NEW BLOG: How works Microsoft Defender Threat Intelligence / Defender TI β and what is the difference between free and paid
Included in the blog is the Sentinel TI feed integration and UI experience in Defender 365 which is recently announced.
https://jeffreyappel.nl/how-works-microsoft-defender-threat-intelligence-defender-ti-and-what-is-the-difference-between-free-and-paid/
π£JeffreyAppel7
π@malwr
Included in the blog is the Sentinel TI feed integration and UI experience in Defender 365 which is recently announced.
https://jeffreyappel.nl/how-works-microsoft-defender-threat-intelligence-defender-ti-and-what-is-the-difference-between-free-and-paid/
π£JeffreyAppel7
π@malwr
Jeffrey Appel - Microsoft Security blog
How works Microsoft Defender Threat Intelligence / Defender TI - and what is the difference between free and paid
Microsoft Defender Threat Intelligence (MDTI), previously known as RiskIQ brings threat Intelligence data together from multiple sources. With Microsoft Defender Threat Intelligence (MDTI), customers will have direct access to real-time data and signals toβ¦
I created a GitHub repo for learning application security from scratch. It's perfect for beginners and includes a comprehensive list of reference links. But it's not complete yet! Contributors are welcome to add more details. https://github.com/Anof-cyber/Application-Security
π£_r_netsec
π@malwr
π£_r_netsec
π@malwr
GitHub
GitHub - Anof-cyber/Application-Security: Resources for Application Security including Web, API, Android, iOS and Thick Client
Resources for Application Security including Web, API, Android, iOS and Thick Client - Anof-cyber/Application-Security
#Malware_analysis
1. Malware Analysis Course at Hack Space Con 2023
https://github.com/archcloudlabs/HackSpaceCon_Malware_Analysis_Course
2. Privacy-invasive/Clicker Android Adware
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/goldoson-privacy-invasive-and-clicker-android-adware-found-in-popular-apps-in-south-korea
3. BabLock/Rorschach Ransomware
https://www.trendmicro.com/en_us/research/23/d/an-analysis-of-the-bablock-ransomware.html
π£akaclandestine
π@malwr
1. Malware Analysis Course at Hack Space Con 2023
https://github.com/archcloudlabs/HackSpaceCon_Malware_Analysis_Course
2. Privacy-invasive/Clicker Android Adware
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/goldoson-privacy-invasive-and-clicker-android-adware-found-in-popular-apps-in-south-korea
3. BabLock/Rorschach Ransomware
https://www.trendmicro.com/en_us/research/23/d/an-analysis-of-the-bablock-ransomware.html
π£akaclandestine
π@malwr
GitHub
GitHub - archcloudlabs/HackSpaceCon_Malware_Analysis_Course: Free training course offered at Hack Space Con 2023
Free training course offered at Hack Space Con 2023 - archcloudlabs/HackSpaceCon_Malware_Analysis_Course
Enterprise DevSecOps Strategy Guide
Source: US DoD
Download Link: https://dodcio.defense.gov/Portals/0/Documents/Library/DoD%20Enterprise%20DevSecOps%20Strategy%20Guide_DoD-CIO_20211019.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
π£JMonteagudoE
π@malwr
Source: US DoD
Download Link: https://dodcio.defense.gov/Portals/0/Documents/Library/DoD%20Enterprise%20DevSecOps%20Strategy%20Guide_DoD-CIO_20211019.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
π£JMonteagudoE
π@malwr
Ghidra Setup Guide for World of Warcraft 4.1.0.13850
π£LifeIsACurse
Took the time to also create a Ghidra Setup Guide for World of Warcraft 4.1.0.13850
This was a PTR version compiled for MacOS x86 during Cataclysm.
A lot closer to my targeted 3.3.5a.12340 and for another OS, but still a lot of info which can be mined from this one.
The video not only shows how to set up the Ghidra repository, but also how to correct some of the missing struct definitions in order to improve the decompilation output.
You can download a copy of my repository by following the link in the pinned post on the video - a tutorial video how to import local Ghidra projects (or exporting them yourself) can be found on that post as well.
Maybe there are some interesting tidbits for you - happy reversing :)
π€LifeIsACurse
π@malwr
π£LifeIsACurse
Took the time to also create a Ghidra Setup Guide for World of Warcraft 4.1.0.13850
This was a PTR version compiled for MacOS x86 during Cataclysm.
A lot closer to my targeted 3.3.5a.12340 and for another OS, but still a lot of info which can be mined from this one.
The video not only shows how to set up the Ghidra repository, but also how to correct some of the missing struct definitions in order to improve the decompilation output.
You can download a copy of my repository by following the link in the pinned post on the video - a tutorial video how to import local Ghidra projects (or exporting them yourself) can be found on that post as well.
Maybe there are some interesting tidbits for you - happy reversing :)
π€LifeIsACurse
π@malwr
YouTube
Ghidra Setup Guide for World of Warcraft 4.1.0.13850
Here is the next Ghidra Setup Guide, this time for a version a lot closer to my target 3.3.5a.12340.
