SoheilSec
NSA Funds Development , Release of D3FEND https://www.nsa.gov/news-features/press-room/Article/2665993/nsa-funds-development-release-of-d3fend/ 🌐 Peneter BLog 🔊 Clubhouse 🔊 Telegram Channel
Playing with MITRE for SIEM Detection Rules
https://www.linkedin.com/feed/update/urn%3Ali%3Aactivity%3A6812838798569959424/
#blueteam
$SIEM
#mitre
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://www.linkedin.com/feed/update/urn%3Ali%3Aactivity%3A6812838798569959424/
#blueteam
$SIEM
#mitre
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
Linkedin
Archan Choudhury on LinkedIn: #blackperl #usecases #mitreattack | 61 comments
⏳ Playing with MITRE for SIEM Detection Rules ⏳
I often get the question how to use MITRE to build the SIEM Detection Rules and all theory lectures are... 61 comments on LinkedIn
I often get the question how to use MITRE to build the SIEM Detection Rules and all theory lectures are... 61 comments on LinkedIn
Ghidra 10 final was just released :)
https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_10.0_build
آشنایی با ghidra از زبان توسعه دهندگان آن ها و چیشد که این ابزار NSA را عمومی کردند ! و توضیح در مورد اینکه شیوه نگرش NSA نسبت به عمومی کردن ابزارهای دیگه به چه صورت هست در کنفرانس #blackhat
https://www.youtube.com/watch?v=kx2xp7IQNSc
منابع آموزشی کار با
https://github.com/NationalSecurityAgency/ghidra/wiki/Frequently-asked-questionsghidra
https://www.shogunlab.com/blog/2019/04/12/here-be-dragons-ghidra-0.html
آنالیز Firmware کار تو حوزه Embedded devices
https://chdk.fandom.com/wiki/Firmware_analysis_with_Ghidra
https://github.com/ghidraninja
مثال های زیادی در مورد آنالیز ransomware ها استریم کرده
https://www.youtube.com/channel/UC3S8vxwRfqLBdIhgRlDRVzw
https://www.youtube.com/watch?v=d4Pgi5XML8E
https://www.youtube.com/watch?v=tH9A2zVIzKI
#ghidra #reverseengineering
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_10.0_build
آشنایی با ghidra از زبان توسعه دهندگان آن ها و چیشد که این ابزار NSA را عمومی کردند ! و توضیح در مورد اینکه شیوه نگرش NSA نسبت به عمومی کردن ابزارهای دیگه به چه صورت هست در کنفرانس #blackhat
https://www.youtube.com/watch?v=kx2xp7IQNSc
منابع آموزشی کار با
https://github.com/NationalSecurityAgency/ghidra/wiki/Frequently-asked-questionsghidra
https://www.shogunlab.com/blog/2019/04/12/here-be-dragons-ghidra-0.html
آنالیز Firmware کار تو حوزه Embedded devices
https://chdk.fandom.com/wiki/Firmware_analysis_with_Ghidra
https://github.com/ghidraninja
مثال های زیادی در مورد آنالیز ransomware ها استریم کرده
https://www.youtube.com/channel/UC3S8vxwRfqLBdIhgRlDRVzw
https://www.youtube.com/watch?v=d4Pgi5XML8E
https://www.youtube.com/watch?v=tH9A2zVIzKI
#ghidra #reverseengineering
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
GitHub
Release Ghidra 10.0 · NationalSecurityAgency/ghidra
WARNING: Contains log4j vulnerability
What's New
Change History
SHA-256: aaf84d14fb059beda10de9056e013186601962b6f87cd31161aaac57698a0f11
What's New
Change History
SHA-256: aaf84d14fb059beda10de9056e013186601962b6f87cd31161aaac57698a0f11
Bypassing AppLocker Custom Rules
Applocker is becoming one of the most implemented security features in big organizations.
اپلاکر یکی از ابزارهای خوب مایکروسافت برای جلوگیری از نصب شدن و ران شدن ابزارهای مخرب (نفوذ) هست.
https://blog.pwn.al/security/applocker/bypass/custom/rules/windows/2018/09/13/applocker-custom-rules-bypass.html
#Applocker
#bypass
#bypassApplocker
#microsoftsecurity
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
Applocker is becoming one of the most implemented security features in big organizations.
