Hunting for Cobalt Strike in PCAP

In this video I analyze a pcap file from Triage with network traffic from Cobalt Strike Beacon using CapLoader. The video cannot be played in your browser. The pcap file and Cobalt Strike malware config can be downloaded from Recorded Future's Triage sandbox. Cobalt Strike Beacon configs can also be...

https://www.netresec.com/?page=Blog&month=2024-01&post=Hunting-for-Cobalt-Strike-in-PCAP


🎖@malwr

The Artemis security scanner

Artemis is an open-source security vulnerability scanner developed by CERT PL. It is built to look for website misconfigurations and vulnerabilities on a large number of sites. It automatically prepares reports that can be sent to the affected institutions. Thanks to its modular architecture, it can be used to combine the results of various other tools in a single dashboard.

https://cert.pl/en/posts/2024/01/artemis-security-scanner/


🎖@malwr

Private Eyes: China’s Embrace of Open-Source Military Intelligence

Using advanced technology, the People's Liberation Army (PLA) leverages open-source intelligence (OSINT) for military advantage.

https://www.recordedfuture.com/blog/private-eyes-chinas-embrace-open-source-military-intelligence


🎖@malwr

North Korea’s Cyber Strategy

Insikt Group analysis reveals that North Korea uses a cyber strategy centered around aggressive data collection and financial theft to primarily target Asia.

https://www.recordedfuture.com/blog/north-koreas-cyber-strategy


🎖@malwr

The Escalating Global Risk Environment for Submarine Cables

Explore the rising global risks to submarine cables from geopolitical tension, cyber threats, and expanding tech giant ownership.

https://www.recordedfuture.com/blog/escalating-global-risk-environment-submarine-cables


🎖@malwr

Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity

Insikt Group identified an application disseminated on a Telegram Channel used by members or supporters of the Hamas terrorist organization

https://www.recordedfuture.com/blog/hamas-application-infrastructure-reveals-possible-overlap-tag-63-iranian-threat-activity


🎖@malwr

Putin’s Potential Successors Part 2: Aleksey Dyumin

Explore Aleksey Dyumin, potential successor to Putin as Russian president, including his political strengths, weaknesses, and implications for Russia's future.

https://www.recordedfuture.com/blog/putins-potential-successors-part-2-aleksey-dyumin


🎖@malwr

The Escalating Global Risk Environment for Submarine Cables

Explore the rising global risks to submarine cables from geopolitical tension, cyber threats, and expanding tech giant ownership.

https://www.recordedfuture.com/escalating-global-risk-environment-submarine-cables


🎖@malwr

📍Forward posts to other groups 📍

Cracking the 2023 SANS Holiday Hack Challenge

From ChatNPT to Game Boys and space apps, this year’s challenge took us to the Geese Islands for another rollicking romp of fun

https://www.welivesecurity.com/en/cybersecurity/cracking-2023-sans-holiday-hack-challenge/


🎖@malwr

Video series discussing the major threat actor trends from 2023

In this video series, Talos’ Director of Threat Intelligence and Interdiction Matt Olney and Head of Outreach Nick Biasini share their insights on the most significant cybersecurity threats from the past year.

https://blog.talosintelligence.com/video-series/


🎖@malwr

Charting China’s Climb as a Leading Global Cyber Power

Chinese state-sponsored cyber operations have transformed, emerging as a more mature, stealthy, and coordinated threat than in previous years.

https://www.recordedfuture.com/charting-chinas-climb-leading-global-cyber-power


🎖@malwr

New decryptor for Babuk Tortilla ransomware variant released

Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor.

https://blog.talosintelligence.com/decryptor-babuk-tortilla/


🎖@malwr