This video shows off how to set up the repository and also how to correct some of the data structures, so the decompiler can properly infer what is goingβ¦
This video shows off how to set up the repository and also how to correct some of the data structures, so the decompiler can properly infer what is goingβ¦
Release Version 0.4 Release - Nidhogg - The goal of Nidhogg is to provide an all-in-one and easy-to-use rootkit with multiple helpful functionalities for red team engagements that can be integrated with your C2 framework via a single header file - this version introduced various new capabilities
π£digicat
π@malwr
π£digicat
π@malwr
GitHub
Release Version 0.4 Release Β· Idov31/Nidhogg
Version 0.4 Release
New features:
DLL Injection
Via APC
Via NtCreateThread
Shellcode Injection
Via APC
Via NtCreateThread
Unregistering and restoring callbacks
ObCallbacks
PsSetCreatePro...
New features:
DLL Injection
Via APC
Via NtCreateThread
Shellcode Injection
Via APC
Via NtCreateThread
Unregistering and restoring callbacks
ObCallbacks
PsSetCreatePro...
Release v2.5.0 π¦
of Hayabusa - Hayabusa is a Windows event log fast forensics timeline generator and threat hunting tool
π£digicat
π@malwr
π£digicat
π@malwr
GitHub
Release v2.5.0 π¦
Β· Yamato-Security/hayabusa
v2.5.0 - Golden Week Release
π¦ Enhancements:
Added -M, --multiline option to search command. (#1017) (@hitenkoku)
Deleted return characters in the output of the search command. (#1003) (@hitenkoku...
π¦ Enhancements:
Added -M, --multiline option to search command. (#1017) (@hitenkoku)
Deleted return characters in the output of the search command. (#1003) (@hitenkoku...
Freeze.rs: Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST
π£digicat
π@malwr
π£digicat
π@malwr
GitHub
GitHub - optiv/Freeze.rs: Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls writtenβ¦
Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST - optiv/Freeze.rs
Getting Started with Windows Malware Development
π£digicat
Thanks for sharing. Very interesting talk on malware development.
π€handroid2049
π@malwr
π£digicat
Thanks for sharing. Very interesting talk on malware development.
π€handroid2049
π@malwr
YouTube
OnlyMalware - Getting Started with Windows Malware Development - by rad98
Getting Started with Windows Malware Development - a talk given by rad98
OnlyMalware Discord server: https://discord.gg/jugYNtvNvp
rad98 twitter: https://twitter.com/rad9800
OnlyMalware Discord server: https://discord.gg/jugYNtvNvp
rad98 twitter: https://twitter.com/rad9800
Uncovering CVE-2022-37985: A Unique Information Disclosure Vulnerability in Windows Graphics Component - discovered a native network channel that could be utilized to exfiltrate the leaked memory data - we set the Filename field to start with β\??\UNC\172.16.96.***@8888\β, which directs to a WebDAV
π£digicat
Signature opportunity for the Yara will be UNC named paths in docx with EMP signatures
π€digicat
π@malwr
π£digicat
Signature opportunity for the Yara will be UNC named paths in docx with EMP signatures
π€digicat
π@malwr
Trellix
Uncovering CVE-2022-37985: A Unique Information Disclosure Vulnerability in Windows Graphics Component
Get a comprehensive understanding of CVE-2022-37985, a unique information disclosure vulnerability in Windows Graphics Component. Our blog post covers the technical details of the vulnerability, how it can be exploited, and advice on mitigating the risks.
Leveraging Microsoft eXtended Flow Guard (XFG) to help with reverse engineering
π£digicat
π@malwr
π£digicat
π@malwr
M417Z
Leveraging XFG to help with reverse engineering
Microsoft eXtended Flow Guard (XFG) is a control-flow integrity (CFI) technique that extends CFG with function call signatures. It was presented by Microsoft in 2019, and itβs an interesting mitigation, but this blog post isnβt going to discuss its securityβ¦
APT-Hunter: APT-Hunter is Threat Hunting tool for Windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
π£digicat
π@malwr
π£digicat
π@malwr
GitHub
GitHub - ahmedkhlief/APT-Hunter: APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset toβ¦
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover su...
NATO and Article 5 in Cyberspace:NATO designated cyberspace as a domain of warfare & recognized that an adversarial cyber campaign could trigger the Allianceβs collective defense mechanism under Article 5. Given the complexities of cyberattacks it's unknown whether & what kind attacks get a response
π£digicat
π@malwr
π£digicat
π@malwr
CTI researcher @BushidoToken looks at a financially motivated Kenyan threat actor. GreenMwizi set up 12 fake Booking[.]com Twitter accounts targeting users who make public complaints, the aim being to socially engineer them into sending funds via Remitly. https://blog.bushidotoken.net/2023/05/greenmwizi-kenyan-scamming-campaign.html
π£virusbtn
π@malwr
π£virusbtn
π@malwr