The Squirrel Strikes Back: Analysis of the newly emerged cobalt-strike loader “SquirrelWaffle”
https://elis531989.medium.com/the-squirrel-strikes-back-analysis-of-the-newly-emerged-cobalt-strike-loader-squirrelwaffle-937b73dbd9f9
https://elis531989.medium.com/the-squirrel-strikes-back-analysis-of-the-newly-emerged-cobalt-strike-loader-squirrelwaffle-937b73dbd9f9
Medium
The Squirrel Strikes Back: Analysis of the newly emerged cobalt-strike loader “SquirrelWaffle”
Since early-mid of September 2021, a new malware loader dubbed “Squirrelwaffle” has been discovered and observed delivering the attack…
HCRootkit / Sutersu Linux Rootkit Analysis
https://www.lacework.com/blog/hcrootkit-sutersu-linux-rootkit-analysis/
https://www.lacework.com/blog/hcrootkit-sutersu-linux-rootkit-analysis/
Fortinet
Cloud-Native Application Protection Platform (CNAPP)
Lacework FortiCNAPP is the most comprehensive cloud-native application protection platform available. AI-driven and organically developed, it empowers organizations to easily secure everything from code to cloud.
A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack
https://github.com/mgeeky/ThreadStackSpoofer
https://github.com/mgeeky/ThreadStackSpoofer
GitHub
GitHub - mgeeky/ThreadStackSpoofer: Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better…
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts. - mgeeky/ThreadStackSpoofer
Order of Six Angles
Open Source EDR https://github.com/0xrawsec/whids
чтото вроде sysmon на максималках
CVE-2021-34486: Event Tracing for Windows (ETW) TimerCallbackContext Object Use-After-Free Vulnerability
https://www.pixiepointsecurity.com/blog/cve-2021-34486.html
https://www.pixiepointsecurity.com/blog/cve-2021-34486.html
Reversing in action: Golang malware used in the SolarWinds attack
part1
https://www.youtube.com/watch?v=_cL-OwU9pFQ
part2
https://www.youtube.com/watch?v=YRqTrq11ebg
part1
https://www.youtube.com/watch?v=_cL-OwU9pFQ
part2
https://www.youtube.com/watch?v=YRqTrq11ebg
This repository contains Python scripts mainly written for malware research purposes
https://github.com/fboldewin/misc_malware
https://github.com/fboldewin/misc_malware
GitHub
GitHub - fboldewin/misc_malware
Contribute to fboldewin/misc_malware development by creating an account on GitHub.
Order of Six Angles
Этот чувак также публиковал в своем блоге, который я скидывал, статью про криптор https://www.guitmz.com/linux-elf-runtime-crypter/ И теперь его тулзу используют апт https://www.bleepingcomputer.com/news/security/linux-malware-authors-use-ezuri-golang-crypter…
Cloud Native Live: Hacking Kubernetes – Using fileless malware to breach K8s, bypassing common security tools and stealing your secrets
https://www.cncf.io/online-programs/this-week-in-cloud-native-hacking-kubernetes-using-fileless-malware-to-breach-k8s-bypassing-common-security-tools-and-stealing-your-secrets/
упоминание в подкасте
https://thecyberwire.com/podcasts/research-saturday/177/notes
https://www.cncf.io/online-programs/this-week-in-cloud-native-hacking-kubernetes-using-fileless-malware-to-breach-k8s-bypassing-common-security-tools-and-stealing-your-secrets/
упоминание в подкасте
https://thecyberwire.com/podcasts/research-saturday/177/notes
Cloud Native Computing Foundation
Cloud Native Live: Hacking Kubernetes - Using fileless malware to breach K8s, bypassing common security tools and stealing your…
In this live demo, we will use Ezuri, a memory loader, to penetrate K8s live environments, load a fileless malware, undetected by common security tools, and steal SSL keys. But not to worry…
Order of Six Angles
Part 3 https://0xinfection.github.io/posts/wmi-registry-part-3/
Offensive WMI - Reconnaissance & Enumeration (Part 4)
https://0xinfection.github.io/posts/wmi-recon-enum/
https://0xinfection.github.io/posts/wmi-recon-enum/
Forwarded from Devious Methods
Если есть:
1. прямой доступ к системе (445 open)
2. File upload
Можете загрузить scf файл и словить ntlm хеш с помощью responder.
#smb #responder #windows #redteam
https://pentestlab.blog/2017/12/13/smb-share-scf-file-attacks/
1. прямой доступ к системе (445 open)
2. File upload
Можете загрузить scf файл и словить ntlm хеш с помощью responder.
#smb #responder #windows #redteam
https://pentestlab.blog/2017/12/13/smb-share-scf-file-attacks/
Penetration Testing Lab
SMB Share – SCF File Attacks
SMB is a protocol which is widely used across organisations for file sharing purposes. It is not uncommon during internal penetration tests to discover a file share which contains sensitive informa…
Иногда надо погуглить статьи по конкретной АПТ группе||семейству малваре и из-за бурной фантазии авторов названий, гугл выдает всякую дичь. Чуваки замутили кастомный гугл поиск по всему, что связано с малварями (ссылка)
Можно взять исходник и дописать туда свои часто посещаемые блоги/сайты/тд
Слева - результат кастомного гугл поиска, справа - обычный
Можно взять исходник и дописать туда свои часто посещаемые блоги/сайты/тд
Слева - результат кастомного гугл поиска, справа - обычный
Module Stomping, No New Thread, HellsGate syscaller, UUID Dropper for x64 Windows 10
https://github.com/boku7/Ninja_UUID_Dropper
https://github.com/boku7/Ninja_UUID_Dropper
GitHub
GitHub - boku7/Ninja_UUID_Runner: Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!
Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10! - boku7/Ninja_UUID_Runner