WASP Attack on Python β Polymorphic Malware Shipping WASP Stealer; Infecting Hundreds Of Victims
π£jnazario
π@malwr
π£jnazario
π@malwr
Medium
WASP Attack on PythonβββPolymorphic Malware Shipping WASP Stealer; Infecting Hundreds Of Victims
In early November, several malicious packages were reported by Phylum and CheckPoint. We link these two reports to the same attacker withβ¦
Vulnerability Management at Lyft: Enforcing the Cascade [Part 1](https://eng.lyft.com/vulnerability-management-at-lyft-enforcing-the-cascade-part-1-234d1561b994)
π£jnazario
π@malwr
π£jnazario
π@malwr
Medium
Vulnerability Management at Lyft: Enforcing the Cascade [Part 1]
Vulnerability Management at Lyft: Enforcing the Cascade - Part 1 Abstract Over the past 2 years, weβve built a comprehensive vulnerability management program at Lyft. This blog post will focus on β¦
MS Office μ μ URL μμ₯νμ¬ μ ν¬μ€μΈ μλλ¬Έμ - MS Office normal URL disguising and distributing word document
π£digicat
π@malwr
π£digicat
π@malwr
ASEC BLOG
MS Office μ μ URL μμ₯νμ¬ μ ν¬μ€μΈ μλλ¬Έμ - ASEC BLOG
μ΅κ·Ό μλ λ¬Έμλ‘ μμ₯ν μ
μ±μ½λκ° νΉμ κ²½λ‘(ex. μΉ΄μΉ΄μ€ν‘ λ¨μ²΄λνλ°©)λ₯Ό μ€μ¬μΌλ‘ μ ν¬λλ μ΄μκ° κ³΅μ λ λ° μλ€. ASEC λΆμνμ μΆκ° λͺ¨λν°λ§ κ³Όμ μμ, μ μ¬ μλλ¬Έμμ μ¬μ©λ URLμ΄ μ μ URLκ³Ό μ μ¬μ± μΈ‘λ©΄μμ λ§€μ° κ΅λ¬ν΄μ§λ μ ν©μ νμΈνμ¬ μ¬μ©μλ€μκ² μ£Όμλ₯Ό λΉλΆνκ³ μ νλ€. λ΄λΆμ μΌλ‘ νμ¬κΉμ§ νμΈλ μ
μ± μλλ¬Έμμ νμΌλͺ
μ λ€μκ³Ό κ°λ€.νμΌλͺ
μμ νμΈλλ λ΄κ΅μΈμ μ€λͺ
μ μμ μ²λ¦¬( βββ)νμλλ°, μΈκ΅μ보 λΆμΌμ μ λ¬Έκ°μΈ μ κ³Ό νμΌλͺ
λβ¦
Reverse engineering integrity checks in Black Ops 3
π£momo5502
It wasn't a joke when he said it took him years. I started a project in 2014 that I have not yet completed. Obviously the constraint was time and other personal matters + daily job.
π€farmdve
π@malwr
π£momo5502
It wasn't a joke when he said it took him years. I started a project in 2014 that I have not yet completed. Obviously the constraint was time and other personal matters + daily job.
π€farmdve
π@malwr
Maurice's Blog π
Reverse Engineering Integrity Checks in Black Ops 3
Call of Duty: Black Ops 3 is protected by a DRM that, among other things, protects the integrity of the gameβs code at runtime.
Reverse engineering those integrity checks has been a personal goal I had for a long time.
In this post Iβm going to describe myβ¦
Reverse engineering those integrity checks has been a personal goal I had for a long time.
In this post Iβm going to describe myβ¦
π1
Meta Quarterly Adversarial Threat Report [Q3 2022](https://about.fb.com/wp-content/uploads/2022/11/Quarterly-Adversarial-Threat-Report-Q2-2022-1.pdf)
π£jnazario
π@malwr
π£jnazario
π@malwr
Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti
π£digicat
π@malwr
π£digicat
π@malwr
Trellix
Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti
The recently leaked Yanluowang messages span from mid-January to September 2022 and include around 2.7K messages. However, from this relatively small dataset we have gained a valuable intel on Yanluowang threat actor, their innerworkings, victims and possibleβ¦
π1
Vulnerable SDK components lead to supply chain risks in IoT and OT environments
π£SCI_Rusher
π@malwr
π£SCI_Rusher
π@malwr
Microsoft Security Blog
Vulnerable SDK components lead to supply chain risks in IoT and OT environments - Microsoft Security Blog
As vulnerabilities in network components, architecture files, and developer tools have become an increasingly popular attack vector to leverage access into secure networks and devices, Microsoft identified such a vulnerable component and found evidence ofβ¦
Security platform for tracking SOC2 compliance
Hey all,
I'm sharing my project on Github called Gapps. Gapps is a platform to help track/implement SOC2 controls for your organization. It ships with over 200+ controls and 25+ policies.
