Trend Micro’s Fyodor Yarochkin, Zhengyu Dong & Paul Pajares present an overview of the Lemon Group’s use of pre-infected mobile devices and how this scheme is potentially being developed and expanded to other IoT devices. https://www.trendmicro.com/en_us/research/23/e/lemon-group-cybercriminal-businesses-built-on-preinfected-devices.html
🗣virusbtn


🎖@malwr

It has shipped - #ILSpy 8 is here with record structs, required members & more language features, plus - yes - more themes! https://github.com/icsharpcode/ILSpy/releases/tag/v8.0
🗣ilspy


🎖@malwr

MITRE ATT&CK®- ICS Matrix
Source: MITRE ATT&CK®
Available for download in Press Quality:
https://cyberstartupobservatory.com/cyber-security-frameworks/
For more unique resources and tools for the cyber community, please visit:
https://cyberstartupobservatory.com/cyber-startup-observatory-community/
#CyberSecurity #InfoSec #InformationSecurity
🗣JMonteagudoE


🎖@malwr

Study Network+ for FREE

• Network+ Video Series: https://youtube.com/playlist?list=PLG49S3nxzAnlCJiCrOYuRYb6cne864a7G

• Network+ Study Guide: https://howtonetwork.com/comptia-network-study-guide-free/

• Network+ Practice Test: https://gocertify.com/quizzes/network-plus-practice-quizzes

• Network+ Practice Labs: https://gocertify.com/labs/network-plus-practice-labs

• Network+ Cheat Sheet: https://tutorialsweb.com/CertNotes/CompTIA-cert/Network+/netplus-1.htm
🗣BowTiedCyber


🎖@malwr

Search more than 60000 undocumented Windows Kernel structures

https://www.vergiliusproject.com/
🗣securityfreax


🎖@malwr

Phishing Analysis: Decrypting HTTPS traffic with Wireshark
🗣stra1ghtarrow

How would this work if GPS spoofing was used?
👤Poofing_SME

As others have stated, using a dedicated MITM tool for ssl interception is faster and more efficient than using Wireshark. (It's also an industry expectation).

That being said it is still overall a fairly well written article. The only constructive criticism I'll give is this line comes off as condescending towards your wife and self congratulatory...

"Thanks to the regular user awareness sessions I have conducted with her (lol), she did the right thing and forwarded the email to me."

As technical writing is subject to a more formalized style in general this type of language I find unacceptable and off putting and using "lol" here was unnecessary.

I urge you though to continue your technical writing and journey into cybersec as you clearly have passion. Cheers.
👤Taikor

Why did you create an SSLKeylog file to decrypt traffic when you can see right in the payload section of the developer tools what is being passed and what IP its being passed to?


I feel like you took extra steps for a rather simple phishing tactic.
👤SwitchInteresting718


🎖@malwr

Lazarus Group Targeting Windows IIS Web Servers
🗣digicat

I have been seeing a couple instances of similar attacks through misconfigured IIS Servers where services have been taken over and used to load malicious payloads into incomings RDS via VPN sessions via service accounts over the past couple of weeks.

When I traced the attacks I found them all to be coming out of Russia. Neither here nor there, but was able to reconfigure firewalls, close ports on IIS, and mitigate.
👤RatherB_fishing


🎖@malwr

A Modern Approach to Evading AntiVirus and Bypassing Endpoint Detection
🗣ResidentHacker

Learnt new stuff, thanks and cool stuff for AV evasion
👤Ka4maroot

If you look at the git, Bypassing Endpoint Detection is a bit of a misnomer here. This is AV evasion + living off the land. Nice resource for a few evasion techniques though!
👤Sittadel


🎖@malwr

librick/ic1101: Reverse engineering of a 2021 Honda Civic headunit
🗣tnavda

I've been curious if the LKAS stuff is contained within one of the APKs, or if that software is located elsewhere. There is a hard-coded 45MPH minimum to activate LKAS, but that always seemed pretty arbitrary to me, and I wonder if one could modify that and see what happens.
👤ebol4anthr4x


🎖@malwr

Ransomware Notes

This is a collection of various #ransomware notes from the past to the present.

https://github.com/threatlabz/ransomware_notes

#cybersecurity #infosec
https://t.me/hackgit/8819
🗣hack_git


🎖@malwr

Microsoft Threat Intelligence researchers share information on the Volt Typhoon state-sponsored actor, its campaign targeting critical infrastructure providers, & its tactics for achieving and maintaining unauthorized access to target networks. https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/
🗣virusbtn


🎖@malwr

ESET's Lukas Stefanko describes a new Android RAT based on AhMyth. AhRat's specific malicious behaviour, which involves extracting microphone recordings & stealing files with specific extensions, potentially indicates involvement in an espionage campaign. https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/
🗣virusbtn


🎖@malwr

Windows File Explorer will support 7z, rar, and other compressed formats using open source libarchive library. Opening files soon, compressing files will come later. #MSBuild
🗣unixterminal


🎖@malwr

The DFIR Report's researchers look into an incident that started with the execution of IcedID malware contained within an Excel document delivered to the victim as part of a malspam campaign. https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/
🗣virusbtn


🎖@malwr