Blue Team Lab guide 7 - End Devices
Hello everyone, after a small break I wrote another article in my series for Blue Team Home Lab, this time the focus was on end devices, that represent the corporate devices. Hope you'll like it. :)
https://facyber.me/posts/blue-team-lab-guide-part-7/
๐ฃfacyber
๐@malwr
Hello everyone, after a small break I wrote another article in my series for Blue Team Home Lab, this time the focus was on end devices, that represent the corporate devices. Hope you'll like it. :)
https://facyber.me/posts/blue-team-lab-guide-part-7/
๐ฃfacyber
๐@malwr
facyber
Building Blue Team Home Lab Part 7 - Corporate LAN (End Devices)
After a while, I returned with a new tutorial, a continuation of my Blue Team Home Lab series, and this time itโs about adding the end devices to our lab. For this part, we are going to use Windows 7 and Windows 10 evaluation images, which can be downloadedโฆ
NETSCOUT DDoS Threat Intelligence Report: ISSUE 9: FINDINGS FROM 1ST HALF 2022
๐ฃjnazario
๐@malwr
๐ฃjnazario
๐@malwr
Latest Cyber Threat Intelligence Report
NETSCOUT Threat Intelligence Report
NETSCOUTโs latest DDoS Cyber Threat Intelligence Report showcases the latest trends in cyber attacks. Learn more from our latest cyber threat intelligence report.
monomorph: MD5-Monomorphic Shellcode Packer - Pack arbitrary shellcode into an executable that always has the same MD5 hash
๐ฃsanitybit
Itโs interesting though, next step is to cause collisions with system files hashes and see what happens with AVs ๐
๐คmrdantesque
Lmao
๐คEvenIfIWantedTo
The output file will always have the same MD5 hash: 3cebbe60d91ce760409bbe513593e401
Well there we go AV vendorsโฆ
๐คlittlejob
๐@malwr
๐ฃsanitybit
Itโs interesting though, next step is to cause collisions with system files hashes and see what happens with AVs ๐
๐คmrdantesque
Lmao
๐คEvenIfIWantedTo
The output file will always have the same MD5 hash: 3cebbe60d91ce760409bbe513593e401
Well there we go AV vendorsโฆ
๐คlittlejob
๐@malwr
GitHub
GitHub - DavidBuchanan314/monomorph: MD5-Monomorphic Shellcode Packer - all payloads have the same MD5 hash
MD5-Monomorphic Shellcode Packer - all payloads have the same MD5 hash - DavidBuchanan314/monomorph
๐ฅ2๐1
MAR-10400779-1.v1 โ Zimbra 1 - CISA received seven files for analysis. Six Java Server Pages (JSP) webshells and a Bourne Again SHell (bash) file. Five JSP webshell files are designed to parse inbound requests for commands for execution, download files, and upload files.
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
www.cisa.gov
MAR-10400779-1.v1 โ Zimbra 1 | CISA
Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial productโฆ
Lazarus โOperation In(ter)ceptionโ Targets macOS Users Dreaming of Jobs in Crypto
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
SentinelOne
Lazarus โOperation In(ter)ceptionโ Targets macOS Users Dreaming of Jobs in Crypto
First Coinbase, now Crypto.com. Lazarus campaign targets more crypto exchange platform job seekers with multi-stage malware.
Securonix Threat Labs Security Advisory: Detecting STEEP#MAVERICK: New Covert Attack Campaign Targeting Military Contractors
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
Securonix
Securonix Threat Labs Security Advisory: Detecting STEEP#MAVERICK: New Covert Attack Campaign Targeting Military Contractors
Find out how a sophisticated attack targeted military contractors using advanced PowerShell tactics and obfuscation techniques.
MalPull version 1.4 brings a more usable CLI, which now only requires the destination folder for the samples which are to be downloaded, and one or more hashes that are to be downloaded. It also allows users to fetch samples from VirusShare via their API, as long as an API key is provided. VirusShare accounts are free, but have a limit of 4 requests per minute, for every minute of the day.
