Incident Response Methodologies 2022
https://github.com/certsocietegenerale/IRM
// EN/ES/FR/RU Versions
https://github.com/certsocietegenerale/IRM
// EN/ES/FR/RU Versions
GitHub
GitHub - certsocietegenerale/IRM: Incident Response Methodologies 2022
Incident Response Methodologies 2022. Contribute to certsocietegenerale/IRM development by creating an account on GitHub.
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg
https://blog.exodusintel.com/2022/12/19/linux-kernel-exploiting-a-netfilter-use-after-free-in-kmalloc-cg
https://blog.exodusintel.com/2022/12/19/linux-kernel-exploiting-a-netfilter-use-after-free-in-kmalloc-cg
Exodus Intelligence
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg - Exodus Intelligence
By Sergi Martinez Overview It’s been a while since our last technical blogpost, so here’s one right on time for the Christmas holidays. We describe a method to exploit a use-after-free in the Linux kernel when objects are allocated in a specific slab cache…
XLLing in Excel - Evolution of malicious XLLs
https://blog.talosintelligence.com/xlling-in-excel-malicious-add-ins
https://blog.talosintelligence.com/xlling-in-excel-malicious-add-ins
Cisco Talos Blog
Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins
As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.
CVE and PoC SearchBot - 0.5.0
@pocfather_bot
Bot helps to keep up to date with new CVEs and search new POC's
Added
▪️ New sources of information about CVE vendor/products: nvd.nist.gov and cve.org;
▪️ Feedback answer option.
Changed
▪️ App's architecture;
▪️ APIv2 from nvd.nist.gov is now used;
▪️ Changed message-broker software;
▪️ Default level now is set to ALL;
▪️ PoC search based on CVE description and vendor/product;
▪️ The manual query PoCs now uses the logical AND.
Fixed
▪️ Vendor/products duplication issue;
▪️ Settings menu errors;
▪️ Number of minor bugs.
@pocfather_bot
Bot helps to keep up to date with new CVEs and search new POC's
Added
▪️ New sources of information about CVE vendor/products: nvd.nist.gov and cve.org;
▪️ Feedback answer option.
Changed
▪️ App's architecture;
▪️ APIv2 from nvd.nist.gov is now used;
▪️ Changed message-broker software;
▪️ Default level now is set to ALL;
▪️ PoC search based on CVE description and vendor/product;
▪️ The manual query PoCs now uses the logical AND.
Fixed
▪️ Vendor/products duplication issue;
▪️ Settings menu errors;
▪️ Number of minor bugs.
🔥3
Evading Detection: A Beginner's Guide to Obfuscation - 2022
https://www.youtube.com/watch?v=wvKwk1wcXvM
https://www.youtube.com/watch?v=wvKwk1wcXvM
YouTube
Evading Detection: A Beginner's Guide to Obfuscation - 2022
Have you wanted to learn some more advanced Windows evasion techniques? Here is your chance to learn from the experts. This 2-hour long webinar will cover the basics of Windows Defenses such as Event and Script Block Logging, Anti-Malware Scan Interface (AMSI)…
#Conferences
TOP-20 Leading Cybersecurity Conferences in 2023:
1. IEEE S&P (July 3-7)
https://www.ieee-security.org/TC/EuroSP2023/accepted_and_awards.html
2. ENISA Cybersecurity Standardisation Conference
https://www.enisa.europa.eu/events/cybersecurity_standardisation_2023
3. USENIX Security (Aug. 9-11)
https://www.usenix.org/conference/usenixsecurity23
4. NDSS (27 Feb. - 03 Mar.)
https://www.internetsociety.org/events/ndss/2023
5. ESORICS (European Symposium on Research in Computer Security, Sept. 25-29)
https://www.esorics2023.org
6. Nullcon Berlin (March 9-10)
https://nullcon.net/berlin-2023
7. International Conference on Cybersecurity and Common Problems (ICCCP, Jan. 30-31)
https://waset.org/cybersecurity-and-common-problems-conference-in-january-2023-in-sydney
8. Pwn2Own Miami (Feb.14-16)
https://www.zerodayinitiative.com/Pwn2OwnMiami2023Rules.html
9. International Conference on Cybersecurity and Hacking (ICCH, Jan. 07-08)
https://conferenceindex.org/event/international-conference-on-cybersecurity-and-hacking-icch-2023-january-tokyo-jp
10. RSA Conference 2023 (Apr. 24-27)
https://www.rsaconference.com/usa
11. JSAC 2023 (Jan. 25-26)
https://jsac.jpcert.or.jp
12. SANS 2023 Cyber Security Training (Apr. 2-7)
https://www.sans.org/cyber-security-training-events/2023
13. IEEE Symposium on Security and Privacy (May 22-25)
https://sp2023.ieee-security.org
14. National Cyber Summit (Sep. 20-21)
https://www.nationalcybersummit.com
15. ACM WiSec 2023 (May 29 - June 1st)
https://wisec2023.surrey.ac.uk
16. Zer0Con (April, 2023)
https://zer0con.org/?ref=infosec-conferences.com
17. DEF CON 31 (Aug. 10-13)
https://defcon.org/html/defcon-31/dc-31-cfi.html
18. Black Hat
Spring Trainings (Mar. 13-16, 2023):
https://www.blackhat.com/tr-23
USA (Aug. 5-10, 2023): https://www.blackhat.com/upcoming.html#usa
Asia (May 9-12, 2023): https://www.blackhat.com/upcoming.html#asia
19. BSides SF 2023 (Apr.22-23)
https://bsidessf.org/cfp
20. European Interdisciplinary Cybersecurity Conference (EICC, Jun.14-15)
https://www.fvv.um.si/eicc2023
TOP-20 Leading Cybersecurity Conferences in 2023:
1. IEEE S&P (July 3-7)
https://www.ieee-security.org/TC/EuroSP2023/accepted_and_awards.html
2. ENISA Cybersecurity Standardisation Conference
https://www.enisa.europa.eu/events/cybersecurity_standardisation_2023
3. USENIX Security (Aug. 9-11)
https://www.usenix.org/conference/usenixsecurity23
4. NDSS (27 Feb. - 03 Mar.)
https://www.internetsociety.org/events/ndss/2023
5. ESORICS (European Symposium on Research in Computer Security, Sept. 25-29)
https://www.esorics2023.org
6. Nullcon Berlin (March 9-10)
https://nullcon.net/berlin-2023
7. International Conference on Cybersecurity and Common Problems (ICCCP, Jan. 30-31)
https://waset.org/cybersecurity-and-common-problems-conference-in-january-2023-in-sydney
8. Pwn2Own Miami (Feb.14-16)
https://www.zerodayinitiative.com/Pwn2OwnMiami2023Rules.html
9. International Conference on Cybersecurity and Hacking (ICCH, Jan. 07-08)
https://conferenceindex.org/event/international-conference-on-cybersecurity-and-hacking-icch-2023-january-tokyo-jp
10. RSA Conference 2023 (Apr. 24-27)
https://www.rsaconference.com/usa
11. JSAC 2023 (Jan. 25-26)
https://jsac.jpcert.or.jp
12. SANS 2023 Cyber Security Training (Apr. 2-7)
https://www.sans.org/cyber-security-training-events/2023
13. IEEE Symposium on Security and Privacy (May 22-25)
https://sp2023.ieee-security.org
14. National Cyber Summit (Sep. 20-21)
https://www.nationalcybersummit.com
15. ACM WiSec 2023 (May 29 - June 1st)
https://wisec2023.surrey.ac.uk
16. Zer0Con (April, 2023)
https://zer0con.org/?ref=infosec-conferences.com
17. DEF CON 31 (Aug. 10-13)
https://defcon.org/html/defcon-31/dc-31-cfi.html
18. Black Hat
Spring Trainings (Mar. 13-16, 2023):
https://www.blackhat.com/tr-23
USA (Aug. 5-10, 2023): https://www.blackhat.com/upcoming.html#usa
Asia (May 9-12, 2023): https://www.blackhat.com/upcoming.html#asia
19. BSides SF 2023 (Apr.22-23)
https://bsidessf.org/cfp
20. European Interdisciplinary Cybersecurity Conference (EICC, Jun.14-15)
https://www.fvv.um.si/eicc2023
ENISA
Cybersecurity Standardisation Conference 2023
European Standardisation in support of the EU cybersecurity legislation.