I created this tool because:
1. I found the SOC2 readiness "process" confusing, compared to other frameworks.
2. I'm not aware of a open-source compliance platform so hopefully people contribute and we can build one. The end goal is to support other frameworks.
Here is the link to the video and the Github link.
Upcoming improvements:
1. Add other frameworks such as NIST CSF, HIPAA, CMMC, CIS CSC, etc.
2. Collection windows and reminders
3. Add documentation for using Gapps "agent" - Mac/Nix/Windows agent that asserts compliance for endpoints (helps with a number of SOC2 controls)
Would be great if others contributed - there are a ton of features that I'd like to add. Feel free to submit issues and/or PM me with questions.
π£skywalker_1391
Where were you able to find all the controls?
π€aflyingpotatoe
Hi just a heads up on licensing, from the Creative Commons FAQ: https://creativecommons.org/faq/#can-i-apply-a-creative-commons-license-to-software
>We recommend against using Creative Commons licenses for software. Instead, we strongly encourage you to use one of the very good software licenses which are already available. We recommend considering licenses listed as free by the Free Software Foundation and listed as βopen sourceβ by the Open Source Initiative.
>
>Unlike software-specific licenses, CC licenses do not contain specific terms about the distribution of source code, which is often important to ensuring the free reuse and modifiability of software. Many software licenses also address patent rights, which are important to software but may not be applicable to other copyrightable works.
>
>Additionally, our licenses are currently not compatible with the major software licenses, so it would be difficult to integrate CC-licensed work with other free software. Existing software licenses were designed specifically for use with software and offer a similar set of rights to the Creative Commons licenses.
Since you chose CC-BY-NC-ND license you should probably stick with "source available" software licenses or something like Prosperity Public License (A non-commercial software license), Business Source License (Recently adopted by LightBend / Akka and other big projects), or Fair Source License
There are also some Copy-far-left or Copyfair Licenses that could be appealing to you as similar to CC-BY-NC-ND: https://github.com/LibreCybernetics/awesome-copyfarleft
π€fabianhjr
Do HITRUST next. I use field guide and am not a huge fan. Plenty of pop there
π€bloopscooppoop
π@malwr
Hey all,
I'm sharing my project on Github called Gapps. Gapps is a platform to help track/implement SOC2 controls for your organization. It ships with over 200+ controls and 25+ policies.
I created this tool because:
1. I found the SOC2 readiness "process" confusing, compared to other frameworks.
2. I'm not aware of a open-source compliance platform so hopefully people contribute and we can build one. The end goal is to support other frameworks.
Here is the link to the video and the Github link.
Upcoming improvements:
1. Add other frameworks such as NIST CSF, HIPAA, CMMC, CIS CSC, etc.
2. Collection windows and reminders
3. Add documentation for using Gapps "agent" - Mac/Nix/Windows agent that asserts compliance for endpoints (helps with a number of SOC2 controls)
Would be great if others contributed - there are a ton of features that I'd like to add. Feel free to submit issues and/or PM me with questions.
π£skywalker_1391
Where were you able to find all the controls?
π€aflyingpotatoe
Hi just a heads up on licensing, from the Creative Commons FAQ: https://creativecommons.org/faq/#can-i-apply-a-creative-commons-license-to-software
>We recommend against using Creative Commons licenses for software. Instead, we strongly encourage you to use one of the very good software licenses which are already available. We recommend considering licenses listed as free by the Free Software Foundation and listed as βopen sourceβ by the Open Source Initiative.
>
>Unlike software-specific licenses, CC licenses do not contain specific terms about the distribution of source code, which is often important to ensuring the free reuse and modifiability of software. Many software licenses also address patent rights, which are important to software but may not be applicable to other copyrightable works.
>
>Additionally, our licenses are currently not compatible with the major software licenses, so it would be difficult to integrate CC-licensed work with other free software. Existing software licenses were designed specifically for use with software and offer a similar set of rights to the Creative Commons licenses.
Since you chose CC-BY-NC-ND license you should probably stick with "source available" software licenses or something like Prosperity Public License (A non-commercial software license), Business Source License (Recently adopted by LightBend / Akka and other big projects), or Fair Source License
There are also some Copy-far-left or Copyfair Licenses that could be appealing to you as similar to CC-BY-NC-ND: https://github.com/LibreCybernetics/awesome-copyfarleft
π€fabianhjr
Do HITRUST next. I use field guide and am not a huge fan. Plenty of pop there
π€bloopscooppoop
π@malwr
GitHub
GitHub - bmarsh9/gapps: Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCIβ¦
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking - bmarsh9/gapps
π₯1