Jamf's Ferdous Saljooki (@malwarezoo) & Jaron Bradley (@jbradley89) write about the RustBucket malware used by the BlueNoroff APT group to target macOS users. https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/
🗣virusbtn


🎖@malwr

https://github.com/TheD1rkMtr/BlockOpenHandle
Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote memory scanners
🗣D1rkMtr


🎖@malwr

This is an outstanding detection engineering and #threathunting blog about detecting multiple lateral-movement techniques through behavioral events (Sysmon plus Windows event logs), rather than relying on brittle detections of specific tool artifacts

https://bherunda.medium.com/procedural-detections-to-uncover-psexec-style-lateral-movement-5e83932eeb7e
🗣rpargman


🎖@malwr

A new #IDAPro Tutorial is out! This time we cover the Graph View. Watch it now 🌐 https://youtu.be/R1GKm-7WfCU

#IDAProTutorials #IDAPro #hexrays #LearningIDA
🗣HexRaysSA


🎖@malwr

Bitdefender's Martin Zugec shares recent insights about the tactics, techniques and procedures of the Charming Kitten group (APT35/APT42, Mint Sandstorm/PHOSPHORU), including unpacking a new piece of malware used by the group, named BellaCiao. https://www.bitdefender.com/blog/businessinsights/unpacking-bellaciao-a-closer-look-at-irans-latest-malware/
🗣virusbtn


🎖@malwr

Monitoring Active Directory for Signs of Compromise
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/monitoring-active-directory-for-signs-of-compromise
🗣DirectoryRanger


🎖@malwr

CloudSEK’s Threat Intelligence Research Team look into the details of the Daam Android malware distributed via trojanized applications. https://cloudsek.com/threatintelligence/copy-of-malware-intelligence-analysis-of-daam-android-malware
🗣virusbtn


🎖@malwr

A Deep Dive into the Emotet Malware

Emotet is a trojan that is primarily spread through spam emails. During its lifecycle, it has gone through a few iterations. Early versions were delivered as a malicious JavaScript file.
https://www.fortinet.com/blog/threat-research/deep-dive-into-emotet-malware.html
🗣InfosecMonk


🎖@malwr

Elastic Security Labs' @DanielStepanic analyses the functionality and capabilities of LOBSHOT, an hVNC malware family spreading through Google Ads. https://www.elastic.co/security-labs/elastic-security-labs-discovers-lobshot-malware
🗣virusbtn


🎖@malwr

Researchers from Palo Alto's Unit42 identified a new variant of the PingPull malware used by Alloy Taurus actors (aka GALLIUM, Softcell) & designed to target Linux systems. They also found Sword2033 backdoor samples linked to the same C2 infrastructure.
https://unit42.paloaltonetworks.com/alloy-taurus/
🗣virusbtn


🎖@malwr

A keylogger/sniffer for the on-screen-keyboard? Sure, ETW is happy to help here with {4F768BE8-9C69-4BBC-87FC-95291D3F9D0C}😁
Enjoy the C source code, and the compiled exe, as usual - https://github.com/gtworek/PSBits/tree/master/ETW
🗣0gtweet


🎖@malwr

How to get IDA global information? min and max addresses, entry point, main, other configuration values, etc.
https://youtu.be/2w8LdSCPUQc
🗣allthingsida


🎖@malwr

NIST Cloud Computing Forensic Reference Architecture
Release Date: February 2023
Direct Download Link (PDF):
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-201.ipd.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com
#CyberSecurity #InfoSec #InformationSecurity
🗣CyberSecOb


🎖@malwr

If a website allows you to upload ZIP files it might be vulnerable to a #ZipSlip #vulnerability leading to #RCE.
Watch this explanation video from @gregxsunday on how he got $5.5k #BugBounty from GitHub & built a #CodeQL query to detect this bug:

#AppSec

https://youtu.be/F95U912u7OQ
🗣securestep9


🎖@malwr

Sharing a tool I developed to help Blue Teamers discover Persistence on Windows - please check it out!
🗣panscanner

Hey everyone - thought I would share a tool some of you may find useful. The GitHub readme has most of the information you'd want but basically it scans Windows for possible persistence mechanisms and reports on them in a CSV format (JSON soon).

The difference between this and something like PersistenceSniper is my attempt to add built-in allow-lists, risk assignments and the capability to 'snapshot' a system (such as a golden image) then use that snapshot as a dynamic runtime allow-list. Most functionality also supports 'drive-retargeting' if you are analyzing a mounted image.

Feel free to DM me/reply with any questions/comments/ideas/etc for improving it! This wouldn't exist without the amazing InfoSec community and I'm just trying to give back.
👤panscanner


🎖@malwr