Using MalPull, one can easily search for a given hash on MalShare, Malware Bazaar, VirusShare, Triage, VirusTotal, and Koodous, after which the sample is downloaded. When more samples are requested, the downloads are concurrently processed via N amount of threads, as specified in the settings file.
https://maxkersten.nl/2022/09/29/malpull-1-4-stable-release/
โน๏ธ Sent from one of our channel members
๐@malwr
Using MalPull, one can easily search for a given hash on MalShare, Malware Bazaar, VirusShare, Triage, VirusTotal, and Koodous, after which the sample is downloaded. When more samples are requested, the downloads are concurrently processed via N amount of threads, as specified in the settings file.
https://maxkersten.nl/2022/09/29/malpull-1-4-stable-release/
โน๏ธ Sent from one of our channel members
๐@malwr
๐2
The PS5 Has Been Jailbroken โ Custom Packages Can Now Be Installed
๐ฃtnavda
This article from Wololo is a bit better (the tweet author in this article even links to it). https://wololo.net/2022/10/03/released-ps5-kernel-exploit-webkit-vulnerability-for-firmware-4-03/
๐คGreger34
Tempted to delete this post, more of a press release with zero details
๐คtnavda
WOOO YEAH BABY! NOW I CAN PLAY P.T ON PS5
๐คBetaTalk64
๐@malwr
๐ฃtnavda
This article from Wololo is a bit better (the tweet author in this article even links to it). https://wololo.net/2022/10/03/released-ps5-kernel-exploit-webkit-vulnerability-for-firmware-4-03/
๐คGreger34
Tempted to delete this post, more of a press release with zero details
๐คtnavda
WOOO YEAH BABY! NOW I CAN PLAY P.T ON PS5
๐คBetaTalk64
๐@malwr
GLITCHED
The PS5 Has Been Jailbroken โ Custom Packages Can Now Be Installed
The PS5 has been jailbroken and can now install custom packages. This marks the first major hack in the console lifecycle since its launch back in 2020.
๐1๐ฅ1
BSides San Francisco 2022 Conference Recordings
๐ฃsanitybit
Thanks for posting! I almost made it to this con but had to duck out last minute, glad to be able to watch all the talks.
๐คIkePAnderson
Click through for the full playlist, the embed starts at opening remarks.
๐คsanitybit
๐@malwr
๐ฃsanitybit
Thanks for posting! I almost made it to this con but had to duck out last minute, glad to be able to watch all the talks.
๐คIkePAnderson
Click through for the full playlist, the embed starts at opening remarks.
๐คsanitybit
๐@malwr
YouTube
BSidesSF 2022 - YouTube
Seer โ a GUI front end to GDB for Linux
๐ฃmodelop
Very enigmatic name.
๐คshevy-java
Looks like a powerful debugging frontend, nice work!
I currently use vscodium's debugger GUI, pretty good but sometimes lacking.
If you could add valgrind support, it would make it even more powerful.
๐คSettling2981
FINALLY A GUI DEBUGGER AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA *explodes in excitement*
Yes this is valid because it seems CLI is king, but certainly not the king of usability. A GUI is VERY MUCH APPRECIATED.
Yaaaaaaaaaaaaaaaaaaaaaaaaaaaaaay!
๐คdarkguy2008
๐@malwr
๐ฃmodelop
Very enigmatic name.
๐คshevy-java
Looks like a powerful debugging frontend, nice work!
I currently use vscodium's debugger GUI, pretty good but sometimes lacking.
If you could add valgrind support, it would make it even more powerful.
๐คSettling2981
FINALLY A GUI DEBUGGER AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA *explodes in excitement*
Yes this is valid because it seems CLI is king, but certainly not the king of usability. A GUI is VERY MUCH APPRECIATED.
Yaaaaaaaaaaaaaaaaaaaaaaaaaaaaaay!
๐คdarkguy2008
๐@malwr
GitHub
GitHub - epasveer/seer: Seer - a gui frontend to gdb
Seer - a gui frontend to gdb. Contribute to epasveer/seer development by creating an account on GitHub.
โค1๐1