Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable - In this fourth blog covering vulnerable GitHub Actions, we will explore this new technique of artifact poisoning and describe who could be vulnerable, including how we found this vulnerability in the Rust programming language
π£digicat
π@malwr
π£digicat
π@malwr
Legitsecurity
Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable
New software supply chain vulnerabilities use artifact poisoning and attack the software development pipelines on projects using GitHub Actions.
AzureGraph: Azure AD enumeration over MS Graph
π£digicat
Hey can't click on link yet but can I use this officially instead of powershell for azure administration?
π€TwixPoe
Nice tool, seems well built and nice that it uses MS Graph rather than PowerShell, but not sure what the use case for something like this would be rather than something like AzureHound that can map out paths of attack, or just interacting with Microsoft's Graph Explorer or PowerShell commands.
Nonetheless a nice little tool.
π€carrots32
π@malwr
π£digicat
Hey can't click on link yet but can I use this officially instead of powershell for azure administration?
π€TwixPoe
Nice tool, seems well built and nice that it uses MS Graph rather than PowerShell, but not sure what the use case for something like this would be rather than something like AzureHound that can map out paths of attack, or just interacting with Microsoft's Graph Explorer or PowerShell commands.
Nonetheless a nice little tool.
π€carrots32
π@malwr
GitHub
GitHub - JoelGMSec/AzureGraph: Azure AD enumeration over MS Graph
Azure AD enumeration over MS Graph. Contribute to JoelGMSec/AzureGraph development by creating an account on GitHub.
A Detailed Analysis of The Last Version of REvil Ransomware [PDF](https://securityscorecard.pathfactory.com/research/detailed-analysis-revil)
π£CyberMasterV
π@malwr
π£CyberMasterV
π@malwr
Security Scorecard
A Detailed Analysis Of The Last Version Of R Evil Ransomware
Reko decompiler 0.11.2 released
π£jkl_uxmal
NuGet will be available at https://www.nuget.org/packages/Reko.Decompiler.Runtime. It's taking a while for the new package to get verified.
π€jkl_uxmal
π@malwr
π£jkl_uxmal
NuGet will be available at https://www.nuget.org/packages/Reko.Decompiler.Runtime. It's taking a while for the new package to get verified.
π€jkl_uxmal
π@malwr
GitHub
Release Version 0.11.2 Β· uxmal/reko
My, has it been that long already since last release? Here's an overview of what's happened since.
The Reko solution was moved to .NET 6. As expected, performance and memory footprint was i...
The Reko solution was moved to .NET 6. As expected, performance and memory footprint was i...
CVE / NVD doesnβt work for open source and supply chain security - part one, what's wrong
π£jnazario
π@malwr
π£jnazario
π@malwr
Linkedin
CVE / NVD doesnβt work for open source and supply chain security - part one, what's wrong
I had to split this article into two parts. Part one describes what I think is wrong and part two, which is coming next week, is a proposed architecture to improve it.
Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass
π£jnazario
π@malwr
π£jnazario
π@malwr
the-deniss.github.io
Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass
In this post Iβll show Avast self-defense bypass: how I discovered a new undocumented way to intercept all system calls without a hypervisor and PatchGuard triggered BSOD, and, finally, based on the knowledge gained, implemented a bypass
ChatGPT shows promise of using AI to write Malware
π£simpletonsavant
Canβt we just use AI to save the planet? Ah what am I thinking, of course it will be used to trash it even faster.
π€spamzauberer
What about CoPilot tho??
π€doubleAdLover
The recent news keeps me up at night. I will not use it as an excuse to stop learning cybersecurity though.
π€RemediateRemediate
π@malwr
π£simpletonsavant
Canβt we just use AI to save the planet? Ah what am I thinking, of course it will be used to trash it even faster.
π€spamzauberer
What about CoPilot tho??
π€doubleAdLover
The recent news keeps me up at night. I will not use it as an excuse to stop learning cybersecurity though.
π€RemediateRemediate
π@malwr
CyberScoop
ChatGPT shows promise of using AI to write malware
Large language models pose a major cybersecurity risk, both from the vulnerabilities they risk introducing and the malware they could produce.
Foreign Information Manipulation Interference (FIMI) and Cybersecurity - The EU Agency for Cybersecurity (ENISA) and the European External Action Service (EEAS) have joined forces to study and analyse the threat landscape concerning Foreign Information Manipulation and Interference (FIMI) & disinfo
π£digicat
Good, we need more acronyms in this field.
π€Wellidk182
π@malwr
π£digicat
Good, we need more acronyms in this field.
π€Wellidk182
π@malwr
www.enisa.europa.eu
Foreign Information Manipulation Interference (FIMI) and Cybersecurity - Threat Landscape | ENISA
ENISA is the EU agency dedicated to enhancing cybersecurity in Europe. They offer guidance, tools, and resources to safeguard citizens and businesses from cyber threats.
Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass
π£Gallus
π@malwr
π£Gallus
π@malwr
the-deniss.github.io
Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass
In this post Iβll show Avast self-defense bypass: how I discovered a new undocumented way to intercept all system calls without a hypervisor and PatchGuard triggered BSOD, and, finally, based on the knowledge gained, implemented a bypass