#Malware_analysis
1. BlueNoroff introduces new methods bypassing MoTW
https://securelist.com/bluenoroff-methods-bypass-motw/108383
2. GuLoader Dissection Reveals New Anti-Analysis Techniques and Code Injection Redundancy
https://www.crowdstrike.com/blog/guloader-dissection-reveals-new-anti-analysis-techniques-and-code-injection-redundancy
1. BlueNoroff introduces new methods bypassing MoTW
https://securelist.com/bluenoroff-methods-bypass-motw/108383
2. GuLoader Dissection Reveals New Anti-Analysis Techniques and Code Injection Redundancy
https://www.crowdstrike.com/blog/guloader-dissection-reveals-new-anti-analysis-techniques-and-code-injection-redundancy
Securelist
BlueNoroff introduces new methods bypassing MoTW
We continue to track the BlueNoroff group’s activities and this October we observed the adoption of new malware strains in its arsenal.
#reversing
L’art de l’évasion: How Shlayer hides its configuration inside Apple proprietary DMG files
https://objective-see.org/blog/blog_0x70.html
L’art de l’évasion: How Shlayer hides its configuration inside Apple proprietary DMG files
https://objective-see.org/blog/blog_0x70.html
objective-see.org
L’art de l’évasion
How Shlayer hides its configuration inside Apple proprietary DMG files
Malware_det_DL (1).pdf
4.1 MB
#Research
"A Survey of the Recent Trends in Deep Learning Based Malware Detection", 2022.
"A Survey of the Recent Trends in Deep Learning Based Malware Detection", 2022.
#𝑆𝑀𝑇𝑃𝑆 🟢🔥
HOST : smtp.eu.mailgun.org
PORT : 587
USER : postmaster@account.billada.com
PASS : f792a046ee0b4ddd9312a7d2bbb8cef7-8845d1b1-dd279cee
HOST : premium157.web-hosting.com
PORT : 587
USER : noreply@bridgepro.ca
PASSW : qComPass@Romi7664
SENDER : unknown@unknown.com
HOST : mail.msofficeskill.com
PORT : 587
USER : info@msofficeskill.com
PASSW : Prateek@1974
SENDER : info@msofficeskill.com
HOST : smtp.hostinger.com
PORT : 587
USER : support@ironpatches.net
PASSW : Undisputed$1
SENDER : support@ironpatches.net
HOST : smtp.office365.com
PORT : 587
USER : mbl@myanmar-brewery.com
PASS : P@ssw0rd2022@)@@
HOST : srvc204.trwww.com
PORT : 587
USER : send@yazicitoner.com.tr
PASSW : Send0034!
SENDER : send@yazicitoner.com.tr
HOST : smtp.hostinger.com
PORT : 587
USER : support@ironpatches.net
PASSW : Undisputed$1
SENDER : support@ironpatches.net
HOST : smtp.eu.mailgun.org
PORT : 587
USER : postmaster@account.billada.com
PASS : f792a046ee0b4ddd9312a7d2bbb8cef7-8845d1b1-dd279cee
HOST : premium157.web-hosting.com
PORT : 587
USER : noreply@bridgepro.ca
PASSW : qComPass@Romi7664
SENDER : unknown@unknown.com
HOST : mail.msofficeskill.com
PORT : 587
USER : info@msofficeskill.com
PASSW : Prateek@1974
SENDER : info@msofficeskill.com
HOST : smtp.hostinger.com
PORT : 587
USER : support@ironpatches.net
PASSW : Undisputed$1
SENDER : support@ironpatches.net
HOST : smtp.office365.com
PORT : 587
USER : mbl@myanmar-brewery.com
PASS : P@ssw0rd2022@)@@
HOST : srvc204.trwww.com
PORT : 587
USER : send@yazicitoner.com.tr
PASSW : Send0034!
