downloader Delivering Ransomware
➡️Blog :https://www.cybereason.com/blog/threat-analysis-phorpiex-downloader
⭐️@APTANALYSIS

♣️Accidentally uncovering a seven years old vulnerability in the Linux kernel
🌙Blog : https://allelesecurity.com/accidentally-uncovering-a-seven-years-old-vulnerability-in-the-linux-kernel/
⭐️@APTANALYSIS

♣️Stealers on the Rise: A Closer Look at a Growing macOS Threat
🍭Blog : https://unit42.paloaltonetworks.com/macos-stealers-growing
⭐️@APTANALYSIS