#Malware_analysis
1. Analysis on Docker Hub malicious images: Attacks through public container images
https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images
2. Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms
https://blog.bushidotoken.net/2022/11/detecting-and-fingerprinting.html
1. Analysis on Docker Hub malicious images: Attacks through public container images
https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images
2. Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms
https://blog.bushidotoken.net/2022/11/detecting-and-fingerprinting.html
Sysdig
Analysis on Docker Hub malicious images: Attacks through public container images | Sysdig
The Sysdig TRT performed an analysis of over 250,000 Linux images on Docker Hub to detect malicious payloads hidden in the containers images.
#tools
#Blue_Team_Techniques
SCuBA M365 Security Baseline Assessment Tool
https://github.com/cisagov/ScubaGear
#Blue_Team_Techniques
SCuBA M365 Security Baseline Assessment Tool
https://github.com/cisagov/ScubaGear
GitHub
GitHub - cisagov/ScubaGear: Automation to assess the state of your M365 tenant against CISA's baselines
Automation to assess the state of your M365 tenant against CISA's baselines - cisagov/ScubaGear
#tools
#Red_Team_Tactics
1. A Dive into Microsoft Defender for Identity
https://www.synacktiv.com/publications/a-dive-into-microsoft-defender-for-identity.html
2. A New Way of Exploiting Jolokia RCE/JDBC Attack
https://pyn3rd.github.io/2022/11/15/A-New-Way-to-Trigger-Jolokia-Remote-Code-Execution
3. Empire - PowerShell/Python 3.x post-exploitation/adversary emulation framework
https://github.com/BC-SECURITY/Empire
#Red_Team_Tactics
1. A Dive into Microsoft Defender for Identity
https://www.synacktiv.com/publications/a-dive-into-microsoft-defender-for-identity.html
2. A New Way of Exploiting Jolokia RCE/JDBC Attack
https://pyn3rd.github.io/2022/11/15/A-New-Way-to-Trigger-Jolokia-Remote-Code-Execution
3. Empire - PowerShell/Python 3.x post-exploitation/adversary emulation framework
https://github.com/BC-SECURITY/Empire
Synacktiv
A dive into Microsoft Defender for Identity
#IoT_Security
1. Vulnerabilities in BMC Firmware Affect OT/IoT Device Security
https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1
2. IoT Security Administrator’s Guide
https://docs.paloaltonetworks.com/iot/iot-security-admin
1. Vulnerabilities in BMC Firmware Affect OT/IoT Device Security
https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1
2. IoT Security Administrator’s Guide
https://docs.paloaltonetworks.com/iot/iot-security-admin
Nozominetworks
Vulnerabilities in BMC Firmware Affect OT/IoT Device Security – Part 1
Nozomi Networks Security Researchers disclose 13 vulnerabilities affecting Baseboard Management Controllers (BMCs), which may allow an attacker to achieve RCE.
#exploit
1. CVE-2022-39425:
Vulnerability in Oracle VM VirtualBox <6.1.40 (Core)
https://github.com/bob11vrdp/CVE-2022-39425
2. Analysis and exploitation of an uninitialized pointer vulnerability affecting certain TP-LINK routers
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
3. CVE-2022-22971:
Spring Framework DoS with STOMP over WebSocket
https://github.com/tchize/CVE-2022-22971
1. CVE-2022-39425:
Vulnerability in Oracle VM VirtualBox <6.1.40 (Core)
https://github.com/bob11vrdp/CVE-2022-39425
2. Analysis and exploitation of an uninitialized pointer vulnerability affecting certain TP-LINK routers
https://github.com/b1ack0wl/vulnerability-write-ups/blob/master/TP-Link/WR940N/112022/Part1.md
3. CVE-2022-22971:
Spring Framework DoS with STOMP over WebSocket
https://github.com/tchize/CVE-2022-22971
GitHub
GitHub - bob11vrdp/CVE-2022-39425: CVE-2022-39425 PoC
CVE-2022-39425 PoC. Contribute to bob11vrdp/CVE-2022-39425 development by creating an account on GitHub.
NIST.SP.800-215.pdf
1 MB
#Infosec_Standards
NIST SP 800-215: "Guide to a Secure Enterprise Network Landscape", August 5, 2022.
NIST SP 800-215: "Guide to a Secure Enterprise Network Landscape", August 5, 2022.
