Network Security Channel
@Engineer_Computer
Inside the Mind of a Hacker: 2023 Edition
گزارش مفيد و جذاب
Bugcrowd, one of the world's largest crowdsourced security platforms managing many bug bounty and vulnerability disclosure programs, analyzed 1000 survey responses from hackers on it's platform. These responses, combined with millions of proprietary data points on vulnerabilities collected across thousands of programs, were used to create this year's "Inside the Mind of a Hacker" report. Interesting stats include:
➡️ 5% of hackers are under 18, and only 10% over the age of 35
➡️ 93% of hackers are fluent in at least two languages
➡️ India and Bangladesh are the top 2 countries where hackers live
➡️ 96% are male
➡️ 77% of hackers report working in IT or cybersecurity
➡️ 75% of hackers identify non-financial factors as their main motivators
➡️ 91% of hackers expect AI to amplify the value of their work
➡️ 72% of hackers doubt AI will ever match their human creativity
Download report
https://www.bugcrowd.com/blog/inside-the-mind-of-a-hacker-2023-edi
@Engineer_Computer
گزارش مفيد و جذاب
Bugcrowd, one of the world's largest crowdsourced security platforms managing many bug bounty and vulnerability disclosure programs, analyzed 1000 survey responses from hackers on it's platform. These responses, combined with millions of proprietary data points on vulnerabilities collected across thousands of programs, were used to create this year's "Inside the Mind of a Hacker" report. Interesting stats include:
➡️ 5% of hackers are under 18, and only 10% over the age of 35
➡️ 93% of hackers are fluent in at least two languages
➡️ India and Bangladesh are the top 2 countries where hackers live
➡️ 96% are male
➡️ 77% of hackers report working in IT or cybersecurity
➡️ 75% of hackers identify non-financial factors as their main motivators
➡️ 91% of hackers expect AI to amplify the value of their work
➡️ 72% of hackers doubt AI will ever match their human creativity
Download report
https://www.bugcrowd.com/blog/inside-the-mind-of-a-hacker-2023-edi
@Engineer_Computer
Bugcrowd
Inside the Mind of a Hacker: 2023 Edition | @Bugcrowd
Insights and trends regarding the demographics, psychographics, and motivations of hackers, focusing on the ways hackers leverage generative AI.
توصیه هایی از ISC2 برای آزمون
https://www.isc2.org/Insights/2023/10/Exam-Prep-Hacked-Study-Tips-and-Tricks-that-Really-Work
@Engineer_Computer
https://www.isc2.org/Insights/2023/10/Exam-Prep-Hacked-Study-Tips-and-Tricks-that-Really-Work
@Engineer_Computer
www.isc2.org
Exam Prep Hacked: Study Tips and Tricks that Really Work
This blog shares study tips, resources, training options and more to help you build confidence so you’re ready on exam day.
تحقيقاتي که آشکار میسازد به احتمال زیاد سازمان NSA در تلاش برای ضعیف سازی و گذاشتن درب پشتی در استاندارد رمزنگاری پسا کوانتومی است .
https://blog.cr.yp.to/20231003-countcorrectly.html
https://www.newscientist.com/article/2396510-mathematician-warns-us-spies-may-be-weakening-next-gen-encryption/
@Engineer_Computer
https://blog.cr.yp.to/20231003-countcorrectly.html
https://www.newscientist.com/article/2396510-mathematician-warns-us-spies-may-be-weakening-next-gen-encryption/
@Engineer_Computer
New Scientist
Mathematician warns US spies may be weakening next-gen encryption
Quantum computers may soon be able to crack encryption methods in use today, so plans are already under way to replace them with new, secure algorithms. Now it seems the US National Security Agency may be undermining that process
مجموعه خوبی از چک لیست های مقاوم سازی
شما هم میتوانید در غنی کردن آن سهیم باشید
https://github.com/decalage2/awesome-security-hardening
@Engineer_Computer
شما هم میتوانید در غنی کردن آن سهیم باشید
https://github.com/decalage2/awesome-security-hardening
@Engineer_Computer
GitHub
GitHub - decalage2/awesome-security-hardening: A collection of awesome security hardening guides, tools and other resources
A collection of awesome security hardening guides, tools and other resources - decalage2/awesome-security-hardening
👍1
#COM #CnC #Koadic
چند سال پیش، یک خط فرمان و کنترلی در Github ثبت شد که در نوع خودش، یک CnC بسیار جالب بوده.
این CnC مبتنی بر Component Object Model های سیستم عامل کار میکرده و از ظرفیت سیستم عامل بر علیه خود آن استفاده می نمود.
دلیل جذابیت این CnC نیز همین است، که بواسطه COM ها اقدام به انجام فرامید مد نظر یک تیم قرمز میکرده است، ویژگی اصلی آن استفاده از تکنیک HTML Smuggling بوده که توسط ActiveXObject ها اعمال میشده است.
