DFIR
Incident Response:
IR on Microsoft Security Incidents (KQL edition)
https://kqlquery.com/posts/kql-incident-response
@Engineer_Computer
Incident Response:
IR on Microsoft Security Incidents (KQL edition)
https://kqlquery.com/posts/kql-incident-response
@Engineer_Computer
Microsoft Security Blogs - Kusto
Incident Response Part 1: IR on Microsoft Security Incidents (KQL edition)
Kusto Query Language (KQL) is a valuable tool to have in your incident response toolkit. This blog series is focusses on Incident Repsonse and consists of three different parts. The first blog: IR on Microsoft Security Incidents (KQL edition), describes how…
exploit
1. CVE-2023-5074:
D-Link D-View Authentication Bypass
https://github.com/codeb0ss/CVE-2023-5074-PoC
2. CVE-2023-38139:
Windows Kernel Refcount Overflow/UaF
https://packetstormsecurity.com/files/174849/Microsoft-Windows-Kernel-Refcount-Overflow-Use-After-Free.html
@Engineer_Computer
1. CVE-2023-5074:
D-Link D-View Authentication Bypass
https://github.com/codeb0ss/CVE-2023-5074-PoC
2. CVE-2023-38139:
Windows Kernel Refcount Overflow/UaF
https://packetstormsecurity.com/files/174849/Microsoft-Windows-Kernel-Refcount-Overflow-Use-After-Free.html
@Engineer_Computer
tools
Threat Research
Python Scripts to Exploit or Discover Network vulnerabilities and misconfiguration
https://github.com/aaaalmassri/Network_Hacking_Scripts
@Engineer_Computer
Threat Research
Python Scripts to Exploit or Discover Network vulnerabilities and misconfiguration
https://github.com/aaaalmassri/Network_Hacking_Scripts
@Engineer_Computer
GitHub
GitHub - aaaalmassri/Network_Hacking_Scripts: Python Prototype Scripts to Exploit or Discover Network vulnerabilities and misconfiguration.
Python Prototype Scripts to Exploit or Discover Network vulnerabilities and misconfiguration. - GitHub - aaaalmassri/Network_Hacking_Scripts: Python Prototype Scripts to Exploit or Discover Networ...
Inside the Mind of a Hacker: 2023 Edition
گزارش مفيد و جذاب
Bugcrowd, one of the world's largest crowdsourced security platforms managing many bug bounty and vulnerability disclosure programs, analyzed 1000 survey responses from hackers on it's platform. These responses, combined with millions of proprietary data points on vulnerabilities collected across thousands of programs, were used to create this year's "Inside the Mind of a Hacker" report. Interesting stats include:
➡️ 5% of hackers are under 18, and only 10% over the age of 35
➡️ 93% of hackers are fluent in at least two languages
➡️ India and Bangladesh are the top 2 countries where hackers live
➡️ 96% are male
➡️ 77% of hackers report working in IT or cybersecurity
➡️ 75% of hackers identify non-financial factors as their main motivators
➡️ 91% of hackers expect AI to amplify the value of their work
➡️ 72% of hackers doubt AI will ever match their human creativity
Download report
https://www.bugcrowd.com/blog/inside-the-mind-of-a-hacker-2023-edi
@Engineer_Computer
گزارش مفيد و جذاب
Bugcrowd, one of the world's largest crowdsourced security platforms managing many bug bounty and vulnerability disclosure programs, analyzed 1000 survey responses from hackers on it's platform. These responses, combined with millions of proprietary data points on vulnerabilities collected across thousands of programs, were used to create this year's "Inside the Mind of a Hacker" report. Interesting stats include:
➡️ 5% of hackers are under 18, and only 10% over the age of 35
➡️ 93% of hackers are fluent in at least two languages
➡️ India and Bangladesh are the top 2 countries where hackers live
➡️ 96% are male
➡️ 77% of hackers report working in IT or cybersecurity
➡️ 75% of hackers identify non-financial factors as their main motivators
➡️ 91% of hackers expect AI to amplify the value of their work
➡️ 72% of hackers doubt AI will ever match their human creativity
Download report
https://www.bugcrowd.com/blog/inside-the-mind-of-a-hacker-2023-edi
@Engineer_Computer
Bugcrowd
Inside the Mind of a Hacker: 2023 Edition | @Bugcrowd
Insights and trends regarding the demographics, psychographics, and motivations of hackers, focusing on the ways hackers leverage generative AI.
