Boost this channel to help it unlock additional features.

APT Stately Taurus (aka Mustang Panda) conducted cyberespionage against a Southeast Asian government, including data exfiltration from compromised networks.

A phony proof-of-concept (PoC) code for CVE-2023-40477 delivered a payload of VenomRAT. We detail our findings, including an analysis of the malicious code.

We analyze waves of attacks on a Southeast Asian government linked to Alloy Taurus. By exploiting exchange servers, the attackers established a foothold for long-term espionage.

Threat activity targeting a Southeast Asian government could provide insight into the workings of APT Gelsemium. We examine the rare TTPs we observed in two attacks.

A tool for checking the security hardening options of the Linux kernel - a13xp0p0v/kernel-hardening-checker

RunPE implementation with multiple evasive techniques (1) - Maldev-Academy/MaldevAcademyLdr.1

DHS outlined a series of actionable recommendations on how the federal government can streamline and harmonize the reporting of cyber incidents to better protect the nation’s critical infrastructure. These recommendations provide a clear path forward for…

Sonatype tracks an ongoing campaign that uses npm packages to retrieve and exfiltrate Kubernetes configuration and SSH keys to an external server

Key Takeaways Proofpoint has observed an increase in activity from specific malware families targeting Chinese-language speakers. Campaigns include Chinese-language lures and malware

FIRST CTI Symposium 2023 will take place from 6 to 8 November in Berlin. There will be one day of training followed by two days of plenary sessions. This event will be open to both FIRST members an…

HVNC Attacks allow attackers to work comfortably on their victims’ machines. Let’s investigate such attacks.

This Threat Intelligence Report examines ransomware groups that have shifted their focus towards data extortion & explores the reasons behind this change.

Back in the late 1970s, the most popular memory chip was Mostek's MK4116, holding a whopping (for the time) 16 kilobits. It provided stor...

Additions

Added a command line interface to ImHex. Huge thanks to @iTrooz

Get started by typing imhex --help


Added initial support for .NET scripts

These scripts are meant to be a cross-platfo...

Boost this channel to help it unlock additional features.

In 2022, The DFIR Report observed an increase in the adversarial usage of Remote Management and Monitoring (RMM) tools. When compared to post-exploitation channels that heavily rely on terminals, s…