Offensive Security Checklists
API testing
Binary Exploitation testing
Firewall testing
Insecure deserialization
Web and OT pentest
and more.
https://github.com/CyberSecurityUP/Offensivesecurity-Checklists
#pentest #cybersecurity
π£cyb_detective
π@malwr
API testing
Binary Exploitation testing
Firewall testing
Insecure deserialization
Web and OT pentest
and more.
https://github.com/CyberSecurityUP/Offensivesecurity-Checklists
#pentest #cybersecurity
π£cyb_detective
π@malwr
AhnLab researchers look into recent Tonto Team attack cases. The threat group targets mainly Asian countries and has been distributing Bisonal malware. https://asec.ahnlab.com/en/51746/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Jamf's Ferdous Saljooki (@malwarezoo) & Jaron Bradley (@jbradley89) write about the RustBucket malware used by the BlueNoroff APT group to target macOS users. https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
https://github.com/TheD1rkMtr/BlockOpenHandle
Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote memory scanners
π£D1rkMtr
π@malwr
Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote memory scanners
π£D1rkMtr
π@malwr
π₯1
This is an outstanding detection engineering and #threathunting blog about detecting multiple lateral-movement techniques through behavioral events (Sysmon plus Windows event logs), rather than relying on brittle detections of specific tool artifacts
https://bherunda.medium.com/procedural-detections-to-uncover-psexec-style-lateral-movement-5e83932eeb7e
π£rpargman
π@malwr
https://bherunda.medium.com/procedural-detections-to-uncover-psexec-style-lateral-movement-5e83932eeb7e
π£rpargman
π@malwr
Medium
Procedural Detections to Uncover PsExec Style Lateral Movement
In this post, I propose several procedural detections that can help uncover the multitude of tools and frameworks that mimic PsExec style lateral movement behavior. As weβll be operating at theβ¦
A new #IDAPro Tutorial is out! This time we cover the Graph View. Watch it now π https://youtu.be/R1GKm-7WfCU
#IDAProTutorials #IDAPro #hexrays #LearningIDA
π£HexRaysSA
π@malwr
#IDAProTutorials #IDAPro #hexrays #LearningIDA
π£HexRaysSA
π@malwr
β€1
We've updated our Mobile Hacking cheatsheets!
https://github.com/randorisec/MobileHackingCheatSheet
#android #ios #cheatsheet #mobilesecurity #apps
π£RandoriSec
π@malwr
https://github.com/randorisec/MobileHackingCheatSheet
#android #ios #cheatsheet #mobilesecurity #apps
π£RandoriSec
π@malwr
π₯1
ProcMon 3.93 supports configurable minifilter altitudes. This is great for teams that have to support minifilters! Thanks @markrussinovich!
π£GabrielLandau
π@malwr
π£GabrielLandau
π@malwr
Bitdefender's Martin Zugec shares recent insights about the tactics, techniques and procedures of the Charming Kitten group (APT35/APT42, Mint Sandstorm/PHOSPHORU), including unpacking a new piece of malware used by the group, named BellaCiao. https://www.bitdefender.com/blog/businessinsights/unpacking-bellaciao-a-closer-look-at-irans-latest-malware/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Monitoring Active Directory for Signs of Compromise
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/monitoring-active-directory-for-signs-of-compromise
π£DirectoryRanger
π@malwr
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/monitoring-active-directory-for-signs-of-compromise
π£DirectoryRanger
π@malwr
Docs
Monitoring Active Directory for Signs of Compromise
Learn about event log monitoring in Active Directory to improve security
CloudSEKβs Threat Intelligence Research Team look into the details of the Daam Android malware distributed via trojanized applications. https://cloudsek.com/threatintelligence/copy-of-malware-intelligence-analysis-of-daam-android-malware
π£virusbtn
π@malwr
π£virusbtn
π@malwr
A Deep Dive into the Emotet Malware
Emotet is a trojan that is primarily spread through spam emails. During its lifecycle, it has gone through a few iterations. Early versions were delivered as a malicious JavaScript file.
https://www.fortinet.com/blog/threat-research/deep-dive-into-emotet-malware.html
π£InfosecMonk
π@malwr
Emotet is a trojan that is primarily spread through spam emails. During its lifecycle, it has gone through a few iterations. Early versions were delivered as a malicious JavaScript file.
https://www.fortinet.com/blog/threat-research/deep-dive-into-emotet-malware.html
π£InfosecMonk
π@malwr
Fortinet Blog
A Deep Dive into the Emotet Malware
FortiGuard Labs has been tracking Emotet since it was first discovered. This blog provides a deep analysis of a new Emotet sample found in early May.β¦
π₯1
Elastic Security Labs' @DanielStepanic analyses the functionality and capabilities of LOBSHOT, an hVNC malware family spreading through Google Ads. https://www.elastic.co/security-labs/elastic-security-labs-discovers-lobshot-malware
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Researchers from Palo Alto's Unit42 identified a new variant of the PingPull malware used by Alloy Taurus actors (aka GALLIUM, Softcell) & designed to target Linux systems. They also found Sword2033 backdoor samples linked to the same C2 infrastructure.
https://unit42.paloaltonetworks.com/alloy-taurus/
π£virusbtn
π@malwr
https://unit42.paloaltonetworks.com/alloy-taurus/
π£virusbtn
π@malwr
A keylogger/sniffer for the on-screen-keyboard? Sure, ETW is happy to help here with {4F768BE8-9C69-4BBC-87FC-95291D3F9D0C}π
Enjoy the C source code, and the compiled exe, as usual - https://github.com/gtworek/PSBits/tree/master/ETW
π£0gtweet
π@malwr
Enjoy the C source code, and the compiled exe, as usual - https://github.com/gtworek/PSBits/tree/master/ETW
π£0gtweet
π@malwr
How to get IDA global information? min and max addresses, entry point, main, other configuration values, etc.
https://youtu.be/2w8LdSCPUQc
π£allthingsida
π@malwr
https://youtu.be/2w8LdSCPUQc
π£allthingsida
π@malwr
YouTube
IDAPython: Retrieving global database information
In this episode, we cover how to retrieve global database information using the idainfo facilities.
We will retrieve things such as:
- Min and max ea, start ea, main ea,
- Input file path, hash, etc.
- Compiler settings, database creation information (typeβ¦
We will retrieve things such as:
- Min and max ea, start ea, main ea,
- Input file path, hash, etc.
- Compiler settings, database creation information (typeβ¦
NIST Cloud Computing Forensic Reference Architecture
Release Date: February 2023
Direct Download Link (PDF):
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-201.ipd.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com
#CyberSecurity #InfoSec #InformationSecurity
π£CyberSecOb
π@malwr
Release Date: February 2023
Direct Download Link (PDF):
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-201.ipd.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com
#CyberSecurity #InfoSec #InformationSecurity
π£CyberSecOb
π@malwr