DFIR 2022年事件回顾,报告篇幅较长,但比较有价值
https://thedfirreport.com/2023/03/06/2022-year-in-review/
https://thedfirreport.com/2023/03/06/2022-year-in-review/
The DFIR Report
2022 Year in Review - The DFIR Report
As we move into the new year, it’s important to reflect on some of the key changes and developments we observed and reported on in 2022. This year’s year-in-review report looks at the types of intrusions that have been most prevalent and the malware we have…
#安全验证
Donut 是一种位置独立代码,可以在内存中执行 VBScript、JScript、EXE、DLL 文件和 dotNET 程序集。 Donut 创建的模块可以从 HTTP 服务器暂存或直接嵌入加载程序本身。该模块可选择使用 Chaskey 块密码和 128 位随机生成的密钥进行加密。在文件加载并在内存中执行后,原始引用将被删除以阻止内存扫描程序。
https://github.com/TheWover/donut
Donut 是一种位置独立代码,可以在内存中执行 VBScript、JScript、EXE、DLL 文件和 dotNET 程序集。 Donut 创建的模块可以从 HTTP 服务器暂存或直接嵌入加载程序本身。该模块可选择使用 Chaskey 块密码和 128 位随机生成的密钥进行加密。在文件加载并在内存中执行后,原始引用将被删除以阻止内存扫描程序。
https://github.com/TheWover/donut
GitHub
GitHub - TheWover/donut: Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files,…
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters - TheWover/donut
Microsoft Security Response Center (MSRC) BlueHat 2023 security conference 视频
https://youtube.com/playlist?list=PLXkmvDo4MfusWp9f7IHT9xAPCkN2ZSm2L
https://youtube.com/playlist?list=PLXkmvDo4MfusWp9f7IHT9xAPCkN2ZSm2L
https://blog.eclecticiq.com/dark-pink-apt-group-strikes-government-entities-in-south-asian-countries
Eclecticiq
Dark Pink APT Group Strikes Government Entities in South Asian Countries
Multiple KamiKakaBot malware are used to target government entities in ASEAN countries. EclecticIQ Intelligence and Research team attribute it to APT group, Dark Pink.
OpenAI宣布推出了GPT-4,是一种大型多模态模型,可接收图像和文本输入,并输出文本结果。
https://openai.com/research/gpt-4
- ChatGPT plus用户,现在也可以通过下面访问GPT-4
https://chat.openai.com
- 加入 GPT-4 API 候补名单
https://openai.com/waitlist/gpt-4-api
- 仓库贡献人员可以获得优先 API 访问权限
https://github.com/openai/evals
https://openai.com/research/gpt-4
- ChatGPT plus用户,现在也可以通过下面访问GPT-4
https://chat.openai.com
- 加入 GPT-4 API 候补名单
https://openai.com/waitlist/gpt-4-api
- 仓库贡献人员可以获得优先 API 访问权限
https://github.com/openai/evals
OpenAI
GPT-4
We’ve created GPT-4, the latest milestone in OpenAI’s effort in scaling up deep learning. GPT-4 is a large multimodal model (accepting image and text inputs, emitting text outputs) that, while less capable than humans in many real-world scenarios, exhibits…
微软将 ChatGPT 使用的大语言模型带到了它的办公软件套装。软件巨头宣布了 Microsoft 365 Copilot,类似 GitHub Copilot,使用 AI 帮助办公软件用户提高生产力。365 Copilot 可以按照用户要求生成文档和演示文稿,分析 Excel 数据,摘要 Outlook 邮件,总结 Teams 中的讨论要点,自动化重复性工作,等等。微软将在未来几个月将 Copilot 提供给 Microsoft 365 用户。
坐等就好了。
坐等就好了。
windows10/11 rootkit
https://github.com/XaFF-XaFF/Black-Angel-Rootkit
https://github.com/XaFF-XaFF/Black-Angel-Rootkit
GitHub
GitHub - XaFF-XaFF/Black-Angel-Rootkit: Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled…
Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality. - XaFF-XaFF/Black-Angel-Rootkit