which of following linux restriction features use from File path for applying restrictions ?
Anonymous Quiz
31%
SELinux
23%
Apparmor
23%
Applocker
0%
GRSecurity/Pax
23%
i don't Know :/
⭕ کسانی که علاقه به بحث Red Team دارن این دوتا لینک منابع خوبی هستند.
[+] Link one
[+] Link two
#Redteam
#Resource
@bitsecurityteam
[+] Link one
[+] Link two
#Redteam
#Resource
@bitsecurityteam
www.ired.team
What is ired.team notes? | Red Team Notes
These are notes about all things focusing on, but not limited to, red teaming and offensive security.
⭕ Most Prevalent Malware Files
⏰ Date : April 7-14, 2022
👨💻 Compiled By :
Talos Security Intelligence and research Groupe
SHA 256: e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934
MD5: 93fefc3e88ffb78abb36365fa5cf857c
VirusTotal: https://www.virustotal.com/gui/file/e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934/details
Typical Filename: Wextract
Claimed Product: Internet Explorer
Detection Name: PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg
SHA 256: 59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa
MD5: df11b3105df8d7c70e7b501e210e3cc3
VirusTotal: https://www.virustotal.com/gui/file/59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa/details
Typical Filename: DOC001.exe
Claimed Product: N/A
Detection Name: Win.Worm.Coinminer::1201
SHA 256: 12459a5e9afdb2dbff685c8c4e916bb15b34745d56ef5f778df99416d2749261
MD5: 3e2dbdfa5e58cb43cca56a3e077d50bf
VirusTotal: https://www.virustotal.com/gui/file/12459a5e9afdb2dbff685c8c4e916bb15b34745d56ef5f778df99416d2749261/details
Typical Filename: NirCmd.exe
Claimed Product: NirCmd
Detection Name: Win.PE.SocGholish.tii.Talos
SHA 256: 5616b94f1a40b49096e2f8f78d646891b45c649473a5b67b8beddac46ad398e1
MD5: 3e10a74a7613d1cae4b9749d7ec93515
VirusTotal: https://www.virustotal.com/gui/file/5616b94f1a40b49096e2f8f78d646891b45c649473a5b67b8beddac46ad398e1/details
Typical Filename: IMG001.exe
Claimed Product: N/A
Detection Name: Win.Dropper.Coinminer::1201
SHA 256: 792bc2254ce371be35fcba29b88a228d0c6e892f9a525c330bcbc4862b9765d0
MD5: b46b60327c12290e13b86e75d53114ae
VirusTotal: https://www.virustotal.com/gui/file/792bc2254ce371be35fcba29b88a228d0c6e892f9a525c330bcbc4862b9765d0/details
Typical Filename: NAPA_HQ_SetW10config.exe
Claimed Product: N/A
Detection Name: W32.File.MalParent
@Bitsecurityteam
⏰ Date : April 7-14, 2022
👨💻 Compiled By :
Talos Security Intelligence and research Groupe
SHA 256: e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934
MD5: 93fefc3e88ffb78abb36365fa5cf857c
VirusTotal: https://www.virustotal.com/gui/file/e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934/details
Typical Filename: Wextract
Claimed Product: Internet Explorer
Detection Name: PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg
SHA 256: 59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa
MD5: df11b3105df8d7c70e7b501e210e3cc3
VirusTotal: https://www.virustotal.com/gui/file/59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa/details
Typical Filename: DOC001.exe
Claimed Product: N/A
Detection Name: Win.Worm.Coinminer::1201
SHA 256: 12459a5e9afdb2dbff685c8c4e916bb15b34745d56ef5f778df99416d2749261
MD5: 3e2dbdfa5e58cb43cca56a3e077d50bf
VirusTotal: https://www.virustotal.com/gui/file/12459a5e9afdb2dbff685c8c4e916bb15b34745d56ef5f778df99416d2749261/details
Typical Filename: NirCmd.exe
Claimed Product: NirCmd
Detection Name: Win.PE.SocGholish.tii.Talos
