vx:
BreachForum has been seized again.

The current display page states the forum is now in control of the United States Federal Bureau of Investigation and is being reviewed.

It also displays a photo of the current administrators Telegram profile pictures, but behind bars.

The 471 cti report 2024

کتاب: تیم قرمز حرفه‌ای 📕

فصل پنجم: قوانین تعامل

فهرست مطالب
انواع فعالیت‌ها 81
فیزیکی 82
مهندسی اجتماعی 84
شبکه خارجی 86
شبکه داخلی 87
حرکت در شبکه 88
شبکه بی‌سیم 90
دسته بندی 91
تقویت نیرو 92
مدیریت حادثه 92
ابزارها 93
الزامات مجوز 94
اطلاعات پرسنل 95
خلاصه فصل پنجم 95

Global Threat Report 2024 CROWDSTRIKE

2024 Cyber Threat Report Huntress

⚠️⚠️ CVE-2024-6387: Critical OpenSSH Unauthenticated RCE Flaw ‘regreSSHion’ Exposes Millions of Linux Systems
https://en.fofa.info/result?qbase64=YXBwPSJPcGVuU1NIIg%3D%3D
poc:https://github.com/zgzhang/cve-2024-6387-poc

وضعیت ایران 🤔🤷‍♂️

9.4 GB Twitter Data Leaked – Over 200 Million Records Exposed Online 🤔
https://cyberpress.org/9-4gb-twitter-data-leaked-online/?amp=1

⚠️⚠️The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1 and 8.8p1 shipped with Red Hat Enterprise Linux 9.
https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html?m=1

The CVE-2024-26229 vulnerability in the Windows CSC Service is being exploited with proof-of-concept (PoC) exploit code available on GitHub. This high-severity vulnerability could allow attackers to gain SYSTEM privileges on a Windows system, posing a significant risk. This type of elevation of privilege flaw can lead to severe security breaches, and there is potential for it to be used by threat actors, although it is not specified if ransomware groups are involved. It is crucial for users to apply the patch released by Microsoft to mitigate the risk of exploitation.
https://securityvulnerability.io/vulnerability/CVE-2024-26229

Process injection alternative
https://github.com/CICADA8-Research/IHxExec
https://cicada-8.medium.com/process-injection-is-dead-long-live-ihxhelppaneserver-af8f20431b5d

FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks
https://www.sentinelone.com/labs/fin7-reboot-cybercrime-gang-enhances-ops-with-new-edr-bypasses-and-automated-attacks/

the Antivirus Event Analysis Cheat Sheet to version 1.13.0
- new shellcode detections added
- more extensions: .VBE, .MSC, .XLL, .WLL
https://www.nextron-systems.com/2024/07/17/antivirus-event-analysis-cheat-sheet-v1-13-0/

کتاب: تیم قرمز حرفه‌ای 📕

فصل ششم: اجرای ارزیابی

فهرست مطالب فصل ششم
انتخاب کارمندان 97
هکر حرفه‌ای 98
روال مطلوب 98
بررسی ROE 98
اطلاع‌رسانی درباره فعالیت‌ها 99
شگردهای عملیاتی 100
یادداشت‌های عملیاتی 103
سرشماری و بهره برداری 104
آگاهی پس از دسترسی 106
دستکاری سیستم 109
رهاسازی هدف 110
نمونه‌هایی از یادداشت‌های عملیاتی 111

Preliminary Post Incident Review (PIR): Content Configuration Update Impacting the Falcon Sensor and the Windows Operating System (BSOD):
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/