⚠️ WARNING : "A sophisticated threat actor" compromised the digital certificate 'Mimecast' provided to certain customers to connect its products securely with cloud-based #Microsoft 365 Exchange.
Read details here: https://thehackernews.com/2021/01/hackers-steal-mimecast-certificate-used.html
Read details here: https://thehackernews.com/2021/01/hackers-steal-mimecast-certificate-used.html
Intel adds hardware-enabled ransomware detection to its newly announced 11th generation Core vPro business-class processors.
Read: https://thehackernews.com/2021/01/intel-adds-hardware-enabled-ransomware.html
Read: https://thehackernews.com/2021/01/intel-adds-hardware-enabled-ransomware.html
Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin (Winnti or APT41) that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor.
https://thehackernews.com/2021/01/researchers-disclose-undocumented.html
https://thehackernews.com/2021/01/researchers-disclose-undocumented.html
5 Ways to Exploit a Domain Takeover Vulnerability
https://redhuntlabs.com/blog/5-ways-to-exploit-a-domain-takeover-vulnerability.html
https://redhuntlabs.com/blog/5-ways-to-exploit-a-domain-takeover-vulnerability.html
RedHunt Labs
5 Ways to Exploit a Domain Takeover Vulnerability - RedHunt Labs
Domain Takeover occurs when the organization did not renew its domain but still use it in their code and infrastructure. When the attacker registers the abandoned domain, they own the domain, including its subdomains and other types of DNS records.
👍1
AD Attack
1) Performing domain #recon using PS
https://stealthbits.com/blog/performing-domain-reconnaissance-using-powershell/
2) Attack mapping with #bloodhound
https://stealthbits.com/blog/local-admin-mapping-bloodhound/
3) Extracting passwd hashes
https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
4) Pass-the-hash attacks with #mimikatz
https://stealthbits.com/blog/passing-the-hash-with-mimikatz/
#Penetration_Testing
1) Performing domain #recon using PS
https://stealthbits.com/blog/performing-domain-reconnaissance-using-powershell/
2) Attack mapping with #bloodhound
https://stealthbits.com/blog/local-admin-mapping-bloodhound/
3) Extracting passwd hashes
https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
4) Pass-the-hash attacks with #mimikatz
https://stealthbits.com/blog/passing-the-hash-with-mimikatz/
#Penetration_Testing
Best writeup CTF hackthebox
https://github.com/Ignitetechnologies/HackTheBox-CTF-Writeups
https://github.com/Ignitetechnologies/HackTheBox-CTF-Writeups
GitHub
GitHub - Ignitetechnologies/HackTheBox-CTF-Writeups: This cheasheet is aimed at the CTF Players and Beginners to help them sort…
This cheasheet is aimed at the CTF Players and Beginners to help them sort Hack The Box Labs on the basis of Operating System and Difficulty. - Ignitetechnologies/HackTheBox-CTF-Writeups
'2022 Zero-Day In-the-Wild Exploitation…so far ', a blog post by Project-0 of Google.
https://googleprojectzero.blogspot.com/2022/06/2022-0-day-in-wild-exploitationso-far.html
https://googleprojectzero.blogspot.com/2022/06/2022-0-day-in-wild-exploitationso-far.html
Blogspot
2022 0-day In-the-Wild Exploitation…so far
Posted by Maddie Stone, Google Project Zero This blog post is an overview of a talk, “ 0-day In-the-Wild Exploitation in 2022…so far”,...