👍1
Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/malicious-macros-adapt-to-use-microsoft-publisher-to-push-ekipa-rat
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/malicious-macros-adapt-to-use-microsoft-publisher-to-push-ekipa-rat
Trustwave
Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT | Trustwave
After Microsoft announced this year that macros from the Internet will be blocked by default in Office , many threat actors have switched to different file types such as Windows Shortcut (LNK), ISO or ZIP files, to distribute their malware.
.NET Process injection in a new process with QueueUserAPC using D/invoke
https://gist.github.com/tothi/9cdd2be3b49cb42723726fd75df96471
https://gist.github.com/tothi/9cdd2be3b49cb42723726fd75df96471
Gist
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript - DInjectQueuerAPC.cs
Writing Windows Kernel Drivers for Advanced Persistence
https://v3ded.github.io/redteam/red-team-tactics-writing-windows-kernel-drivers-for-advanced-persistence-part-1
https://v3ded.github.io/redteam/red-team-tactics-writing-windows-kernel-drivers-for-advanced-persistence-part-1
v3ded.github.io
Red Team Tactics: Writing Windows Kernel Drivers for Advanced Persistence (Part 1)
Introduction This post, as indicated by the title, will cover the topic of writing Windows kernel drivers for advanced persistence. Because the subject matte...
1. All in One Hacking tool For Hackers
https://github.com/Z4nzu/hackingtool
2. Tools and Techniques for Red Team/Penetration Testing
https://github.com/A-poc/RedTeam-Tools
https://github.com/Z4nzu/hackingtool
2. Tools and Techniques for Red Team/Penetration Testing
https://github.com/A-poc/RedTeam-Tools
GitHub
GitHub - Z4nzu/hackingtool: ALL IN ONE Hacking Tool For Hackers
ALL IN ONE Hacking Tool For Hackers. Contribute to Z4nzu/hackingtool development by creating an account on GitHub.
👍1
Dimorf - ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´s
https://github.com/Ort0x36/Dimorf
https://github.com/Ort0x36/Dimorf
GitHub
GitHub - Ort0x36/Dimorf: Dimorf is a ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´s
Dimorf is a ransomware using 256-bit AES with a self-destructing, randomly generated key for Linux OS´s - Ort0x36/Dimorf
Breaking RSA with a Quantum Computer
https://www.schneier.com/blog/archives/2023/01/breaking-rsa-with-a-quantum-computer.html
https://www.schneier.com/blog/archives/2023/01/breaking-rsa-with-a-quantum-computer.html
OWASP Mobile Application Security Testing Guide (MASTG)
https://github.com/OWASP/owasp-mastg
https://github.com/OWASP/owasp-mastg
GitHub
GitHub - OWASP/mastg: The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security…
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA...
Powershell scripts for post exploitation
https://github.com/ItsCyberAli/PowerMeUp
https://github.com/ItsCyberAli/PowerMeUp
👍1🔥1
NASim.pdf
1.7 MB
"Autonomous Penetration Testing using Reinforcement Learning"
Network Attack Simulator: https://github.com/Jjschwartz/NetworkAttackSimulator
Network Attack Simulator: https://github.com/Jjschwartz/NetworkAttackSimulator
👍2
x64 binary obfuscator that is able to obfuscate various different PE files including:
.exe
.dll
.sys
https://github.com/weak1337/Alcatraz
.exe
.dll
.sys
https://github.com/weak1337/Alcatraz
GitHub
GitHub - weak1337/Alcatraz: x64 binary obfuscator
x64 binary obfuscator. Contribute to weak1337/Alcatraz development by creating an account on GitHub.