مستندی خواندنی از FireEye
@Engineer_Computer

#MyNote

چند روز پیش به یک پروژه در گیتهاب برخوردم، کتابخانه ای برای ایجاد BSOD در Rust با استفاده از توابع Undocumented.
حالا صرف نظر از اینکه چرا نویسنده همچین کتابخانه ای نوشته بریم یکم تحلیل کنیم.

ابتدا با استفاده از تابع بومی RtlAdjustPrivilige سطح دسترسی های لازم را برای پروسس فراهم میکنه، این تابع بخش از NTDLL.DLL هست.

در مرحله دوم با استفاده از تابع بومی NtRaiseHardError اقدام به ایجاد BSOD میکنه. این تابع هم بخشی از NTDLL.DLL هست.

توضیحات بیشتر :
به پارامتر های ورودی دقت کنید.
اینکار رو میشه با تابع بومی ZwRaiseHardError هم انجام داد.
الان میدونید که یکی از دلایل رخ دادن BSOD در یوزر مد چی میتونه باشه.

@Engineer_Computer

🔏Looney Tunables: POC for CVE-2023-4911
Local Privilege Escalation
🔗https://github.com/RickdeJager/CVE-2023-4911

#CVE
@Engineer_Computer

🎖Network Security
Best Practices

#Network #Book
@Engineer_Computer

👁 Sans OSINT Summit 2023.

اخیراً یکی از محبوب ترین اجلاس ها برای علاقه مندان و متخصصان OSINT برگزار شد - Sans OSINT Summit 2023 که در آن گزارش های مفید و اطلاعات منحصر به فردی ارائه شد.

• اما امروز صحبت از گزارش ها و سخنرانی ها نیست، بلکه صحبت از منابع و ابزارهایی است که در جریان مراسم ذکر شد.

• با دنبال کردن لینک می توانید نرم افزار مفید، وبلاگ متخصصان OSINT، و سایر اطلاعات منحصر به فرد را بیابید. :

🔗https://github.com/ranlo/osintsummit-2023-resources

#OSINT
@Engineer_Computer

هشدار در خصوص آسیب‌پذیری بحرانی در وب‌سرور IIS

✅ اولویت رسیدگی: فوری

آسیب‌پذیری افزایش سطح دسترسی در وب سرور IIS شرکت مایکروسافت، با شناسه: CVE-2023-36434 شناسایی شده است.

جزئیات به‌روز‌رسانی امنیتی در لینک زیر ارائه شده است:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434

مرکز مدیریت راهبردی افتا
@Engineer_Computer

📚Free Offensive Security Notes (OSCP, OSWE, OSEP, OSED)

1️⃣OSCP NOTES AD: google drive

2️⃣OSCP Notes : google drive

3️⃣OSWE Notes: google drive

4️⃣OSEP Notes: google drive

5️⃣OSED Notes: google drive

#Offensive_security
@Engineer_Computer

python noscripts #کتاب
#python #noscripts
@Engineer_Computer

Threat Advisory: Zero-Day Vulnerabilities Detected On Winrar

These vulnerabilities require user interaction for exploitation.

Remote attackers, with malicious intent, can execute arbitrary code on systems where WinRAR is installed.

The software’s functionality, which includes archive creation in RAR or ZIP file formats, displays and unpacks numerous archive file formats.

This further amplifies the potential for compromise as WinRAR’s ability to support the creation of encrypted archives, multi-part files, and self-extraction adds to the complexity of the situation.

Furthermore, file integrity is verified using CRC32 or BLAKE2 checksums for each file within an archive, highlighting the significance of these gaps in the system.


@Engineer_Computer

Social Engineering Attacks Target OKTA Customers To Achieve a Highly Privileged Role

Threat actors appeared to either have passwords to privileged user accounts or be able to manipulate the delegated authentication flow via Active Directory (AD) prior to calling the IT service desk.