SHA 256: 5616b94f1a40b49096e2f8f78d646891b45c649473a5b67b8beddac46ad398e1
MD5: 3e10a74a7613d1cae4b9749d7ec93515
VirusTotal: https://www.virustotal.com/gui/file/5616b94f1a40b49096e2f8f78d646891b45c649473a5b67b8beddac46ad398e1/details
Typical Filename: IMG001.exe
Claimed Product: N/A
Detection Name: Win.Dropper.Coinminer::1201
SHA 256: 792bc2254ce371be35fcba29b88a228d0c6e892f9a525c330bcbc4862b9765d0
MD5: b46b60327c12290e13b86e75d53114ae
VirusTotal: https://www.virustotal.com/gui/file/792bc2254ce371be35fcba29b88a228d0c6e892f9a525c330bcbc4862b9765d0/details
Typical Filename: NAPA_HQ_SetW10config.exe
Claimed Product: N/A
Detection Name: W32.File.MalParent
@Bitsecurityteam
⭕آسیب پذیری RCE در Hyper-V
♦️Title: Remote code execution vulnerabilities in Hyper-V, NFS part of Patch Tuesday
♦️Denoscription: Microsoft released its latest security update Tuesday, disclosing more than 140 vulnerabilities across its array of products. This is a departure from past Patch Tuesdays this year, which have only featured a few dozen vulnerabilities, and is the largest number of issues in a single Patch Tuesday since September 2020. Ten of these vulnerabilities are considered to be “critical,” while three others are listed as being of “moderate” severity and the remainder are considered “important.” There are also nine vulnerabilities that were first found in the Chromium web browser but affect Microsoft Edge, since it’s a Chromium-based browser. Edge users do not need to take any action to patch for these issues.
♦️References: https://blog.talosintelligence.com/2022/04/microsoft-patch-tuesday-includes-most.html
♦️SNORT® SIDs: 59497, 59498, 59511, 59512, 59519 - 59526, 59529 and 59530 - 59535
@Bitsecurityteam
♦️Title: Remote code execution vulnerabilities in Hyper-V, NFS part of Patch Tuesday
♦️Denoscription: Microsoft released its latest security update Tuesday, disclosing more than 140 vulnerabilities across its array of products. This is a departure from past Patch Tuesdays this year, which have only featured a few dozen vulnerabilities, and is the largest number of issues in a single Patch Tuesday since September 2020. Ten of these vulnerabilities are considered to be “critical,” while three others are listed as being of “moderate” severity and the remainder are considered “important.” There are also nine vulnerabilities that were first found in the Chromium web browser but affect Microsoft Edge, since it’s a Chromium-based browser. Edge users do not need to take any action to patch for these issues.
♦️References: https://blog.talosintelligence.com/2022/04/microsoft-patch-tuesday-includes-most.html
♦️SNORT® SIDs: 59497, 59498, 59511, 59512, 59519 - 59526, 59529 and 59530 - 59535
@Bitsecurityteam
Cisco Talos Blog
Microsoft Patch Tuesday includes most vulnerabilities since Sept. 2020
Microsoft released its latest security update Tuesday, disclosing more than 140 vulnerabilities across its array of products. This is a departure from past Patch Tuesdays this year, which have only featured a few dozen vulnerabilities, and is the largest…
آخرین باری که مطلب Defensive گذاشتیم یادم نیست ولی این برای شکارچی های تهدید هست😁
Link :Linux Threat Hunting
Link :Linux Threat Hunting
Gendigital
Linux Threat Hunting: ‘Syslogk’ a kernel rootkit found under development in the wild
Syslogk Rootkit Revealed: Analysis
کدام مورد از دیتا استریم های فرعی پشتیبانی میکند ؟
Anonymous Quiz
29%
CDFS
21%
XFS
50%
NTFS
0%
Fat16/32