DARPA - Operationally Transparent Cyber (OpTC) Data Release - multi-day dataset that includes endpoint activity (including benign activity generation) from ~500 endpoints as well as Zeekurity data from the enterprise egress point.
π£digicat
π@malwr
π£digicat
π@malwr
GitHub
GitHub - FiveDirections/OpTC-data
Contribute to FiveDirections/OpTC-data development by creating an account on GitHub.
KAPE - A Beginner's Guide
π£deltawing
Best viewed not on mobile due to size of visual aids.
π€deltawing
π@malwr
π£deltawing
Best viewed not on mobile due to size of visual aids.
π€deltawing
π@malwr
AboutDFIR - The Definitive Compendium Project
KAPE - AboutDFIR - The Definitive Compendium Project
A detailed guide on how to use KAPE geared towards first-timers and visual learners.
Rom Hacking tool for Gameboy Advance game + detailed manual about how it was developed + talks
π£bmacabeus
Awesome stuff, man.
π€Streiw
π@malwr
π£bmacabeus
Awesome stuff, man.
π€Streiw
π@malwr
GitHub
GitHub - macabeus/klo-gba.js: π§’ Reverse engineering tool for the Klonoa's GBA game
π§’ Reverse engineering tool for the Klonoa's GBA game - macabeus/klo-gba.js
Bypassing Symantec Endpoint Protection for Fun & Profit!
π£input0
This is fun, but missing some details.
1. Version of Symantec Endpoint Protection tested is not listed. SEP14.3 came out a couple weeks ago and adds new capabilities including AMSI (finally).
1. Test was conducted on Windows 2012R2. Yes, Windows 2012R2 is still widespread in production and under support, however Windows 10/2016 have enhancements that make dumping credentials much more difficult (LSAS virtualization in Virtualization Bases Security).
Without this information, this blog really is "I walked through an intentionally vulnerable pen testing lab scenario", vs. "here is a demonstration that you should do something and actionable guidance on what you should do". (IE, you should upgrade your fleet to 2016/10, etc).
π€R-EDDIT
π@malwr
π£input0
This is fun, but missing some details.
1. Version of Symantec Endpoint Protection tested is not listed. SEP14.3 came out a couple weeks ago and adds new capabilities including AMSI (finally).
1. Test was conducted on Windows 2012R2. Yes, Windows 2012R2 is still widespread in production and under support, however Windows 10/2016 have enhancements that make dumping credentials much more difficult (LSAS virtualization in Virtualization Bases Security).
Without this information, this blog really is "I walked through an intentionally vulnerable pen testing lab scenario", vs. "here is a demonstration that you should do something and actionable guidance on what you should do". (IE, you should upgrade your fleet to 2016/10, etc).
π€R-EDDIT
π@malwr
Was a USB drive inserted into my Windows computer? - Boncaldoβs Forensics Blog
π£LordUlthar
π@malwr
π£LordUlthar
π@malwr
Boncaldo's Forensics Blog
DFS# 03: Was a USB drive inserted into my Windows computer?
Can you tell if a USB storage drive was plugged into a specific computer? Data exfiltration βand introductionβ through USB storage devices can be a plausible concern in an overabundanceβ¦
checkra1n, USB Restrictions and Breaking Into Locked iPhones - Elcomsoft Blog
π£LordUlthar
π@malwr
π£LordUlthar
π@malwr
ElcomSoft blog
checkra1n, USB Restrictions and Breaking Into Locked iPhones
The checkra1n jailbreak is fantastic. Not only does it work with the latest versions of iOS the other jailbreaks aren't even available for, but it also allows performing partial data extraction from disabled and locked iPhones even if the passcode is notβ¦
House of Io β Bypassing Safe-Linking and attacking Glibc's tcache
π£eyalitki
Very interesting! I remember noticing the same thing about the first chunk but didnβt think much about. Good work getting a new exploit type out of the mitigationβs.
π€mdulin2
In a classic "Thank you /r/netsec" /u/awarau888 and I were able to develop their initial attack variant that was posted here a few days ago, into a working bypass.
π€eyalitki
π@malwr
π£eyalitki
Very interesting! I remember noticing the same thing about the first chunk but didnβt think much about. Good work getting a new exploit type out of the mitigationβs.
π€mdulin2
In a classic "Thank you /r/netsec" /u/awarau888 and I were able to develop their initial attack variant that was posted here a few days ago, into a working bypass.
π€eyalitki
π@malwr
awarau
House of Io β Remastered
A few days ago, I (Awarau) published a blog post (link) with my analysis of the new heap mitigation, Safe-Linking, that will be introduced in GLibc 2.32. The blog post describes the mechanism, alonβ¦