Introduction to offensive security (guide by @0xTriboulet)
https://steve-s.gitbook.io/0xtriboulet/
#offensivesecurity
๐ฃ0xor0ne
๐@malwr
https://steve-s.gitbook.io/0xtriboulet/
#offensivesecurity
๐ฃ0xor0ne
๐@malwr
This is an absolutely dope mindmap for attacking AD.
https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2023_02.svg
Source: https://github.com/Orange-Cyberdefense/ocd-mindmaps
๐ฃJhaddix
๐@malwr
https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2023_02.svg
Source: https://github.com/Orange-Cyberdefense/ocd-mindmaps
๐ฃJhaddix
๐@malwr
๐2
A Journey of Finding #Vulnerabilities in #Drivers by @omertsarfati of @CyberArk
https://www.cyberark.com/resources/threat-research-blog/inglourious-drivers-a-journey-of-finding-vulnerabilities-in-drivers
๐ฃSinSinology
๐@malwr
https://www.cyberark.com/resources/threat-research-blog/inglourious-drivers-a-journey-of-finding-vulnerabilities-in-drivers
๐ฃSinSinology
๐@malwr
Frida 16.0.14 is out! ๐ This one is all about stability improvements on Linux/Android, and brand new ARMv8 BTI interoperability:
https://frida.re/news/2023/04/18/frida-16-0-14-released/
๐ฃfridadotre
๐@malwr
https://frida.re/news/2023/04/18/frida-16-0-14-released/
๐ฃfridadotre
๐@malwr
Frida โข A world-class dynamic instrumentation toolkit
Frida 16.0.14 Released
Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX
Here is a ETW based POC to monitor for (some) direct and indirect syscalls. Should find multiple open source implementations trying to avoid userlandhooks.
https://github.com/thefLink/Hunt-Weird-Syscalls
๐ฃthefLinkk
๐@malwr
https://github.com/thefLink/Hunt-Weird-Syscalls
๐ฃthefLinkk
๐@malwr
GitHub
GitHub - thefLink/Hunt-Weird-Syscalls: ETW based POC to identify direct and indirect syscalls
ETW based POC to identify direct and indirect syscalls - thefLink/Hunt-Weird-Syscalls
๐1
Hey, FIRSTies! After much dedicated work, the #EthicsSIG has published their #CaseStudies to the FIRST website! Check out the encompassing document here: http://ow.ly/rG2S50NNbJt
๐ฃFIRSTdotOrg
๐@malwr
๐ฃFIRSTdotOrg
๐@malwr
FIRST โ Forum of Incident Response and Security Teams
Ethics for Incident Response and Security Teams - Case Studies
c2detect: Search for c2 servers by listener outside https://github.com/michael2to3/c2-search-netlas
๐ฃ_r_netsec
๐@malwr
๐ฃ_r_netsec
๐@malwr
ESET researchers have discovered a new Lazarus #OperationDreamJob campaign targeting Linux users. As far as we know, this is the first public mention of this major threat actor using Linux malware as part of this operation. ๐ง
https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack/?utm_source=twitter&utm_medium=cpc&utm_campaign=wls&utm_term=lazarus-linux-malware
#ESETresearch #ProgressProtected #Cybersecurity
๐ฃESET
๐@malwr
https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack/?utm_source=twitter&utm_medium=cpc&utm_campaign=wls&utm_term=lazarus-linux-malware
#ESETresearch #ProgressProtected #Cybersecurity
๐ฃESET
๐@malwr
Welivesecurity
Linux malware strengthens links between Lazarus and the 3CX supply-chain attack
Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack
I've your interested in the #TradingTechnologies compromise & detections, then follow this thread ๐งต
You won't find these IOCs/rules anywhere else
Hashes
https://github.com/Neo23x0/signature-base/blob/977ebf90ef01476f8586fbfd7e433cb93189bfa1/iocs/hash-iocs.txt#L10819
Filenames
https://github.com/Neo23x0/signature-base/blob/977ebf90ef01476f8586fbfd7e433cb93189bfa1/iocs/filename-iocs.txt#L4265
YARA
https://github.com/Neo23x0/signature-base/blob/master/yara/apt_nk_tradingtech_apr23.yar
๐ฃcyb3rops
๐@malwr
You won't find these IOCs/rules anywhere else
Hashes