The threat actor targeted Okta customers’ users assigned with Super Administrator permissions.

The attackers were spotted using anonymizing proxy services and an IP and device not previously associated with the user account to access the compromised account.


@Engineer_Computer

How to Conduct a Cloud Security Assessment

A cloud security assessment evaluates an organization's cloud infrastructure for the following:

- Overall security posture
- Identity and access management (IAM) policies
- Service provider security features
- Compliance
- Documentation
- Exposure to future threats

Threat modeling reviews should test against possible attacks and threats to the cloud environment, ease of attacks based on exposure and susceptibility, and the state of preventive and detective controls in place.

Organizations with multi-cloud deployments should expect to conduct separate threat modeling sessions for each respective cloud service.


@Engineer_Computer

What is Encrypted DNS Traffic?

The Trouble With Traditional DNS

Before diving into a denoscription of encrypted DNS traffic, we should probably talk about DNS traffic in general.

The Domain Name System (DNS) stands as a linchpin in our digital realm.

Think of it as an intricate directory for the Internet; its role is not just making online navigation intuitive for users but also augmenting the resilience of online services.

Universal DNS Traffic Encryption

The majority of encryption methods hinge on DNS resolvers that are configured for encryption.

However, these encryption-supporting resolvers comprise only a tiny fraction of the total.

Centralization or consolidation of DNS resolvers is a looming issue.

With limited options, this centralization creates tempting targets for malevolent entities or intrusive surveillance.


@Engineer_Computer

Mason Tenders’ District Council data breach class action settlement

The Mason Tenders’ District Council is a labor organization based in New York, serving more than 17,000 members, including construction workers, asbestos and hazardous materials handlers, Catholic high school teachers, and recycling and waste handlers, according to the council’s website.


@Engineer_Computer

Hackers Target High-Privileged Okta Accounts via Help Desk

The hackers then access compromised accounts using anonymizing proxy services and an IP and device not previously associated with the user account "to abuse legitimate identity federation features that enabled them to impersonate users within the compromised organization," according to the post.


@Engineer_Computer

GhostSec Leaks Source Code of Alleged Iranian Surveillance Tool

Behnama in particular is not just a tool, but "a powerful instrument of surveillance" that is used by the Iranian government, law enforcement agencies, and military personnel, GhostSec said, noting that its intention of exposing FANAP is "in the interests of the Iranian people, but also in the interests of protecting the privacy of each and every one of us."


@Engineer_Computer

United Airlines Says the Outage That Held Up Departing Flights Was Not a Cybersecurity Issue

By late afternoon Tuesday on the East Coast, United had canceled only seven flights, well below its average of about 16 per day over the busy Labor Day weekend, according to figures from tracking service FlightAware.

However, more than 350 United flights were delayed — 13% of the carrier’s schedule, far more than rivals American, Delta and Southwest — on a day that many holiday vacationers were expected to fly home.


@Engineer_Computer

Ransomware and Data Breaches: Impacts Continue to Grow Louder

I often get asked these questions (and more), and the answers can take months or years to be released after an event.

In some instances, the specific details remain hidden from public view — concealed inside the databases of cyber insurance companies or classified files guarded by three-letter government agencies.


@Engineer_Computer

As LotL Attacks Evolve, So Must Defenses

An LotL phishing attack's initial goal is a credential harvesting page where threat actors will steal a user's email address and password.

Once logged in, they do reconnaissance within the organization (including looking through that person's inbox for opportunities to commit a business email compromise attack).

For example, if the target is in finance, the threat actor may initiate a wire transfer or reroute invoicing traffic.

If the target is not high value, threat actors will pivot and attack that user's contacts to conduct a CHA or distribute malware by replying to legitimate conversations in the inbox.


@Engineer_Computer

DFIR
Incident Response:
IR on Microsoft Security Incidents (KQL edition)
https://kqlquery.com/posts/kql-incident-response

@Engineer_Computer