🔒Worried about AI-related threats? Join our panel discussion with cybersecurity experts:
- David Primor, Founder & CEO of Cynomi
- Elad Schulman, Founder & CEO of Lasso Security
... and learn practical security policies and practices to shield your clients.
https://thehacker.news/ai-llm-threats?source=social
@Engineer_Computer
- David Primor, Founder & CEO of Cynomi
- Elad Schulman, Founder & CEO of Lasso Security
... and learn practical security policies and practices to shield your clients.
https://thehacker.news/ai-llm-threats?source=social
@Engineer_Computer
thehacker.news
How vCISOs and MSSPs Can Protect their Clients from AI and LLM Related Risks
Join us to discover the tools and policies that can safeguard your business from the evolving threats of AI
⚡️ Gaza-based hacker group Storm-1133 targets Israeli energy, defense, and telecom. Microsoft's report exposes tactics, including employing LinkedIn fakes & dynamic C2 infra on Google Drive.
Read:
https://thehackernews.com/2023/10/gaza-linked-cyber-threat-actor-targets.html
🔐 Multiple high-severity vulnerabilities discovered in ConnectedIO's 3G/4G routers and cloud platform could let hackers execute malicious code and access sensitive data. Get the details:
https://thehackernews.com/2023/10/high-severity-flaws-in-connectedios.html
@Engineer_Computer
Read:
https://thehackernews.com/2023/10/gaza-linked-cyber-threat-actor-targets.html
🔐 Multiple high-severity vulnerabilities discovered in ConnectedIO's 3G/4G routers and cloud platform could let hackers execute malicious code and access sensitive data. Get the details:
https://thehackernews.com/2023/10/high-severity-flaws-in-connectedios.html
@Engineer_Computer
🔒 Hackers are exploiting the CVE-2023-3519 vulnerability in Citrix NetScaler devices for credential harvesting attacks.
Patch your systems ASAP! Read more: https://thehackernews.com/2023/10/citrix-devices-under-attack-netscaler.html
🚨 Heads up, Linux users! A new critical vulnerability in the libcue library exposes GNOME Linux systems to remote code execution (RCE) attacks.
Read details of CVE-2023-43641 here: https://thehackernews.com/2023/10/libcue-library-flaw-opens-gnome-linux.html
@Engineer_Computer
Patch your systems ASAP! Read more: https://thehackernews.com/2023/10/citrix-devices-under-attack-netscaler.html
🚨 Heads up, Linux users! A new critical vulnerability in the libcue library exposes GNOME Linux systems to remote code execution (RCE) attacks.
Read details of CVE-2023-43641 here: https://thehackernews.com/2023/10/libcue-library-flaw-opens-gnome-linux.html
@Engineer_Computer
Blue Team Techniques
1. Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence
https://github.com/ErikWynter/CVE-2023-22515-Scan
2. Scanner for CMS Joomla CVE-2023-23752
https://github.com/z3n70/CVE-2023-23752
@Engineer_Computer
1. Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence
https://github.com/ErikWynter/CVE-2023-22515-Scan
2. Scanner for CMS Joomla CVE-2023-23752
https://github.com/z3n70/CVE-2023-23752
@Engineer_Computer
GitHub
GitHub - ErikWynter/CVE-2023-22515-Scan: Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence
Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence - ErikWynter/CVE-2023-22515-Scan
🔑 Default password-free sign-ins for everyone. Google introduces passkeys for all users, simplifying your online security.
Learn all about it:
https://thehackernews.com/2023/10/google-adopts-passkeys-as-default-sign.html
🛑 A critical flaw (CVE-2023-22515) in Atlassian Confluence is being exploited by a nation-state actor, Storm-0062.
Read:
https://thehackernews.com/2023/10/microsoft-warns-of-nation-state-hackers.html
Upgrade to the latest versions ASAP to safeguard your data and systems.
