M00nD3v, HawkEye threat actor, sells malware after COVID-19 diagnosis
https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/covid-19-cybercrime-m00nd3v-hawkeye-malware-threat-actor/
โน๏ธ Sent from one of our members
๐@malwr
https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/covid-19-cybercrime-m00nd3v-hawkeye-malware-threat-actor/
โน๏ธ Sent from one of our members
๐@malwr
Blueliv
M00nD3v, HawkEye threat actor, sells malware after COVID-19 diagnosis
Key Points The information-stealing malware dubbed M00nD3v Logger was recently auctioned off on Hack Forums, together with HakwEye Reborn. The threat actor โ operating under the alias โM00nD3vโ โ states that they sold the malware in response to being diagnosedโฆ
CVE-2020-2021: Palo Alto Networks PAN-OS Vulnerable to Critical Authentication Bypass Vulnerability
๐ฃLowEnergyUsername
๐@malwr
๐ฃLowEnergyUsername
๐@malwr
Tenableยฎ
CVE-2020-2021: Palo Alto Networks PAN-OS Vulnerable to Critical Authentication Bypass Vulnerability
Critical authentication bypass vulnerability in PAN-OS devices could be exploited in certain configurations, which are commonly recommended by identity providers. Update July 2, 2020: The Recommended Configuration and Solution sections were updated to reflectโฆ
HID Attack using 1.5$ Arduino Rubber Ducky-ish
๐ฃjithins1610
A lot of people donโt trust these cause the price but theyโre a charm and so. Much. God. Damn. Fun.
๐คmaximus1218
Pro tip though, get several Digisparks. Thereโs probably a 20% chance they wonโt work
๐คmcbergstedt
The dollar sign goes first
๐คLegitimateCrepe
๐@malwr
๐ฃjithins1610
A lot of people donโt trust these cause the price but theyโre a charm and so. Much. God. Damn. Fun.
๐คmaximus1218
Pro tip though, get several Digisparks. Thereโs probably a 20% chance they wonโt work
๐คmcbergstedt
The dollar sign goes first
๐คLegitimateCrepe
๐@malwr
YouTube
Digispark Rubber Ducky | Arduino Rubber Ducky | HID Attack-Digispark USB Keyboard
Arduino Rubber Ducky using Digispark | Digispark HID Keyboard | HID Attack on a PC - In this video, I will show you how to hack a computer using Arduino HID ...
10 Years of Linux Security - A Report Card
๐ฃcitypw
Keep in mind that grsecurity's business model relies on painting Linux, and in particular Linux security, in a negative light.
I'm not saying that makes any of this information invalid by itself, but it's worth considering the source.
๐คawkisopen
I see words in that PDF but barely understand anything it's saying. Context is key.
This was clearly written by an engineer who had no idea whether or not the audience would understand the presentation.
๐คToasterToasts
Well, that could have benefited from some explanation of acronyms.
Most of the recommendations seemed to be process or attitude things. How about recommending some simplification, throwing away old code even if it still mostly works ? I'm mostly talking about user-space code. Could we get rid of the init structure and commit to systemd ? Get rid of some old encryption and hashing and VPN modules, force people onto the new stuff ? Have DNS specified in 1 place instead of 5 ?
๐คbilldietrich1
๐@malwr
๐ฃcitypw
Keep in mind that grsecurity's business model relies on painting Linux, and in particular Linux security, in a negative light.
I'm not saying that makes any of this information invalid by itself, but it's worth considering the source.
๐คawkisopen
I see words in that PDF but barely understand anything it's saying. Context is key.
This was clearly written by an engineer who had no idea whether or not the audience would understand the presentation.
๐คToasterToasts
Well, that could have benefited from some explanation of acronyms.
Most of the recommendations seemed to be process or attitude things. How about recommending some simplification, throwing away old code even if it still mostly works ? I'm mostly talking about user-space code. Could we get rid of the init structure and commit to systemd ? Get rid of some old encryption and hashing and VPN modules, force people onto the new stuff ? Have DNS specified in 1 place instead of 5 ?
๐คbilldietrich1
๐@malwr
ARMRef (ARMv8.5 assembly reference app)
๐ฃ_evilpenguin
Sadly no Android support
๐คKrieghofGames
๐@malwr
๐ฃ_evilpenguin
Sadly no Android support
๐คKrieghofGames
๐@malwr
GitHub
GitHub - evilpenguin/ARMRef: ARM Assembly Reference Manual for iOS, iPadOS, and macOS.
ARM Assembly Reference Manual for iOS, iPadOS, and macOS. - GitHub - evilpenguin/ARMRef: ARM Assembly Reference Manual for iOS, iPadOS, and macOS.
The analyzer automates the process of exploring EFI files. After the analysis, well-known protocols, interrupts, etc. are found.
https://github.com/DSecurity/efiSeek
๐@malwr
https://github.com/DSecurity/efiSeek
๐@malwr
GitHub
GitHub - DSecurity/efiSeek: Ghidra analyzer for UEFI firmware.
Ghidra analyzer for UEFI firmware. Contribute to DSecurity/efiSeek development by creating an account on GitHub.
A buggy behavior located into CreateFile allows to hide malware from users and AV scanners. Microsoft will not fix it:
https://github.com/dalvarezperez/CreateFile_based_rootkit
#CreateFile #malware #rootkit #antivirus
โน๏ธ Sent from one of our members
๐@malwr
https://github.com/dalvarezperez/CreateFile_based_rootkit
#CreateFile #malware #rootkit #antivirus
โน๏ธ Sent from one of our members
๐@malwr
GitHub
GitHub - dalvarezperez/CreateFile_based_rootkit
Contribute to dalvarezperez/CreateFile_based_rootkit development by creating an account on GitHub.