SENDER : send@yazicitoner.com.tr
HOST : smtp.hostinger.com
PORT : 587
USER : support@ironpatches.net
PASSW : Undisputed$1
SENDER : support@ironpatches.net
❤1
Free WHM 🔟✔️
root;KdiKQWsb;https://149.210.171.79:2087 | Domains: 14
tegkocom;#))CW(TQntc5;https://tegko.com:2087 | Domains: 39
root;T7w7f8sS;https://server.nicer9.com:2087 | Domains: 56
root;G@briel8728;https://server.soybuho.net:2087 | Domains: 13
meghahos;6C5@[NuY9kTu9t;https://meghahost.com:2087 | Domains: 14
root;TrigonHost@12345A!;https://trigonhost.com:2087 | Domains: 28
inovaho1;Ajf@56290270;https://inovahosting.com.br:2087 | Domains: 10
starhost;LJ8fm[06tB1x*C;https://cloud.sabelhost.com:2087 | Domains: 8
bdsp;J4p)Z=k(={c&;https://103-159-36-18.cprapid.com:2087 | Domains: 29
root;oSDJ2pYiR2x1Pqcn;https://5124998.e-ducativo.org:2087 | Domains: 5
root;1q2w3e4r5t!Q"W£E$R%T;https://nagoya-mansion.com:2087 | Domains: 7
inovaho1;Ajf@56290270;https://svr.cluster03brasil.com:2087 | Domains: 10
root;HnGpQrwHBs42v2;https://157-90-214-118.cprapid.com:2087 | Domains: 6
root;tF1xO0cZ5pU0jA4w;https://212-68-45-35.cprapid.com:2087 | Domains: 3
pointmakinacom;H^YN23zbeXX?;https://cp15.servername.co:2087 | Domains: 8
inaciomecena;@Megatec2604;https://empreendedorweb.com.br:2087 | Domains: 8
root;x(G+D%k#bn0dEA)0Pt;https://ns3077008.ip-147-135-222.eu:2087 | Domains: 18
📣
root;KdiKQWsb;https://149.210.171.79:2087 | Domains: 14
tegkocom;#))CW(TQntc5;https://tegko.com:2087 | Domains: 39
root;T7w7f8sS;https://server.nicer9.com:2087 | Domains: 56
root;G@briel8728;https://server.soybuho.net:2087 | Domains: 13
meghahos;6C5@[NuY9kTu9t;https://meghahost.com:2087 | Domains: 14
root;TrigonHost@12345A!;https://trigonhost.com:2087 | Domains: 28
inovaho1;Ajf@56290270;https://inovahosting.com.br:2087 | Domains: 10
starhost;LJ8fm[06tB1x*C;https://cloud.sabelhost.com:2087 | Domains: 8
bdsp;J4p)Z=k(={c&;https://103-159-36-18.cprapid.com:2087 | Domains: 29
root;oSDJ2pYiR2x1Pqcn;https://5124998.e-ducativo.org:2087 | Domains: 5
root;1q2w3e4r5t!Q"W£E$R%T;https://nagoya-mansion.com:2087 | Domains: 7
inovaho1;Ajf@56290270;https://svr.cluster03brasil.com:2087 | Domains: 10
root;HnGpQrwHBs42v2;https://157-90-214-118.cprapid.com:2087 | Domains: 6
root;tF1xO0cZ5pU0jA4w;https://212-68-45-35.cprapid.com:2087 | Domains: 3
pointmakinacom;H^YN23zbeXX?;https://cp15.servername.co:2087 | Domains: 8
inaciomecena;@Megatec2604;https://empreendedorweb.com.br:2087 | Domains: 8
root;x(G+D%k#bn0dEA)0Pt;https://ns3077008.ip-147-135-222.eu:2087 | Domains: 18
📣
Россияне в третьем квартале текущего года вывели в другие страны рекордные 1,47 трлн рублей. Это почти в три раза больше, чем в первом и втором кварталах, и в 26 раз больше, чем в третьем квартале 2021 года.
Translation: ru-en
In the third quarter of this year, the Russians withdrew a record 1.47 trillion rubles to other countries. This is almost three times more than in the first and second quarters, and 26 times more than in the third quarter of 2021.
