Team Cymru's S2 Research Team look at the QakBot infrastructure, drawing out some high-level trends and anomalies based on their ongoing tracking of the malware's command-and-control (C2) infrastructure. https://www.team-cymru.com/post/visualizing-qakbot-infrastructure
🗣virusbtn


🎖@malwr

Security researcher @embee_research analyses the Quasar RAT C2 configuration and uses this information to pivot to additional servers utilising Shodan and Censys. https://embee-research.ghost.io/hunting-quasar-rat-shodan/
🗣virusbtn


🎖@malwr

Insider Threat Mitigation Guide
Source: Cybersecurity & Infrastructure Security Agency
Download Link:
https://www.cisa.gov/sites/default/files/publications/Insider%20Threat%20Mitigation%20Guide_Final_508.pdf
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
🗣JMonteagudoE


🎖@malwr

New Strain of Sotdas Malware Discovered | Qualys Security Blog https://blog.qualys.com/vulnerabilities-threat-research/2023/05/17/new-strain-of-sotdas-malware-discovered
🗣Cyber_O51NT


🎖@malwr

Trend Micro’s Fyodor Yarochkin, Zhengyu Dong & Paul Pajares present an overview of the Lemon Group’s use of pre-infected mobile devices and how this scheme is potentially being developed and expanded to other IoT devices. https://www.trendmicro.com/en_us/research/23/e/lemon-group-cybercriminal-businesses-built-on-preinfected-devices.html
🗣virusbtn


🎖@malwr

It has shipped - #ILSpy 8 is here with record structs, required members & more language features, plus - yes - more themes! https://github.com/icsharpcode/ILSpy/releases/tag/v8.0
🗣ilspy


🎖@malwr

MITRE ATT&CK®- ICS Matrix
Source: MITRE ATT&CK®
Available for download in Press Quality:
https://cyberstartupobservatory.com/cyber-security-frameworks/
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
🗣JMonteagudoE


🎖@malwr

Study Network+ for FREE

• Network+ Video Series: https://youtube.com/playlist?list=PLG49S3nxzAnlCJiCrOYuRYb6cne864a7G

• Network+ Study Guide: https://howtonetwork.com/comptia-network-study-guide-free/

• Network+ Practice Test: https://gocertify.com/quizzes/network-plus-practice-quizzes

• Network+ Practice Labs: https://gocertify.com/labs/network-plus-practice-labs

• Network+ Cheat Sheet: https://tutorialsweb.com/CertNotes/CompTIA-cert/Network+/netplus-1.htm
🗣BowTiedCyber


🎖@malwr

Search more than 60000 undocumented Windows Kernel structures

https://www.vergiliusproject.com/
🗣securityfreax


🎖@malwr

Phishing Analysis: Decrypting HTTPS traffic with Wireshark
🗣stra1ghtarrow

How would this work if GPS spoofing was used?
👤Poofing_SME

As others have stated, using a dedicated MITM tool for ssl interception is faster and more efficient than using Wireshark. (It's also an industry expectation).

That being said it is still overall a fairly well written article. The only constructive criticism I'll give is this line comes off as condescending towards your wife and self congratulatory...

"Thanks to the regular user awareness sessions I have conducted with her (lol), she did the right thing and forwarded the email to me."

As technical writing is subject to a more formalized style in general this type of language I find unacceptable and off putting and using "lol" here was unnecessary.

I urge you though to continue your technical writing and journey into cybersec as you clearly have passion. Cheers.
👤Taikor

Why did you create an SSLKeylog file to decrypt traffic when you can see right in the payload section of the developer tools what is being passed and what IP its being passed to?


I feel like you took extra steps for a rather simple phishing tactic.
👤SwitchInteresting718


🎖@malwr

Lazarus Group Targeting Windows IIS Web Servers
🗣digicat

I have been seeing a couple instances of similar attacks through misconfigured IIS Servers where services have been taken over and used to load malicious payloads into incomings RDS via VPN sessions via service accounts over the past couple of weeks.

When I traced the attacks I found them all to be coming out of Russia. Neither here nor there, but was able to reconfigure firewalls, close ports on IIS, and mitigate.
👤RatherB_fishing


🎖@malwr