hakuin: A blazing fast Blind SQL Injection optimization and automation framework.
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
GitHub
GitHub - pruzko/hakuin: A blazing fast and fully configurable Blind SQL Injection optimization and automation framework.
A blazing fast and fully configurable Blind SQL Injection optimization and automation framework. - pruzko/hakuin
fit: FIT is a Python3 application for forensic acquisition of contents like web pages, emails, social media, etc. directly from the internet.
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
GitHub
GitHub - fit-project/fit: FIT is a modular suite of Python applications for digital forensic acquisition of online contents suchโฆ
FIT is a modular suite of Python applications for digital forensic acquisition of online contents such as web pages, emails, social media, and more. Each module can run independently or as part of ...
Infecciรณn en sitio web de e-commerce chileno - Infection on Chilean e-commerce website - after generating a connection to binance to be able to read a โsmart contractโ, you must execute whatever comes as a response through the โevalโ method.
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
FINSIN
Infecciรณn en sitio web de e-commerce chileno
Por un proceso de simple suerte, visitando a un sitio de e-commerce chileno, me encontrรฉ con un popup extraรฑo que me hizo recorrer una serie saltos y encontrar que el sitio habรญa sido comprometido โฆ
Swirl - An open-source search platform. It allows you to search and use AI to find the correct information quickly and easily.
๐ฃsearch_guy
๐@malwr
๐ฃsearch_guy
๐@malwr
GitHub
GitHub - swirlai/swirl-search: AI Search & RAG Without Moving Your Data. Get instant answers from your company's knowledge acrossโฆ
AI Search & RAG Without Moving Your Data. Get instant answers from your company's knowledge across 100+ apps while keeping data secure. Deploy in minutes, not months. - swirlai/swirl-search
2nd October โ Threat Intelligence Report
https://research.checkpoint.com/2023/2nd-october-threat-intelligence-report/
๐@malwr
https://research.checkpoint.com/2023/2nd-october-threat-intelligence-report/
๐@malwr
Check Point Research
2nd October โ Threat Intelligence Report - Check Point Research
For the latest discoveries in cyber research for the week of 2nd October, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Check Point researchers have detected a phishing campaign exploiting popular file-sharing program Dropbox.โฆ
Free SIEM to augment existing SIEM.
Currently we have SIEM (SAAS Solution) that covers all of our servers, switches, routers firewalls.
We do not collect logs for any of our workstations (3000 workstations) and I would like to have something but we do not have any budget to increase our existing SIEM capacity. I just want to have something incase I need to review logs on a workstations.
I was looking at Wazuh but it does not look like it will scale well with that many workstations.
Any recommendations?
๐ฃCritical_Egg_913
I'm going to be different and say, you don't need a siem to handle workstations. Get alerts out of your EDR and then use Velociraptor to query for logs and other events on workstations.
๐คmustacheride3
I just ran across gravwell.io I'm currently testing it out in a lab but it looks promising. It is free up to 14gb/day
๐คsemipvt
Graylog. Open Source Splunk.
๐คSLC_CA
๐@malwr
Currently we have SIEM (SAAS Solution) that covers all of our servers, switches, routers firewalls.
We do not collect logs for any of our workstations (3000 workstations) and I would like to have something but we do not have any budget to increase our existing SIEM capacity. I just want to have something incase I need to review logs on a workstations.
I was looking at Wazuh but it does not look like it will scale well with that many workstations.
Any recommendations?
๐ฃCritical_Egg_913
I'm going to be different and say, you don't need a siem to handle workstations. Get alerts out of your EDR and then use Velociraptor to query for logs and other events on workstations.
๐คmustacheride3
I just ran across gravwell.io I'm currently testing it out in a lab but it looks promising. It is free up to 14gb/day
๐คsemipvt
Graylog. Open Source Splunk.
๐คSLC_CA
๐@malwr
Reddit
From the cybersecurity community on Reddit
Explore this post and more from the cybersecurity community
Food delivery robots give captured video footage to police
https://www.malwarebytes.com/blog/news/2023/10/food-delivery-robots-give-captured-video-footage-to-police
๐@malwr
https://www.malwarebytes.com/blog/news/2023/10/food-delivery-robots-give-captured-video-footage-to-police
๐@malwr
Malwarebytes
Food delivery robots give captured video footage to police
A food delivery service that deploys semi-autonomous robots has worked with the police, handing over camera feeds captured while the robots are out and about.
Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement
๐ฃSCI_Rusher
๐@malwr
๐ฃSCI_Rusher
๐@malwr
Microsoft News
Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement
Microsoft identified an attack where attackers attempted to move laterally to a cloud environment through a SQL Server instance.
Letโs Go into the rabbit hole (part 1) โ the challenges of dynamically hooking Golang programs
๐ฃguedou
๐@malwr
๐ฃguedou
๐@malwr
Quarkslab
Letโs Go into the rabbit hole (part 1) โ the challenges of dynamically hooking Golang programs - Quarkslab's blog
Golang is the most used programming language for developing cloud technologies. Tools such as Kubernetes, Docker, Containerd and gVisor are written in Go. Despite the fact that the code of these programs is open source, there is no way to analyze and extendโฆ
MSIFortune - LPE with MSI Installers
A quite long blogpost about several types of LPEs which I found in the msi repair function.
There is a lot of different stuff, much more then Mandiant reveiled a few months ago.
Tested about 1000 msi which was quite time consuming.
https://badoption.eu/blog/2023/10/03/MSIFortune.html
๐ฃPfiatDe
๐@malwr
A quite long blogpost about several types of LPEs which I found in the msi repair function.
There is a lot of different stuff, much more then Mandiant reveiled a few months ago.
Tested about 1000 msi which was quite time consuming.
https://badoption.eu/blog/2023/10/03/MSIFortune.html
๐ฃPfiatDe
๐@malwr
Google Cloud Blog
Escalating Privileges via Third-Party Windows Installers | Mandiant | Google Cloud Blog
๐1
TargetCompany Ransomware Abuses FUD Obfuscator Packers
In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems.
https://www.trendmicro.com/en_us/research/23/h/targetcompany-ransomware-abuses-fud-obfuscator-packers.html
๐@malwr
In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems.
https://www.trendmicro.com/en_us/research/23/h/targetcompany-ransomware-abuses-fud-obfuscator-packers.html
๐@malwr
Trend Micro
TargetCompany Ransomware Abuses FUD Obfuscator Packers
In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems.
๐1
Remote Code Execution In PyTorch Model Server TorchServe
Remote Code Execution In PyTorch Model Server TorchServe
Oligo's research team has uncovered a chain of critical vulnerabilities, named ShellTorch, including CVE-2023-43654 (CVSS: 9.8) in the PyTorch model server TorchServe.
This flaw allows unauthorized access to #AI models and enables Remote Code Execution (RCE) leaving countless services and end-users at risk.
๐ฃBigBother59
๐@malwr
Remote Code Execution In PyTorch Model Server TorchServe
Oligo's research team has uncovered a chain of critical vulnerabilities, named ShellTorch, including CVE-2023-43654 (CVSS: 9.8) in the PyTorch model server TorchServe.
This flaw allows unauthorized access to #AI models and enables Remote Code Execution (RCE) leaving countless services and end-users at risk.
๐ฃBigBother59
๐@malwr
GitHub
GHSA-4mqg-h5jf-j9m7 - GitHub Advisory Database
TorchServe Pre-Auth Remote Code Execution
๐ฑ1