Translation: ru-en
In the third quarter of this year, the Russians withdrew a record 1.47 trillion rubles to other countries. This is almost three times more than in the first and second quarters, and 26 times more than in the third quarter of 2021.
Forwarded from Cyber security intelligent program
This media is not supported in your browser
VIEW IN TELEGRAM
❤1
#Cloud_Security
1. Parsing and manipulating JSON in Powershell
https://isc.sans.edu/diary/29380
2. Passwordless Persistence and Privilege Escalation in Azure
https://posts.specterops.io/passwordless-persistence-and-privilege-escalation-in-azure-98a01310be3f
1. Parsing and manipulating JSON in Powershell
https://isc.sans.edu/diary/29380
2. Passwordless Persistence and Privilege Escalation in Azure
https://posts.specterops.io/passwordless-persistence-and-privilege-escalation-in-azure-98a01310be3f
SANS Internet Storm Center
Playing with Powershell and JSON (and Amazon and Firewalls)
Playing with Powershell and JSON (and Amazon and Firewalls), Author: Rob VandenBrink
#exploit
1. Syncovery For Linux Web-GUI - Authenticated RCE
https://packetstormsecurity.com/files/170245/Syncovery-For-Linux-Web-GUI-Authenticated-Remote-Command-Execution.html
2. CVE-2022-47949:
ENLBufferPwn: Critical RCE flaw affects multiple Nintendo games
https://github.com/PabloMK7/ENLBufferPwn
1. Syncovery For Linux Web-GUI - Authenticated RCE
https://packetstormsecurity.com/files/170245/Syncovery-For-Linux-Web-GUI-Authenticated-Remote-Command-Execution.html
2. CVE-2022-47949:
ENLBufferPwn: Critical RCE flaw affects multiple Nintendo games
https://github.com/PabloMK7/ENLBufferPwn
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
#Malware_analysis
1. Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/malicious-macros-adapt-to-use-microsoft-publisher-to-push-ekipa-rat
2. WinAPI, and "Cheap" Malware Analysis Using AI
Part 1: https://medium.com/@perliftach/winapi-and-cheap-malware-analysis-using-ai-part-1-69e4a8fc8328
Part 2: https://medium.com/@perliftach/winapi-and-cheap-malware-analysis-using-ai-part-2-485c9104f5b6
1. Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/malicious-macros-adapt-to-use-microsoft-publisher-to-push-ekipa-rat
2. WinAPI, and "Cheap" Malware Analysis Using AI
Part 1: https://medium.com/@perliftach/winapi-and-cheap-malware-analysis-using-ai-part-1-69e4a8fc8328
Part 2: https://medium.com/@perliftach/winapi-and-cheap-malware-analysis-using-ai-part-2-485c9104f5b6
#Threat_Research
Supply-Chain Security:
Evaluation of Threats and Mitigations
https://engineering.mercari.com/en/blog/entry/20221215-supplychain-security-reevaluation
Supply-Chain Security:
Evaluation of Threats and Mitigations
https://engineering.mercari.com/en/blog/entry/20221215-supplychain-security-reevaluation
#Offensive_security
1. Spice up your persistence: loading PHP extensions from memory
https://adepts.of0x.cc/dlopen-from-memory-php
2. Unholy Unhooking
byoDLL: https://steve-s.gitbook.io/0xtriboulet/unholy-unhooking/unholy-unhooking-byodll
FrByoDLL: https://steve-s.gitbook.io/0xtriboulet/unholy-unhooking/unholy-unhooking-frbyodll
1. Spice up your persistence: loading PHP extensions from memory
https://adepts.of0x.cc/dlopen-from-memory-php
2. Unholy Unhooking
byoDLL: https://steve-s.gitbook.io/0xtriboulet/unholy-unhooking/unholy-unhooking-byodll
FrByoDLL: https://steve-s.gitbook.io/0xtriboulet/unholy-unhooking/unholy-unhooking-frbyodll
Spice up your persistence: loading PHP extensions from memory |
Spice up your persistence: loading PHP extensions from memory | AdeptsOf0xCC
Load shared object (PHP extension) from memory
#Tech_book
#Hardware_Security
"A Noob's Guide To ARM Exploitation", 2022.
