APT-Hunter: APT-Hunter is Threat Hunting tool for Windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
GitHub
GitHub - ahmedkhlief/APT-Hunter: APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to…
APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover su...
NATO and Article 5 in Cyberspace:NATO designated cyberspace as a domain of warfare & recognized that an adversarial cyber campaign could trigger the Alliance’s collective defense mechanism under Article 5. Given the complexities of cyberattacks it's unknown whether & what kind attacks get a response
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
CTI researcher @BushidoToken looks at a financially motivated Kenyan threat actor. GreenMwizi set up 12 fake Booking[.]com Twitter accounts targeting users who make public complaints, the aim being to socially engineer them into sending funds via Remitly. https://blog.bushidotoken.net/2023/05/greenmwizi-kenyan-scamming-campaign.html
🗣virusbtn
🎖@malwr
🗣virusbtn
🎖@malwr
ESET has released its Q4 2022 - Q1 2023 APT Activity Report, which summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated & analysed by ESET's researchers during that period. https://www.welivesecurity.com/2023/05/09/eset-apt-activity-report-q42022-q12023/
🗣virusbtn
🎖@malwr
🗣virusbtn
🎖@malwr
As a #Reverse #Engineering enthusiast, I recently wrote a configuration extractor using Python to decrypt data encrypted by Qbot malware. With this code, I can easily extract the strings from the decrypted data and analyze the malware's configuration
https://github.com/FarghlyMal/QBotConfig-Extractor/blob/main/Config%20Extractor.py
🗣FarghlyMal
🎖@malwr
https://github.com/FarghlyMal/QBotConfig-Extractor/blob/main/Config%20Extractor.py
🗣FarghlyMal
🎖@malwr
❤1
Firewall Testing Checklist
#cybersecurity #infosec #cyberattack
https://en.iguru.gr/firewall-einai-kai-giati-prepei-chrisimopoieite/
🗣Anastasis_King
🎖@malwr
#cybersecurity #infosec #cyberattack
https://en.iguru.gr/firewall-einai-kai-giati-prepei-chrisimopoieite/
🗣Anastasis_King
🎖@malwr
(recommended reading) Hunting Russian Intelligence “Snake” Malware:
HTML: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a
PDF: https://www.cisa.gov/sites/default/files/2023-05/aa23-129a_snake_malware_1.pdf
#cybersecurity #infosec #cyberespionage #threathunting #threatintel #cybersecurity #threatintelligence
🗣blackstormsecbr
🎖@malwr
HTML: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a
PDF: https://www.cisa.gov/sites/default/files/2023-05/aa23-129a_snake_malware_1.pdf
#cybersecurity #infosec #cyberespionage #threathunting #threatintel #cybersecurity #threatintelligence
🗣blackstormsecbr
🎖@malwr
iknowjason/Awesome-CloudSec-Labs: Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.
🗣jnazario
🎖@malwr
🗣jnazario
🎖@malwr
GitHub
GitHub - iknowjason/Awesome-CloudSec-Labs: Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops…
Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs. - GitHub - iknowjason/Awesome-CloudSec-Labs: Awesome free clou...
AgentTesla - Full Loader Analysis - Resolving API Hashes Using Conditional Breakpoints
🗣jnazario
🎖@malwr
🗣jnazario
🎖@malwr
Embee Research
AgentTesla Malware Analysis - How To Resolve API Hashes With Conditional Breakpoints
Analysis of a Multi-Stage Loader for AgentTesla. Covering Ghidra, Dnspy, X32dbg, API Hashing and more!
McAfee's Anandeshwar Unnikrishnan analyses recent GULoader campaigns in which NSIS-based installers, delivered via email as malspam, use plugin libraries to execute the GU shellcode on the victim system. https://www.mcafee.com/blogs/other-blogs/mcafee-labs/guloader-campaigns-a-deep-dive-analysis-of-a-highly-evasive-shellcode-based-loader/
🗣virusbtn
🎖@malwr
🗣virusbtn
🎖@malwr
Ransomware Risk Management
Download Link (PDF):
https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8374.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
🗣JMonteagudoE
🎖@malwr
Download Link (PDF):
https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8374.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
🗣JMonteagudoE
🎖@malwr
Digital Forensics and Incident Response (DFIR) Framework for OT
Source: NIST
Download Link:
https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8428.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
🗣CyberSecOb
🎖@malwr
Source: NIST
Download Link:
https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8428.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
🗣CyberSecOb
🎖@malwr
We’ve just published another great Plugin Focus article! Can Bölük ( @_can1357 ) introduces his NtRays plugin for automated simplification of Windows Kernel decompilation. Read more 🌐 https://hex-rays.com/blog/plugin-focus-ntrays/?utm_source=Social-Media-Post&utm_medium=Twitter&utm_campaign=Plugin-Focus-ntrays
#IDAPro #IDAPython #IDAPlugin #NtRays
🗣HexRaysSA
🎖@malwr
#IDAPro #IDAPython #IDAPlugin #NtRays
🗣HexRaysSA
🎖@malwr
Medusa Ransomware technical analysis report
MedusaLocker ransomware has been active since September 2019. MedusaLocker actors typically access victims’ networks by exploiting vulnerabilities in Remote Desktop Protocol (RDP).
https://link.medium.com/G8YxzhstHzb
ℹ️ Sent from one of our channel members
🎖@malwr
MedusaLocker ransomware has been active since September 2019. MedusaLocker actors typically access victims’ networks by exploiting vulnerabilities in Remote Desktop Protocol (RDP).
https://link.medium.com/G8YxzhstHzb
ℹ️ Sent from one of our channel members
🎖@malwr
Medium
Medusa Ransomware technical analysis report
Hello cybermen, I’m about to present a repo about the Medusa locker
👍3
Check out my writeup on #Vidar #Stealer https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-vidar-stealer 😊
@esthreat
🗣AnFam17
🎖@malwr
@esthreat
🗣AnFam17
🎖@malwr
eSentire
eSentire Threat Intelligence Malware Analysis: Vidar Stealer
Dive deeper into the technical details gathered during eSentire’s Threat Response Unit (TRU) team’s research and threat analysis of the Vidar Stealer…
Sophos researchers look into a recently observed ransomware family dubbed Akira and describe how it was deployed by different actors in two incidents they assisted with. https://news.sophos.com/en-us/2023/05/09/akira-ransomware-is-bringin-88-back/
🗣virusbtn
🎖@malwr
🗣virusbtn
🎖@malwr