اپلاکر یکی از ابزارهای خوب مایکروسافت برای جلوگیری از نصب شدن و ران شدن ابزارهای مخرب (نفوذ) هست.
https://blog.pwn.al/security/applocker/bypass/custom/rules/windows/2018/09/13/applocker-custom-rules-bypass.html
#Applocker
#bypass
#bypassApplocker
#microsoftsecurity
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
0x09AL Security blog
Bypassing AppLocker Custom Rules
Introduction Applocker is becoming one of the most implemented security features in big organizations. Implementing AppLocker reduces your risk dramatically especially for workstations. Unfortunately for the blue-team, there are a lot of custom configurations…
SoheilSec
استفاده از VPN خوب هست ولی باید توجه داشت در صورت آسیب پذیری روی VPN یا لو رفتن پسورد یک کاربر شبکه حتما به خطر میافته https://cyber.gc.ca/en/alerts/exploitation-fortinet-fortios-vulnerabilities-cisa-fbi https://thehackernews.com/2021/06/north-korea-exploited…
https://thehackernews.com/2021/06/watch-out-zyxel-firewalls-and-vpns.html
Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "small subset" of its security products such as firewall and VPN servers.
#Zyxel
#VPN
#attacksurface
#cybersecurity
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "small subset" of its security products such as firewall and VPN servers.
#Zyxel
#VPN
#attacksurface
#cybersecurity
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
استفاده از ماینرها دقیقا بعد از افشای سری اکسپلویت های #NSA توسط تیم #shadowbroker بود حالا اینکه این تیم جزوی از دولت چین هست و شواهد حاکی بر این بوده که قبل از افشا 1 سال قبلش از اکسپلویت ها روی یک سری تارگت کار میکردند نداریم.
https://gist.github.com/bontchev/e5d2e5090ebe1be89b4f821ebb1ad0f9
https://www.wired.com/story/china-nsa-hacking-tool-epme-hijack/
https://decoded.avast.io/martinchlumecky/dirtymoe-1/
https://thehackernews.com/2021/03/purple-fox-rootkit-can-now-spread.html
ولی جالبیش اینکه از سال 2016 که مصادف با افشای اطلاعات #edwardsnowden بوده هکر ها برای کسب در امد سرورهای اصطلاحا بی صاحب رو هک میکردند و روش ماینر نصب میکردند یک مدت هم ترند بود که اتوماینر میفروختند و تو همین ایران هم استفاده می شد #autominer
https://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers
ولی شیوه ای که تیم چینی استفاده کرده برای ماین کردن بیش از 2 میلیون دلار واقعا جذابه !
حالا اومدن چی کار کردن اومدن Windows Defender طراحی کردند جایگزین کردن به عنوان سرویس تو ویندوز جدا از خلاف بودن ذهن خلاقی دارند هکرهای چینی
https://www.pcrisk.com/removal-guides/15093-msascuil-exe-virus
علاوه بر ماین کردن در سرورها در سرتاسر دنیا اطلاعات بانکی پسوردها رو سرقت میکردند و اینطوری تعداد زیادی VPS برای ماین به دامنه کاریشون اضافه می شده.
https://thehackernews.com/2021/06/crackonosh-virus-mined-2-million-of.html
"Crackonosh shows the risks in downloading cracked software," Avast security researcher Daniel Beneš said. "As long as people continue to download cracked software, attacks like these will continue and continue to be profitable for attackers. The key take-away from this is that you really can't get something for nothing and when you try to steal software, odds are someone is trying to steal from you."
لطفا #splunk #kerio کرک شده نصب نکنید !
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://gist.github.com/bontchev/e5d2e5090ebe1be89b4f821ebb1ad0f9
https://www.wired.com/story/china-nsa-hacking-tool-epme-hijack/
https://decoded.avast.io/martinchlumecky/dirtymoe-1/
https://thehackernews.com/2021/03/purple-fox-rootkit-can-now-spread.html
ولی جالبیش اینکه از سال 2016 که مصادف با افشای اطلاعات #edwardsnowden بوده هکر ها برای کسب در امد سرورهای اصطلاحا بی صاحب رو هک میکردند و روش ماینر نصب میکردند یک مدت هم ترند بود که اتوماینر میفروختند و تو همین ایران هم استفاده می شد #autominer
https://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers
ولی شیوه ای که تیم چینی استفاده کرده برای ماین کردن بیش از 2 میلیون دلار واقعا جذابه !
