citrixInspector: Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrix ADC to CVE-2023-3519
🗣digicat
What are the experiences with the IoC checks so far?
👤Alert-Sale2153
🎖@malwr
🗣digicat
What are the experiences with the IoC checks so far?
👤Alert-Sale2153
🎖@malwr
GitHub
GitHub - securekomodo/citrixInspector: Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrix…
Accurately fingerprint and detect vulnerable (and patched!) versions of Netscaler / Citrix ADC to CVE-2023-3519 - securekomodo/citrixInspector
PurpleKeep: Providing Azure pipelines to create an infrastructure and run Atomic tests.
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
GitHub
GitHub - Retrospected/PurpleKeep: Providing Azure pipelines to create an infrastructure and run Atomic tests.
Providing Azure pipelines to create an infrastructure and run Atomic tests. - GitHub - Retrospected/PurpleKeep: Providing Azure pipelines to create an infrastructure and run Atomic tests.
👍1
apk2url - Tool to gather endpoints from an APK
apk2url is a tool that can be useful for developers, pentesters and redteamers for information gathering purposes. This tool gathers IP and URL endpoints from an APK using decompiling and disassembly.
You never know what you can find =)
Try it out:
https://github.com/n0mi1k/apk2url
🗣n0mi1k
Thanks for sharing, i’ll have to check this out!
Any idea on if it captures deeplinks too?
Edit: just saw you wrote it, i’ll give it a go an pass any suggestions if you’d like.
👤Killco_Joe
🎖@malwr
apk2url is a tool that can be useful for developers, pentesters and redteamers for information gathering purposes. This tool gathers IP and URL endpoints from an APK using decompiling and disassembly.
You never know what you can find =)
Try it out:
https://github.com/n0mi1k/apk2url
🗣n0mi1k
Thanks for sharing, i’ll have to check this out!
Any idea on if it captures deeplinks too?
Edit: just saw you wrote it, i’ll give it a go an pass any suggestions if you’d like.
👤Killco_Joe
🎖@malwr
GitHub
GitHub - n0mi1k/apk2url: An OSINT tool to quickly extract IP and URL endpoints from APKs by disassembling and decompiling
An OSINT tool to quickly extract IP and URL endpoints from APKs by disassembling and decompiling - n0mi1k/apk2url
Looking for SIEM advice.
I attend a cybersecurity club at my uni, and I'm researching for which SIEM to pick. Turns out we have Graylog planned for logging, and Wazuh I don't even know for what purpose. Then there's a third server that's purpose is SIEM.
My criteria is that the SIEM is free, works well in a Windows environment, and probably isn't one of the two mentioned. We have teams (Windows, Linux, Networking) and there are probably around 20-30 people total in the club.
So what I'm asking is what SIEM is the best for our purposes?
🗣SufficientPeanut7420
Student? Check out security onion. It's a Linux distro with a whole bunch of tools for capture, log aggregation and analysis. Basically, open source SIEM.
It has a learning curve, but you can just start with some small tools and expand out. If you get a handle on it, it sets you up great for using other tools, too.
👤homelaberator
Wazuh fits yours case and you already have it. You dont need graylog and Wazuh. Most siems are 1000s, if your budget is zero you certainly won’t be in the Splunk and Alienvault realms.
👤AngrySpaceBadger
SIEM is definitely one of those technologies that require a lot of upfront development/engineering just to get into a working state.
Realistically I’d see if your schools IT department will be able to sponsor a small instance with a commercial vendor for the best experience.
👤GeneralRechs
🎖@malwr
I attend a cybersecurity club at my uni, and I'm researching for which SIEM to pick. Turns out we have Graylog planned for logging, and Wazuh I don't even know for what purpose. Then there's a third server that's purpose is SIEM.
My criteria is that the SIEM is free, works well in a Windows environment, and probably isn't one of the two mentioned. We have teams (Windows, Linux, Networking) and there are probably around 20-30 people total in the club.
So what I'm asking is what SIEM is the best for our purposes?
🗣SufficientPeanut7420
Student? Check out security onion. It's a Linux distro with a whole bunch of tools for capture, log aggregation and analysis. Basically, open source SIEM.
It has a learning curve, but you can just start with some small tools and expand out. If you get a handle on it, it sets you up great for using other tools, too.
👤homelaberator
Wazuh fits yours case and you already have it. You dont need graylog and Wazuh. Most siems are 1000s, if your budget is zero you certainly won’t be in the Splunk and Alienvault realms.
👤AngrySpaceBadger
SIEM is definitely one of those technologies that require a lot of upfront development/engineering just to get into a working state.
Realistically I’d see if your schools IT department will be able to sponsor a small instance with a commercial vendor for the best experience.
👤GeneralRechs
🎖@malwr
Reddit
From the AskNetsec community on Reddit
Explore this post and more from the AskNetsec community
🌐 "WebPalm: Unleash Website Secrets for Cybersecurity!" 🌐
🔎 Discover WebPalm : Unleash Website Secrets! 🌐
Attention Cybersecurity Enthusiasts! 🛡️
Introducing WebPalm, the powerful command-line tool that unlocks the hidden treasures of websites! 🕵️♂️ Traverse websites, create a complete tree of webpages and links, and explore their interconnectedness like never before.