@Engineer_Computer
Learn all about it:
https://thehackernews.com/2023/10/google-adopts-passkeys-as-default-sign.html
🛑 A critical flaw (CVE-2023-22515) in Atlassian Confluence is being exploited by a nation-state actor, Storm-0062.
Read:
https://thehackernews.com/2023/10/microsoft-warns-of-nation-state-hackers.html
Upgrade to the latest versions ASAP to safeguard your data and systems.
@Engineer_Computer
Network Security Channel
@Engineer_Computer
Inside the Mind of a Hacker: 2023 Edition
گزارش مفيد و جذاب
Bugcrowd, one of the world's largest crowdsourced security platforms managing many bug bounty and vulnerability disclosure programs, analyzed 1000 survey responses from hackers on it's platform. These responses, combined with millions of proprietary data points on vulnerabilities collected across thousands of programs, were used to create this year's "Inside the Mind of a Hacker" report. Interesting stats include:
➡️ 5% of hackers are under 18, and only 10% over the age of 35
➡️ 93% of hackers are fluent in at least two languages
➡️ India and Bangladesh are the top 2 countries where hackers live
➡️ 96% are male
➡️ 77% of hackers report working in IT or cybersecurity
➡️ 75% of hackers identify non-financial factors as their main motivators
➡️ 91% of hackers expect AI to amplify the value of their work
➡️ 72% of hackers doubt AI will ever match their human creativity
Download report
https://www.bugcrowd.com/blog/inside-the-mind-of-a-hacker-2023-edi
@Engineer_Computer
گزارش مفيد و جذاب
Bugcrowd, one of the world's largest crowdsourced security platforms managing many bug bounty and vulnerability disclosure programs, analyzed 1000 survey responses from hackers on it's platform. These responses, combined with millions of proprietary data points on vulnerabilities collected across thousands of programs, were used to create this year's "Inside the Mind of a Hacker" report. Interesting stats include:
➡️ 5% of hackers are under 18, and only 10% over the age of 35
➡️ 93% of hackers are fluent in at least two languages
➡️ India and Bangladesh are the top 2 countries where hackers live
➡️ 96% are male
➡️ 77% of hackers report working in IT or cybersecurity
➡️ 75% of hackers identify non-financial factors as their main motivators
➡️ 91% of hackers expect AI to amplify the value of their work
➡️ 72% of hackers doubt AI will ever match their human creativity
Download report
https://www.bugcrowd.com/blog/inside-the-mind-of-a-hacker-2023-edi
@Engineer_Computer
Bugcrowd
Inside the Mind of a Hacker: 2023 Edition | @Bugcrowd
Insights and trends regarding the demographics, psychographics, and motivations of hackers, focusing on the ways hackers leverage generative AI.
توصیه هایی از ISC2 برای آزمون
https://www.isc2.org/Insights/2023/10/Exam-Prep-Hacked-Study-Tips-and-Tricks-that-Really-Work
@Engineer_Computer
https://www.isc2.org/Insights/2023/10/Exam-Prep-Hacked-Study-Tips-and-Tricks-that-Really-Work
@Engineer_Computer
www.isc2.org
Exam Prep Hacked: Study Tips and Tricks that Really Work
This blog shares study tips, resources, training options and more to help you build confidence so you’re ready on exam day.
تحقيقاتي که آشکار میسازد به احتمال زیاد سازمان NSA در تلاش برای ضعیف سازی و گذاشتن درب پشتی در استاندارد رمزنگاری پسا کوانتومی است .
https://blog.cr.yp.to/20231003-countcorrectly.html
https://www.newscientist.com/article/2396510-mathematician-warns-us-spies-may-be-weakening-next-gen-encryption/
@Engineer_Computer
https://blog.cr.yp.to/20231003-countcorrectly.html
https://www.newscientist.com/article/2396510-mathematician-warns-us-spies-may-be-weakening-next-gen-encryption/
@Engineer_Computer
New Scientist
Mathematician warns US spies may be weakening next-gen encryption
Quantum computers may soon be able to crack encryption methods in use today, so plans are already under way to replace them with new, secure algorithms. Now it seems the US National Security Agency may be undermining that process
مجموعه خوبی از چک لیست های مقاوم سازی
شما هم میتوانید در غنی کردن آن سهیم باشید
https://github.com/decalage2/awesome-security-hardening
@Engineer_Computer
شما هم میتوانید در غنی کردن آن سهیم باشید
https://github.com/decalage2/awesome-security-hardening
@Engineer_Computer
GitHub
GitHub - decalage2/awesome-security-hardening: A collection of awesome security hardening guides, tools and other resources
A collection of awesome security hardening guides, tools and other resources - decalage2/awesome-security-hardening
👍1
#COM #CnC #Koadic
چند سال پیش، یک خط فرمان و کنترلی در Github ثبت شد که در نوع خودش، یک CnC بسیار جالب بوده.
