Check Point researchers reveal new findings about Educated Manticore - an activity cluster with a strong overlap with Phosphorus - which has improved its toolset, utilizing rarely seen techniques such as .NET executables constructed as Mixed Mode Assembly. https://research.checkpoint.com/2023/educated-manticore-iran-aligned-threat-actor-targeting-israel-via-improved-arsenal-of-tools/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
found this Stanford course for web security; with exam papers, assignments, labs & everything:
https://web.stanford.edu/class/cs253/
a true goldmine π«‘
π£Farah_Hawaa
π@malwr
https://web.stanford.edu/class/cs253/
a true goldmine π«‘
π£Farah_Hawaa
π@malwr
web.stanford.edu
CS253 - Web Security
Principles of web security. The fundamentals and state-of-the-art in web security. Attacks and countermeasures. Topics include: the browser security model, web app vulnerabilities, injection, denial-of-service, TLS attacks, privacy, fingerprinting, same-originβ¦
π1
Offensive Security Checklists
API testing
Binary Exploitation testing
Firewall testing
Insecure deserialization
Web and OT pentest
and more.
https://github.com/CyberSecurityUP/Offensivesecurity-Checklists
#pentest #cybersecurity
π£cyb_detective
π@malwr
API testing
Binary Exploitation testing
Firewall testing
Insecure deserialization
Web and OT pentest
and more.
https://github.com/CyberSecurityUP/Offensivesecurity-Checklists
#pentest #cybersecurity
π£cyb_detective
π@malwr
AhnLab researchers look into recent Tonto Team attack cases. The threat group targets mainly Asian countries and has been distributing Bisonal malware. https://asec.ahnlab.com/en/51746/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Jamf's Ferdous Saljooki (@malwarezoo) & Jaron Bradley (@jbradley89) write about the RustBucket malware used by the BlueNoroff APT group to target macOS users. https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
https://github.com/TheD1rkMtr/BlockOpenHandle
Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote memory scanners
π£D1rkMtr
π@malwr
Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote memory scanners
π£D1rkMtr
π@malwr
π₯1
This is an outstanding detection engineering and #threathunting blog about detecting multiple lateral-movement techniques through behavioral events (Sysmon plus Windows event logs), rather than relying on brittle detections of specific tool artifacts
https://bherunda.medium.com/procedural-detections-to-uncover-psexec-style-lateral-movement-5e83932eeb7e
π£rpargman
π@malwr
https://bherunda.medium.com/procedural-detections-to-uncover-psexec-style-lateral-movement-5e83932eeb7e
π£rpargman
π@malwr
Medium
Procedural Detections to Uncover PsExec Style Lateral Movement
In this post, I propose several procedural detections that can help uncover the multitude of tools and frameworks that mimic PsExec style lateral movement behavior. As weβll be operating at theβ¦
A new #IDAPro Tutorial is out! This time we cover the Graph View. Watch it now π https://youtu.be/R1GKm-7WfCU
#IDAProTutorials #IDAPro #hexrays #LearningIDA
π£HexRaysSA
π@malwr
#IDAProTutorials #IDAPro #hexrays #LearningIDA
π£HexRaysSA
π@malwr
β€1
We've updated our Mobile Hacking cheatsheets!
https://github.com/randorisec/MobileHackingCheatSheet
#android #ios #cheatsheet #mobilesecurity #apps
π£RandoriSec
π@malwr
https://github.com/randorisec/MobileHackingCheatSheet
#android #ios #cheatsheet #mobilesecurity #apps
π£RandoriSec
π@malwr
π₯1
ProcMon 3.93 supports configurable minifilter altitudes. This is great for teams that have to support minifilters! Thanks @markrussinovich!
π£GabrielLandau
π@malwr
π£GabrielLandau
π@malwr
Bitdefender's Martin Zugec shares recent insights about the tactics, techniques and procedures of the Charming Kitten group (APT35/APT42, Mint Sandstorm/PHOSPHORU), including unpacking a new piece of malware used by the group, named BellaCiao. https://www.bitdefender.com/blog/businessinsights/unpacking-bellaciao-a-closer-look-at-irans-latest-malware/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Monitoring Active Directory for Signs of Compromise
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/monitoring-active-directory-for-signs-of-compromise
π£DirectoryRanger
π@malwr
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/monitoring-active-directory-for-signs-of-compromise
π£DirectoryRanger
π@malwr
Docs
Monitoring Active Directory for Signs of Compromise
Learn about event log monitoring in Active Directory to improve security
CloudSEKβs Threat Intelligence Research Team look into the details of the Daam Android malware distributed via trojanized applications. https://cloudsek.com/threatintelligence/copy-of-malware-intelligence-analysis-of-daam-android-malware
π£virusbtn
π@malwr
π£virusbtn
π@malwr
A Deep Dive into the Emotet Malware
Emotet is a trojan that is primarily spread through spam emails. During its lifecycle, it has gone through a few iterations. Early versions were delivered as a malicious JavaScript file.
https://www.fortinet.com/blog/threat-research/deep-dive-into-emotet-malware.html
π£InfosecMonk
π@malwr
Emotet is a trojan that is primarily spread through spam emails. During its lifecycle, it has gone through a few iterations. Early versions were delivered as a malicious JavaScript file.
https://www.fortinet.com/blog/threat-research/deep-dive-into-emotet-malware.html
π£InfosecMonk
π@malwr
Fortinet Blog
A Deep Dive into the Emotet Malware
FortiGuard Labs has been tracking Emotet since it was first discovered. This blog provides a deep analysis of a new Emotet sample found in early May.β¦
π₯1
Elastic Security Labs' @DanielStepanic analyses the functionality and capabilities of LOBSHOT, an hVNC malware family spreading through Google Ads. https://www.elastic.co/security-labs/elastic-security-labs-discovers-lobshot-malware
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Researchers from Palo Alto's Unit42 identified a new variant of the PingPull malware used by Alloy Taurus actors (aka GALLIUM, Softcell) & designed to target Linux systems. They also found Sword2033 backdoor samples linked to the same C2 infrastructure.
https://unit42.paloaltonetworks.com/alloy-taurus/
π£virusbtn
π@malwr
https://unit42.paloaltonetworks.com/alloy-taurus/
π£virusbtn
π@malwr