حالا اومدن چی کار کردن اومدن Windows Defender طراحی کردند جایگزین کردن به عنوان سرویس تو ویندوز جدا از خلاف بودن ذهن خلاقی دارند هکرهای چینی
https://www.pcrisk.com/removal-guides/15093-msascuil-exe-virus
علاوه بر ماین کردن در سرورها در سرتاسر دنیا اطلاعات بانکی پسوردها رو سرقت میکردند و اینطوری تعداد زیادی VPS برای ماین به دامنه کاریشون اضافه می شده.
https://thehackernews.com/2021/06/crackonosh-virus-mined-2-million-of.html
"Crackonosh shows the risks in downloading cracked software," Avast security researcher Daniel Beneš said. "As long as people continue to download cracked software, attacks like these will continue and continue to be profitable for attackers. The key take-away from this is that you really can't get something for nothing and when you try to steal software, odds are someone is trying to steal from you."
لطفا #splunk #kerio کرک شده نصب نکنید !
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
Gist
Curated list of links describing the leaked Equation Group tools for Windows
Curated list of links describing the leaked Equation Group tools for Windows - EQgroup.md
With the shift in focus from CentOS project to CentOS Stream which will now serve as the upstream to RHEL, a few CentOS alternatives have been floated to replace CentOS 8.
EOL
https://wiki.centos.org/About/Product
گزینه های جایگزین
https://www.tecmint.com/migrate-from-centos-to-oracle-linux/
https://www.oracle.com/linux/technologies/oracle-linux-downloads.html
https://www.sonarqube.org/downloads/
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
EOL
https://wiki.centos.org/About/Product
گزینه های جایگزین
https://www.tecmint.com/migrate-from-centos-to-oracle-linux/
https://www.oracle.com/linux/technologies/oracle-linux-downloads.html
https://www.sonarqube.org/downloads/
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
کتاب هایی که دیشب در Clubhouse معرفی شده اند منابع بسیار خوبی هستند مخصوصا RTFM فقط کامندها و سوییچ های مورد نیاز در مراحل مختلف تست نفوذ به ریز گفته
#redTeam
#blueTeam
#RTFM
#BTFM
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
#redTeam
#blueTeam
#RTFM
#BTFM
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
Peneter.com
Penetration Tester
SoheilSec
Playing with MITRE for SIEM Detection Rules https://www.linkedin.com/feed/update/urn%3Ali%3Aactivity%3A6812838798569959424/ #blueteam $SIEM #mitre 🌐 Peneter BLog 🔊 Clubhouse 🔊 Telegram Channel
What is Detection-Rule-Dump ?l
https://github.com/archanchoudhury/Detection-Rule-Dump
https://www.youtube.com/c/BlackPerl
#DFIR
#SIEM
#SOC
https://github.com/archanchoudhury/Detection-Rule-Dump
https://www.youtube.com/c/BlackPerl
#DFIR
#SIEM
#SOC
GitHub
GitHub - archanchoudhury/Detection-Rule-Dump: This is the One Stop place where you can several Detection Rules which can help you…
This is the One Stop place where you can several Detection Rules which can help you to kick start your journey on SIEM, SOC work. - archanchoudhury/Detection-Rule-Dump
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-asaftd-xss-multiple-FCB3vPZe.html
https://www.tenable.com/blog/cve-2020-3580-proof-of-concept-published-for-cisco-asa-flaw-patched-in-october
https://www.tenable.com/blog/cve-2020-3580-proof-of-concept-published-for-cisco-asa-flaw-patched-in-october
Cisco
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities
Update June 28, 2021: Cisco has become aware that public exploit code exists for CVE-2020-3580, and this vulnerability is being actively exploited.
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software…
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software…
1)Microsoft on Friday said it's investigating an incident wherein a driver signed by the company turned out to be a malicious Windows rootkit that was observed communicating with command-and-control (C2) servers located in China.
https://thehackernews.com/2021/06/hackers-trick-microsoft-into-signing.html
https://www.virustotal.com/gui/file/63d61549030fcf46ff1dc138122580b4364f0fe99e6b068bc6a3d6903656aff0/detection
https://msrc-blog.microsoft.com/2021/06/25/investigating-and-mitigating-malicious-drivers/
2)Social Engineering with Spam result will be ransomware entire network
https://thehackernews.com/2021/06/dmarc-first-line-of-defense-against.html
مهندسی اجتماعی چیست و روش های آن :
https://blog.peneter.com/clubhouse-general-social-engineering-1/
https://blog.peneter.com/clubhouse-general-social-engineering-2-phishing/
https://blog.peneter.com/clubhouse-general-social-engineering-3-malware/
برای بررسی اینکه Domain در بلک لیست قرار دارد یا نه
https://powerdmarc.com/analyzer/
https://mxtoolbox.com/
3)SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers
APT های این چند وقت اخیر
It's tracked by the wider cybersecurity community under the monikers APT29, UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (Crowdstrike), Dark Halo (Volexity), and Iron Ritual (Secureworks).