🔍 Extract Data with Ease: WebPalm can use regular expressions to extract data from webpage bodies, perfect for web scraping and gathering valuable information.
🚀 Fast and Reliable: Enjoy a seamless experience with lightning-fast performance and colorized output for easy error handling.
Join the exploration at:webpalm
Unleash the potential of WebPalm responsibly and dive into the fascinating world of website secrets! 🌟
🗣Adventurous_Dance527
🎖@malwr
🔎 Discover WebPalm : Unleash Website Secrets! 🌐
Attention Cybersecurity Enthusiasts! 🛡️
Introducing WebPalm, the powerful command-line tool that unlocks the hidden treasures of websites! 🕵️♂️ Traverse websites, create a complete tree of webpages and links, and explore their interconnectedness like never before.
🔍 Extract Data with Ease: WebPalm can use regular expressions to extract data from webpage bodies, perfect for web scraping and gathering valuable information.
🚀 Fast and Reliable: Enjoy a seamless experience with lightning-fast performance and colorized output for easy error handling.
Join the exploration at:webpalm
Unleash the potential of WebPalm responsibly and dive into the fascinating world of website secrets! 🌟
🗣Adventurous_Dance527
🎖@malwr
GitHub
GitHub - XORbit01/webpalm: 🕸️ Crawl in the web network
🕸️ Crawl in the web network. Contribute to XORbit01/webpalm development by creating an account on GitHub.
👍1
Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
Trustwave
Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector
The healthcare sector has been under constant threat from cybercriminals due to the sensitive nature of patient data and the valuable information held by healthcare providers. This blog analyzes the ransomware landscape for the healthcare sector for the years…
Within incident response, who are the people who actually analyze/reverse the malware sample?
Unfamiliar with the process, but was looking to learn some new skills soon.
🗣HalfQuarter1250
Well anyone with skill, the role doesn't meters and it all depends ofc on complexity. I would say that such specific role is needed only if reversing is done on daily basis... but I would find that hard to believe unless the company is focused on RM. Most of companies, I would assume have analysts that have a strong and weak sides and they do multiple various tasks base on them...It's similar to programmers...some do frontend some to backend programming, some do both - in cyber is just a little more devided by skillet
👤4n6mole
Not to detract from the conversation, but I couldn’t help but notice that nobody has mentioned that in many cases identifying malicious files and code can be performed by several tools specifically designed to analyze payloads and detonate them in a sandboxed environments.
As others have mentioned out side of an AV company or perhaps a larger enterprise/agency, these tools can fill in as “good enough” solutions for budget conscious organizations.
Virus Total.
Any.Run
OPSWAT FileScan.
and a handful of other services with analysis and TI built right in.
👤Missing_Space_Cadet
Some people hire 3rd party malware analyst. Crowdstrike, red canary, mandiant are some examples of these service providers who will bill you either by the hour or per sample.
Some bigger companies have incident responders who specialize in malware analysis so that the same person responding to the incident is also capable of doing the analysis. Some companies also have an entire team that specializes in malware analysis. This team may also include software engineers who develop internal tools to help conduct and facilitate such analysis.
I've worked as a security engineer for companies that span across all of the above
👤_xpendable_
🎖@malwr
Unfamiliar with the process, but was looking to learn some new skills soon.
🗣HalfQuarter1250
Well anyone with skill, the role doesn't meters and it all depends ofc on complexity. I would say that such specific role is needed only if reversing is done on daily basis... but I would find that hard to believe unless the company is focused on RM. Most of companies, I would assume have analysts that have a strong and weak sides and they do multiple various tasks base on them...It's similar to programmers...some do frontend some to backend programming, some do both - in cyber is just a little more devided by skillet
👤4n6mole
Not to detract from the conversation, but I couldn’t help but notice that nobody has mentioned that in many cases identifying malicious files and code can be performed by several tools specifically designed to analyze payloads and detonate them in a sandboxed environments.
As others have mentioned out side of an AV company or perhaps a larger enterprise/agency, these tools can fill in as “good enough” solutions for budget conscious organizations.
Virus Total.
Any.Run
OPSWAT FileScan.
and a handful of other services with analysis and TI built right in.
👤Missing_Space_Cadet
Some people hire 3rd party malware analyst. Crowdstrike, red canary, mandiant are some examples of these service providers who will bill you either by the hour or per sample.
Some bigger companies have incident responders who specialize in malware analysis so that the same person responding to the incident is also capable of doing the analysis. Some companies also have an entire team that specializes in malware analysis. This team may also include software engineers who develop internal tools to help conduct and facilitate such analysis.
I've worked as a security engineer for companies that span across all of the above
👤_xpendable_
🎖@malwr
Reddit
From the cybersecurity community on Reddit
Explore this post and more from the cybersecurity community