این CnC مبتنی بر Component Object Model های سیستم عامل کار میکرده و از ظرفیت سیستم عامل بر علیه خود آن استفاده می نمود.
دلیل جذابیت این CnC نیز همین است، که بواسطه COM ها اقدام به انجام فرامید مد نظر یک تیم قرمز میکرده است، ویژگی اصلی آن استفاده از تکنیک HTML Smuggling بوده که توسط ActiveXObject ها اعمال میشده است.
حالا بعد از گذشت چندین سال، هنوز این CnC که با نام Koadic شناخته میشود، قابلیت استفاده دارد، البته با کمی تغییر منابع آن.
نوع پیلود های ایجادی این CnC برپایه زبان JavaScript و VBScript بوده است، که بواسطه cnoscript.exe و wnoscript.exe قابلیت اجرایی پیدا میکرده است.
اما در کنار آن دو، میتوان نوع پیلود های ایجادی را بواسطه MSHTA.exe که اجراگر فایل فرمت HTA است، نیز ایجاد نمود.
این روش ها اساسا، برای دور زدن محصولاتی مانند آنتی ویروس بسیار کارا هستند چرا که میتوان یک بدافزار را به چند Stage مختلف تقسیم نمود و به فرمت های مشروع سیستم عامل...
@Engineer_Computer
چند سال پیش، یک خط فرمان و کنترلی در Github ثبت شد که در نوع خودش، یک CnC بسیار جالب بوده.
این CnC مبتنی بر Component Object Model های سیستم عامل کار میکرده و از ظرفیت سیستم عامل بر علیه خود آن استفاده می نمود.
دلیل جذابیت این CnC نیز همین است، که بواسطه COM ها اقدام به انجام فرامید مد نظر یک تیم قرمز میکرده است، ویژگی اصلی آن استفاده از تکنیک HTML Smuggling بوده که توسط ActiveXObject ها اعمال میشده است.
حالا بعد از گذشت چندین سال، هنوز این CnC که با نام Koadic شناخته میشود، قابلیت استفاده دارد، البته با کمی تغییر منابع آن.
نوع پیلود های ایجادی این CnC برپایه زبان JavaScript و VBScript بوده است، که بواسطه cnoscript.exe و wnoscript.exe قابلیت اجرایی پیدا میکرده است.
اما در کنار آن دو، میتوان نوع پیلود های ایجادی را بواسطه MSHTA.exe که اجراگر فایل فرمت HTA است، نیز ایجاد نمود.
این روش ها اساسا، برای دور زدن محصولاتی مانند آنتی ویروس بسیار کارا هستند چرا که میتوان یک بدافزار را به چند Stage مختلف تقسیم نمود و به فرمت های مشروع سیستم عامل...
@Engineer_Computer
#Article #ReverseEngineering
▪️R2R stomping Technique : Hides code from decompilation and debugging with dnSpy/dnSpyEx.
معرفی تکنیک R2R stomping جهت مخفی کردن کد ها و جلوگیری از دیکامپایل شدن برنامه های Net. و کد های IL در دیباگر dnSpy/dnSpyEx.
🦅@Engineer_Computer
▪️R2R stomping Technique : Hides code from decompilation and debugging with dnSpy/dnSpyEx.
معرفی تکنیک R2R stomping جهت مخفی کردن کد ها و جلوگیری از دیکامپایل شدن برنامه های Net. و کد های IL در دیباگر dnSpy/dnSpyEx.
🦅@Engineer_Computer