Understand your attack surface: A batch file which lists which program will load which extension when you double click in Windows - output is CSV format
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
Gist
Show which program will load which extension when you double click in CSV format
Show which program will load which extension when you double click in CSV format - WindowsExtensionMapCSV.bat
Tool - YARA v4.0.2 released
https://github.com/VirusTotal/yara/releases
BUGFIX: Use-after-free bug in PE module (#1287).
BUGFIX: Incorrect errors in rules when a single rule is badly formatted (#1294).
BUGFIX: Assertion failed with rules that have invalid syntax (#1295).
BUGFIX: Integer overflow causing missed matches on files larger than 2GB (#1304).
BUGFIX: Crashes in Mac OS while scanning binaries with a signature that can't be verified (#1309).
๐ฃdigicat
๐@malwr
https://github.com/VirusTotal/yara/releases
BUGFIX: Use-after-free bug in PE module (#1287).
BUGFIX: Incorrect errors in rules when a single rule is badly formatted (#1294).
BUGFIX: Assertion failed with rules that have invalid syntax (#1295).
BUGFIX: Integer overflow causing missed matches on files larger than 2GB (#1304).
BUGFIX: Crashes in Mac OS while scanning binaries with a signature that can't be verified (#1309).
๐ฃdigicat
๐@malwr
GitHub
Releases ยท VirusTotal/yara
The pattern matching swiss knife. Contribute to VirusTotal/yara development by creating an account on GitHub.
List of IP ranges owned by AWS, Google, OVH, Microsoft, and much more. For security researchers, easier mass web scanning - Created by Pyr0cc
๐ฃZeusRoot
Here's another useful set of scripts and data:
https://github.com/dpsystems/login-shield
This is an IP-based blacklist of known IP space of both rogue ISPs, foreign countries and VPN space that is used with iptables to block any login ports on your computer. We're using it on a few servers and it's blocked 99% of the unauthorized logins.
๐คmabu
This list is also very convenient for phishing website hosting :D
๐คHellcleaver
Microsoft publishes theirs because azure is all dynamic public IPโs for their PaaS services so without knowing Microsoftโs Ip blocks you have to make wide open firewall rules.
Now you only have to leave your PaaS open to all of Microsoft and their customer base.
Super secure.
๐คResidentKernel
๐@malwr
๐ฃZeusRoot
Here's another useful set of scripts and data:
https://github.com/dpsystems/login-shield
This is an IP-based blacklist of known IP space of both rogue ISPs, foreign countries and VPN space that is used with iptables to block any login ports on your computer. We're using it on a few servers and it's blocked 99% of the unauthorized logins.
๐คmabu
This list is also very convenient for phishing website hosting :D
๐คHellcleaver
Microsoft publishes theirs because azure is all dynamic public IPโs for their PaaS services so without knowing Microsoftโs Ip blocks you have to make wide open firewall rules.
Now you only have to leave your PaaS open to all of Microsoft and their customer base.
Super secure.
๐คResidentKernel
๐@malwr
The x86 Advanced Matrix Extension (AMX) Brings Matrix Operations
๐ฃmttd
Is it subject to branching? I'm thinking no, but hoping somebody who has read the reference manual might know.
๐คmasta
๐@malwr
๐ฃmttd
Is it subject to branching? I'm thinking no, but hoping somebody who has read the reference manual might know.
๐คmasta
๐@malwr
WikiChip Fuse
The x86 Advanced Matrix Extension (AMX) Brings Matrix Operations; To Debut with Sapphire Rapids
Intel publishes details of its upcoming Advanced Matrix Extension (AMX), an x86 extension set to debut with Sapphire Rapids that introduces a new matrix register file and accompanying matrix operations.
Frida 12.10 is out with HotSpot JVM support, Stalker ARM improvements, and more
๐ฃoleavr
Thanks for your work on this project, oleavr. Nice contrib,0xraaz.
๐คtruelai
This is great news. Thank you oleavr.
๐คjmp_jsp
๐@malwr
๐ฃoleavr
Thanks for your work on this project, oleavr. Nice contrib,0xraaz.
๐คtruelai
This is great news. Thank you oleavr.
๐คjmp_jsp
๐@malwr
Frida โข A world-class dynamic instrumentation toolkit
Frida 12.10 Released
Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX
M00nD3v, HawkEye threat actor, sells malware after COVID-19 diagnosis
https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/covid-19-cybercrime-m00nd3v-hawkeye-malware-threat-actor/
โน๏ธ Sent from one of our members
๐@malwr
https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/covid-19-cybercrime-m00nd3v-hawkeye-malware-threat-actor/
โน๏ธ Sent from one of our members
๐@malwr
Blueliv
M00nD3v, HawkEye threat actor, sells malware after COVID-19 diagnosis
Key Points The information-stealing malware dubbed M00nD3v Logger was recently auctioned off on Hack Forums, together with HakwEye Reborn. The threat actor โ operating under the alias โM00nD3vโ โ states that they sold the malware in response to being diagnosedโฆ
CVE-2020-2021: Palo Alto Networks PAN-OS Vulnerable to Critical Authentication Bypass Vulnerability
๐ฃLowEnergyUsername
๐@malwr
๐ฃLowEnergyUsername
๐@malwr
Tenableยฎ
CVE-2020-2021: Palo Alto Networks PAN-OS Vulnerable to Critical Authentication Bypass Vulnerability
Critical authentication bypass vulnerability in PAN-OS devices could be exploited in certain configurations, which are commonly recommended by identity providers. Update July 2, 2020: The Recommended Configuration and Solution sections were updated to reflectโฆ
HID Attack using 1.5$ Arduino Rubber Ducky-ish
๐ฃjithins1610
A lot of people donโt trust these cause the price but theyโre a charm and so. Much. God. Damn. Fun.
๐คmaximus1218
Pro tip though, get several Digisparks. Thereโs probably a 20% chance they wonโt work
๐คmcbergstedt
The dollar sign goes first
๐คLegitimateCrepe
๐@malwr
๐ฃjithins1610
A lot of people donโt trust these cause the price but theyโre a charm and so. Much. God. Damn. Fun.
๐คmaximus1218
Pro tip though, get several Digisparks. Thereโs probably a 20% chance they wonโt work
๐คmcbergstedt
The dollar sign goes first
๐คLegitimateCrepe
๐@malwr
YouTube
Digispark Rubber Ducky | Arduino Rubber Ducky | HID Attack-Digispark USB Keyboard
Arduino Rubber Ducky using Digispark | Digispark HID Keyboard | HID Attack on a PC - In this video, I will show you how to hack a computer using Arduino HID ...