AUTOARMOR.pdf
1 MB
#Research
"Automatic Policy Generation for Inter-Service Access Control of Microservices", 2021.
"Automatic Policy Generation for Inter-Service Access Control of Microservices", 2021.
Investigating_co-occurrences_MITRE.pdf
538.7 KB
#Research
"Investigating co-occurrences of MITRE ATT\&CK Techniques", 2022.
"Investigating co-occurrences of MITRE ATT\&CK Techniques", 2022.
CPG_CHECKLIST_508c.pdf
356.1 KB
#Infosec_Standards
CISA Cybersecurity Performance Goals (CPG) Checklist
]-> Cross-Sector Cybersecurity Performance Goals 2022 (.pdf):
https://www.cisa.gov/sites/default/files/publications/2022_00092_CISA_CPG_Report_508c.pdf
CISA Cybersecurity Performance Goals (CPG) Checklist
]-> Cross-Sector Cybersecurity Performance Goals 2022 (.pdf):
https://www.cisa.gov/sites/default/files/publications/2022_00092_CISA_CPG_Report_508c.pdf
🔥Mind the Gap
The week before FirstCon22, Maddie gave an internal preview of her talk("0-day In-the-Wild Exploitation in 2022…so far"). Inspired by the description of an in-the-wild vulnerability in low-level memory management code, fellow Project Zero researcher Jann Horn started auditing the ARM Mali GPU driver. Over the next three weeks, Jann found five more exploitable vulnerabilities (2325, 2327, 2331, 2333, 2334).
⚠️The vulnerabilities discussed in this blog post (CVE-2022-33917) are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo and others). Devices with a Mali GPU are currently vulnerable.
The week before FirstCon22, Maddie gave an internal preview of her talk("0-day In-the-Wild Exploitation in 2022…so far"). Inspired by the description of an in-the-wild vulnerability in low-level memory management code, fellow Project Zero researcher Jann Horn started auditing the ARM Mali GPU driver. Over the next three weeks, Jann found five more exploitable vulnerabilities (2325, 2327, 2331, 2333, 2334).
⚠️The vulnerabilities discussed in this blog post (CVE-2022-33917) are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo and others). Devices with a Mali GPU are currently vulnerable.
Forwarded from 卩ro 爪Cracker
SANS_DFPS_FOR585_v3.5_1122.pdf
1.4 MB
Forwarded from 卩ro 爪Cracker
otp
One Time Password utilities Go / Golang
One Time Passwords (OTPs) are an mechanism to improve security over passwords alone. When a Time-based OTP (TOTP) is stored on a user's phone, and combined with something the user knows (Password), you have an easy on-ramp to Multi-factor authentication without adding a dependency on a SMS provider. This Password and TOTP combination is used by many popular websites including Google, GitHub, Facebook, Salesforce and many others.
The otp library enables you to easily add TOTPs to your own application, increasing your user's security against mass-password breaches and malware.
https://github.com/pquerna/otp
One Time Password utilities Go / Golang
One Time Passwords (OTPs) are an mechanism to improve security over passwords alone. When a Time-based OTP (TOTP) is stored on a user's phone, and combined with something the user knows (Password), you have an easy on-ramp to Multi-factor authentication without adding a dependency on a SMS provider. This Password and TOTP combination is used by many popular websites including Google, GitHub, Facebook, Salesforce and many others.
The otp library enables you to easily add TOTPs to your own application, increasing your user's security against mass-password breaches and malware.
https://github.com/pquerna/otp
Are you looking for OSINT books? In the overview below you will find various books about Open Source Intelligence (OSINT), Social Media Intelligence (SOCMINT), Privacy, Hacking, Red Teaming, Blue Teaming, Brand Protection, Automation and more!
▫️ https://www.aware-online.com/en/osint-books/
Cyber security post uploader admin @hayper007
▫️ https://www.aware-online.com/en/osint-books/
Cyber security post uploader admin @hayper007
Forwarded from 卩ro 爪Cracker
Xiongmai IoT Exploitation
https://ift.tt/3txnMOV
Submitted November 30, 2022 at 01:50AM by chicksdigthelongrun
via reddit https://ift.tt/E3C5Mpb
https://ift.tt/3txnMOV
Submitted November 30, 2022 at 01:50AM by chicksdigthelongrun
via reddit https://ift.tt/E3C5Mpb
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.