https://ad2001.gitbook.io/a-noobs-guide-to-arm-exploitation
#Hardware_Security
"A Noob's Guide To ARM Exploitation", 2022.
https://ad2001.gitbook.io/a-noobs-guide-to-arm-exploitation
ad2001.gitbook.io
About the book | A Noob's Guide To ARM Exploitation
#Malware_analysis
1. GuLoader Malware Uses Advanced Anti-Analysis Techniques to Evade Detection
https://gbhackers.com/guloader-malware-advanced-anti-analysis
2. CatB Ransomware
https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection
1. GuLoader Malware Uses Advanced Anti-Analysis Techniques to Evade Detection
https://gbhackers.com/guloader-malware-advanced-anti-analysis
2. CatB Ransomware
https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
GuLoader Malware Uses Advanced Anti-Analysis Techniques to Evade Detection
An advanced malware downloader named GuLoader has recently been exposed by cybersecurity researchers at CrowdStrike. This advanced downloader has the capability to evade the detection of security software by adopting a variety of techniques.
#Threat_Research
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
https://thehackernews.com/2022/12/apt-hackers-turn-to-malicious-excel-add.html
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
https://thehackernews.com/2022/12/apt-hackers-turn-to-malicious-excel-add.html
#reversing
1. Reverse Engineering Rustlang Binaries - A Series
https://brightprogrammer.netlify.app/post/reverse-engineering-rustlang-binaries-0x1-empty-program
2. Huawei's Security Hypervisor
https://blog.impalabs.com/2212_huawei-security-hypervisor.html
1. Reverse Engineering Rustlang Binaries - A Series
https://brightprogrammer.netlify.app/post/reverse-engineering-rustlang-binaries-0x1-empty-program
2. Huawei's Security Hypervisor
https://blog.impalabs.com/2212_huawei-security-hypervisor.html
BrightProgrammer
Reverse Engineering Rustlang Binaries - A Series | BrightProgrammer
I’ve been struggling with reverse engineering rustlang binaries for a while in CTF challenges. So I’m starting a reverse engineering series where I reverse engineer several rustlang binariesa and try to understand how they actually work.
#Offensive_security
1. Custom Implicit & Explicit Conversions in C#
https://offensivedefence.co.uk/posts/implicit-explicit-conversions
2. .NET Process injection in a new process with QueueUserAPC using D/invoke
https://gist.github.com/tothi/9cdd2be3b49cb42723726fd75df96471
3. Deceiving Defender: The Big Stack Bypass
https://steve-s.gitbook.io/0xtriboulet/deceiving-defender/deceiving-defender-the-big-stack-bypass
1. Custom Implicit & Explicit Conversions in C#
https://offensivedefence.co.uk/posts/implicit-explicit-conversions
2. .NET Process injection in a new process with QueueUserAPC using D/invoke
https://gist.github.com/tothi/9cdd2be3b49cb42723726fd75df96471
3. Deceiving Defender: The Big Stack Bypass
https://steve-s.gitbook.io/0xtriboulet/deceiving-defender/deceiving-defender-the-big-stack-bypass
offensivedefence.co.uk
Custom Implicit & Explicit Conversions in C#
Implicit and explicited operators are provided as a means of converting one datatype to another.
// this is an implicit conversion from an int to a double int i = 8; double d = i; // this is an explicit conversion from a double to an int double d = 8.8; int…
// this is an implicit conversion from an int to a double int i = 8; double d = i; // this is an explicit conversion from a double to an int double d = 8.8; int…
#hardening
Windows 10 Hardening (v.0.9.0) settings and configurations
https://github.com/0x6d69636b/windows_hardening
Windows 10 Hardening (v.0.9.0) settings and configurations
https://github.com/0x6d69636b/windows_hardening
GitHub
GitHub - 0x6d69636b/windows_hardening: HardeningKitty and Windows Hardening Settings
HardeningKitty and Windows Hardening Settings. Contribute to 0x6d69636b/windows_hardening development by creating an account on GitHub.