https://github.com/Neo23x0/signature-base/blob/977ebf90ef01476f8586fbfd7e433cb93189bfa1/iocs/hash-iocs.txt#L10819
Filenames
https://github.com/Neo23x0/signature-base/blob/977ebf90ef01476f8586fbfd7e433cb93189bfa1/iocs/filename-iocs.txt#L4265
YARA
https://github.com/Neo23x0/signature-base/blob/master/yara/apt_nk_tradingtech_apr23.yar
๐ฃcyb3rops
๐@malwr
GitHub
signature-base/iocs/hash-iocs.txt at 977ebf90ef01476f8586fbfd7e433cb93189bfa1 ยท Neo23x0/signature-base
YARA signature and IOC database for my scanners and tools - Neo23x0/signature-base
๐1
Exploiting System Mechanic Driver https://voidsec.com/exploiting-system-mechanic-driver/ #Pentesting #Exploit #CyberSecurity #Infosec
๐ฃptracesecurity
๐@malwr
๐ฃptracesecurity
๐@malwr
dnstop โ Monitor and display DNS server traffic on your network https://www.cyberciti.biz/faq/dnstop-monitor-bind-dns-server-dns-network-traffic-from-a-shell-prompt/ #Linux #Unix #FreeBSD
๐ฃnixcraft
๐@malwr
๐ฃnixcraft
๐@malwr
EclecticIQ researchers have identified a spear phishing campaign targeting Ukrainian government entities including the Foreign Intelligence Service of Ukraine (SZRU) and Security Service of Ukraine (SSU), likely conducted by APT group Gamaredon. https://blog.eclecticiq.com/exposed-web-panel-reveals-gamaredon-groups-automated-spear-phishing-campaigns
๐ฃvirusbtn
๐@malwr
๐ฃvirusbtn
๐@malwr
VirusTotal's trompi summarises the latest activity of the APT43 group based on the telemetry of its malware toolset, including geographical distribution, lookups, submissions, file types, detection ratios & efficacy of crowd-sourced YARA rules. https://blog.virustotal.com/2023/04/apt43-investigation-into-north-korean.html
๐ฃvirusbtn
๐@malwr
๐ฃvirusbtn
๐@malwr
I have finished my write-up on reversing the Cobalt Strike implementations of indirect syscalls. With thanks to @0xDISREL for suggesting I look at it and supplying a beacon and to @DuchyRE for tips about unpacking and structures.
https://github.com/dodo-sec/Malware-Analysis/blob/main/Cobalt%20Strike/Indirect%20Syscalls.md
๐ฃdodo_sec
๐@malwr
https://github.com/dodo-sec/Malware-Analysis/blob/main/Cobalt%20Strike/Indirect%20Syscalls.md
๐ฃdodo_sec
๐@malwr
GitHub
Malware-Analysis/Cobalt Strike/Indirect Syscalls.md at main ยท dodo-sec/Malware-Analysis
Contribute to dodo-sec/Malware-Analysis development by creating an account on GitHub.
#VMware released a security update to address a vulnerability in Tools. A remote attacker could likely exploit the vulnerability to take control of an affected system. More at http://cisa.gov/news-events/alerts/2023/04/21/vmware-releases-security-update-aria-operations-logs. #Cybersecurity #InfoSec
๐ฃCISACyber
๐@malwr
๐ฃCISACyber
๐@malwr
Awesome @TrustedSec #Sysmon videos by @Carlos_Perez
Part 1
https://youtu.be/kESndPO5Fig
Part 2
https://youtu.be/MlGc44dfFBg
Part 3
https://youtu.be/2JHjRR2Wt4g
Part 4
https://youtu.be/VKVSedPGDgY
Part 5
https://youtu.be/KBsEAaZFcyI
Part 6
https://youtu.be/46-alN2_vlo
Part 7
https://youtu.be/cN714yh7UF4
Part 8
https://youtu.be/y4cpuliY4dk
Part 9
https://youtu.be/Fs7x7PywdzU
๐ฃOddvarmoe
๐@malwr
Part 1
https://youtu.be/kESndPO5Fig
Part 2
https://youtu.be/MlGc44dfFBg
Part 3
https://youtu.be/2JHjRR2Wt4g
Part 4
https://youtu.be/VKVSedPGDgY
Part 5
https://youtu.be/KBsEAaZFcyI
Part 6
https://youtu.be/46-alN2_vlo
Part 7
https://youtu.be/cN714yh7UF4
Part 8
https://youtu.be/y4cpuliY4dk
Part 9
https://youtu.be/Fs7x7PywdzU
๐ฃOddvarmoe
๐@malwr
YouTube
Learning Sysmon - What is Sysmon? (Video 1)
In this video, Research Team Lead Carlos Perez talks about System Monitor (Sysmon) which you can get from Microsoft's Sysinternals Suite. He covers who can get the most out of Sysmon and what its limitations are so that you can decide how much effort yourโฆ