https://thehackernews.com/2021/06/solarwinds-hackers-breach-microsoft.html
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
https://thehackernews.com/2021/06/hackers-trick-microsoft-into-signing.html
https://www.virustotal.com/gui/file/63d61549030fcf46ff1dc138122580b4364f0fe99e6b068bc6a3d6903656aff0/detection
https://msrc-blog.microsoft.com/2021/06/25/investigating-and-mitigating-malicious-drivers/
2)Social Engineering with Spam result will be ransomware entire network
https://thehackernews.com/2021/06/dmarc-first-line-of-defense-against.html
مهندسی اجتماعی چیست و روش های آن :
https://blog.peneter.com/clubhouse-general-social-engineering-1/
https://blog.peneter.com/clubhouse-general-social-engineering-2-phishing/
https://blog.peneter.com/clubhouse-general-social-engineering-3-malware/
برای بررسی اینکه Domain در بلک لیست قرار دارد یا نه
https://powerdmarc.com/analyzer/
https://mxtoolbox.com/
3)SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers
APT های این چند وقت اخیر
It's tracked by the wider cybersecurity community under the monikers APT29, UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (Crowdstrike), Dark Halo (Volexity), and Iron Ritual (Secureworks).
https://thehackernews.com/2021/06/solarwinds-hackers-breach-microsoft.html
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
The Hacker News
Hackers Trick Microsoft Into Signing Netfilter Driver Loaded With Rootkit Malware
Hackers tricked Microsoft into digitally signing a malicious "Netfilter" driver linked to a Windows rootkit malware.
universal cross-site scripting (UXSS) issue that's triggered when automatically translating web pages using the browser's built-in feature via Microsoft Translator.
اگر از Edge استفاده میکنید حتما اپدیتش کنید چون خیلی ها کار صرافی می کنند با VPS از Edge استفاده می کنند !
روش آپدیت
edge://settings/help
رو تو آدرس بار بزنید آخرین ورژن نبود بزنین آپدیت بشه
https://thehackernews.com/2021/06/microsoft-edge-bug-couldve-let-hackers.html
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
اگر از Edge استفاده میکنید حتما اپدیتش کنید چون خیلی ها کار صرافی می کنند با VPS از Edge استفاده می کنند !
روش آپدیت
edge://settings/help
رو تو آدرس بار بزنید آخرین ورژن نبود بزنین آپدیت بشه
https://thehackernews.com/2021/06/microsoft-edge-bug-couldve-let-hackers.html
🌐 Peneter BLog
🔊 Clubhouse
🔊 Telegram Channel
The Hacker News
Microsoft Edge Bug Could've Let Hackers Steal Your Secrets for Any Site
Hackers could have stolen your secrets for any site through a Microsoft Edge bug
SoheilSec
Pentest Steps.xmind
نسخه فارسی Penetration Testing Mind
Credit : Hamid Kashfi
Credit : Hamid Kashfi
My old Template 2016 (information Gathering).xmind
4.4 MB
Information Gathering Xmind
Credit : Soheil Hashemi
Good for Penetration Testing Report
Credit : Soheil Hashemi
Good for Penetration Testing Report
project-Vul Assessment mind-94.0.0.xmind
4.1 MB
Vulnerability Assessments Part
Credit : soheil Hashemi
Credit : soheil Hashemi
Data for 700M #LinkedIn Users Posted for Sale in #Raidforums
https://threatpost.com/data-700m-linkedin-users-cyber-underground/167362/?utm_source=dlvr.it&utm_medium=linkedin
https://raidforums.com/Thread-SELLING-New-Linkedin-2021-700Million-records?highlight=linkedin
https://threatpost.com/data-700m-linkedin-users-cyber-underground/167362/?utm_source=dlvr.it&utm_medium=linkedin
https://raidforums.com/Thread-SELLING-New-Linkedin-2021-700Million-records?highlight=linkedin
Threat Post
Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground
After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it's happened again - with big security ramifications.
Disclosure of a bug in Adobe’s content-management solution – used by Mastercard, LinkedIn and PlayStation – were released.
https://threatpost.com/rce-bug-in-adobe-revealed/167382/
#adobe
#0day
https://threatpost.com/rce-bug-in-adobe-revealed/167382/
#adobe
#0day
Threat Post
Details of RCE Bug in Adobe Experience Manager Revealed
Disclosure of a bug in Adobe’s content-management solution - used by Mastercard, LinkedIn and PlayStation – were released.