Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
While analyzing a Lazarus attack luring employees of an aerospace company, ESET researchers discovered a publicly undocumented backdoor
https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/
๐@malwr
While analyzing a Lazarus attack luring employees of an aerospace company, ESET researchers discovered a publicly undocumented backdoor
https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/
๐@malwr
Welivesecurity
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
ESET researchers uncover a Lazarus attack against an aerospace company in Spain, where the group deployed several tools, including a publicly undocumented backdoor we named LightlessCan.
โค1
RetrievIR - PowerShell script to assist DFIR teams with the collection of live-system evidence
๐ฃpanscanner
Hey everyone - posting a new tool I've been working on to help blue team operators capture evidence from live systems - most operations are described in the readme, most common use-case is likely running RetrievIR.ps1 from an administrative prompt like 'retrievir.ps1 -tags sans_triage' - this will capture most artifacts described in the KAPE SANS Triage package.
Please let me know if there are any questions/feedback! It is still a WIP but very much functional - I created this because I love KAPE but the enterprise license sometimes holds me back from using it in certain situations. I am also working on the ingestion of tkape configuration files.
๐คpanscanner
๐@malwr
๐ฃpanscanner
Hey everyone - posting a new tool I've been working on to help blue team operators capture evidence from live systems - most operations are described in the readme, most common use-case is likely running RetrievIR.ps1 from an administrative prompt like 'retrievir.ps1 -tags sans_triage' - this will capture most artifacts described in the KAPE SANS Triage package.
Please let me know if there are any questions/feedback! It is still a WIP but very much functional - I created this because I love KAPE but the enterprise license sometimes holds me back from using it in certain situations. I am also working on the ingestion of tkape configuration files.
๐คpanscanner
๐@malwr
GitHub
GitHub - joeavanzato/RetrievIR: PowerShell script designed to help Incident Responders collect forensic evidence from local andโฆ
PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices. - joeavanzato/RetrievIR
A Call To Action: Building the Cyber Workforce the Nation Needs | ONCD | The White House
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
The White House
A Call To Action: Building the Cyber Workforce the Nation Needs
By Kemba Walden, Acting National Cyber Director October is Cybersecurity Awareness Month and Iโd like to reflect on our collective responsibility to defend our country, serve our communities, and protect our families. Digital technologies today touch nearlyโฆ
Public Preview: Strictly Enforce Location Policies with Continuous Access Evaluation
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
TECHCOMMUNITY.MICROSOFT.COM
Public Preview: Strictly Enforce Location Policies with Continuous Access Evaluation
Strictly enforce location policies using continuous access evaluation is now in public preview!โ
CVE-2023-29357: Microsoft SharePoint Server Elevation of Privilege Vulnerability
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
GitHub
GitHub - Chocapikk/CVE-2023-29357: Microsoft SharePoint Server Elevation of Privilege Vulnerability
Microsoft SharePoint Server Elevation of Privilege Vulnerability - Chocapikk/CVE-2023-29357
Open-Source Remote Access Trojan Targets Armenian Airport and State Institutions - from Sept 22
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
CyberHUB-AM
Open-Source Remote Access Trojan Targets Armenian Airport and State Institutions - CyberHUB-AM
Threat-researchers at CyberHUB-AM, with the support from Internewsโ Martijn Grooten, are tracking [โฆ]
Strengthening Your Defense Against IdP (Identity Provider)Attacks: Leveraging Google Workspace Admin Logs - pay to play in some cases
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
Medium
Strengthening Your Defense Against IdP (Identity Provider)Attacks: Leveraging Google Workspaceโฆ
In recent times, identity service provider (IdP) attacks have surged, impacting even major providers like Okta, Cloudflare, and Microsoftโฆ
Critical Vulnerabilities in Progress Software WS_FTP Server - exploitable with a single HTTPS POST request and a pre-existing ysoserial.net gadget - exploitation observed
๐ฃdigicat
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 vendor advisory
๐คdigicat
https://x.com/MCKSysAr/status/1707855204647899194?s=20 < claimed exploit PoC
๐คdigicat
https://censys.com/cve-2023-40044/
๐คdigicat
๐@malwr
๐ฃdigicat
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 vendor advisory
๐คdigicat
https://x.com/MCKSysAr/status/1707855204647899194?s=20 < claimed exploit PoC
๐คdigicat
https://censys.com/cve-2023-40044/
๐คdigicat
๐@malwr
Rapid7
Critical Vulnerabilities in WS_FTP Server | Rapid7 Blog
Sub7 source code released - an old code but it checks out
๐ฃdigicat
Fond memories ๐ฅณ
๐คcastleinthesky86
๐@malwr
๐ฃdigicat
Fond memories ๐ฅณ
๐คcastleinthesky86
๐@malwr
GitLab
illwill / Sub7 ยท GitLab
Source code for SubSeven 2.1.3
๐2
Visual Studio Code: embedded reverse shell and how to block, create Sentinel Detection, and add Environment Prevention โ well more like ideas and concepts
Little summary I did when I worked on securing my lab/home network.
https://medium.com/@truvis.thornton/visual-studio-code-embedded-reverse-shell-and-how-to-block-create-sentinel-detection-and-add-e864ebafaf6d
๐ฃthattechkitten
๐@malwr
Little summary I did when I worked on securing my lab/home network.
https://medium.com/@truvis.thornton/visual-studio-code-embedded-reverse-shell-and-how-to-block-create-sentinel-detection-and-add-e864ebafaf6d
๐ฃthattechkitten
๐@malwr
Medium
Visual Studio Code: embedded reverse shell and how to block, create Sentinel Detection, and add Environment Prevention โ well moreโฆ
UPDATE: Looks like MS released GPO controls finally: https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/policies