حالا بعد از گذشت چندین سال، هنوز این CnC که با نام Koadic شناخته میشود، قابلیت استفاده دارد، البته با کمی تغییر منابع آن.
نوع پیلود های ایجادی این CnC برپایه زبان JavaScript و VBScript بوده است، که بواسطه cnoscript.exe و wnoscript.exe قابلیت اجرایی پیدا میکرده است.
اما در کنار آن دو، میتوان نوع پیلود های ایجادی را بواسطه MSHTA.exe که اجراگر فایل فرمت HTA است، نیز ایجاد نمود.
این روش ها اساسا، برای دور زدن محصولاتی مانند آنتی ویروس بسیار کارا هستند چرا که میتوان یک بدافزار را به چند Stage مختلف تقسیم نمود و به فرمت های مشروع سیستم عامل...
@Engineer_Computer
چند سال پیش، یک خط فرمان و کنترلی در Github ثبت شد که در نوع خودش، یک CnC بسیار جالب بوده.
این CnC مبتنی بر Component Object Model های سیستم عامل کار میکرده و از ظرفیت سیستم عامل بر علیه خود آن استفاده می نمود.
دلیل جذابیت این CnC نیز همین است، که بواسطه COM ها اقدام به انجام فرامید مد نظر یک تیم قرمز میکرده است، ویژگی اصلی آن استفاده از تکنیک HTML Smuggling بوده که توسط ActiveXObject ها اعمال میشده است.
حالا بعد از گذشت چندین سال، هنوز این CnC که با نام Koadic شناخته میشود، قابلیت استفاده دارد، البته با کمی تغییر منابع آن.
نوع پیلود های ایجادی این CnC برپایه زبان JavaScript و VBScript بوده است، که بواسطه cnoscript.exe و wnoscript.exe قابلیت اجرایی پیدا میکرده است.
اما در کنار آن دو، میتوان نوع پیلود های ایجادی را بواسطه MSHTA.exe که اجراگر فایل فرمت HTA است، نیز ایجاد نمود.
این روش ها اساسا، برای دور زدن محصولاتی مانند آنتی ویروس بسیار کارا هستند چرا که میتوان یک بدافزار را به چند Stage مختلف تقسیم نمود و به فرمت های مشروع سیستم عامل...
@Engineer_Computer
#Article #ReverseEngineering
▪️R2R stomping Technique : Hides code from decompilation and debugging with dnSpy/dnSpyEx.
معرفی تکنیک R2R stomping جهت مخفی کردن کد ها و جلوگیری از دیکامپایل شدن برنامه های Net. و کد های IL در دیباگر dnSpy/dnSpyEx.
🦅@Engineer_Computer
▪️R2R stomping Technique : Hides code from decompilation and debugging with dnSpy/dnSpyEx.
معرفی تکنیک R2R stomping جهت مخفی کردن کد ها و جلوگیری از دیکامپایل شدن برنامه های Net. و کد های IL در دیباگر dnSpy/dnSpyEx.
🦅@Engineer_Computer
#Article #ReverseEngineering
▪️What really is the Entry Point of a .NET Module?
آیا کد های Net Main. واقعا اولین Entry Point مربوط به برنامه های Net. هست ؟ در مقاله جدید Washi به همین موضوع می پردازه و موارد زیر رو مورد بررسی قرار میده.
➖Program::Main()
➖Static Class Constructors (Program::.cctor)
➖Static Module Constructors (<Module>::.cctor)
➖External Module Constructors
➖COR20 Native Entry Point
@Engineer_Computer
▪️What really is the Entry Point of a .NET Module?
آیا کد های Net Main. واقعا اولین Entry Point مربوط به برنامه های Net. هست ؟ در مقاله جدید Washi به همین موضوع می پردازه و موارد زیر رو مورد بررسی قرار میده.
➖Program::Main()
➖Static Class Constructors (Program::.cctor)
➖Static Module Constructors (<Module>::.cctor)
➖External Module Constructors
➖COR20 Native Entry Point
@Engineer_Computer
#Tools #Exploiting
▪️A New Exploitation Technique for Visual Studio Projects
Tested version: 17.7.5 (VS2022 update at 2023.10)
این اولین بار نیست که از فایل پروژه های Visual Studio میشه بهره برداری کرد و کد های مخرب رو اجرا کرد. قبلا هم در سال 2021 گروه Lazarus APT از آسیب پذیری مشابه استفاده کرده بود و کد های مخرب رو در ساختار فایل پروژه اجرا میکرد.
این باگ نه تنها در ویژوال Visual Studio بلکه در JetBrains, VSCode و چند Text Editor وجود داره که باعث اجرای کد های مخرب در ساختار فایل پروژه میشه.
@Engineer_Computer
▪️A New Exploitation Technique for Visual Studio Projects
Tested version: 17.7.5 (VS2022 update at 2023.10)
این اولین بار نیست که از فایل پروژه های Visual Studio میشه بهره برداری کرد و کد های مخرب رو اجرا کرد. قبلا هم در سال 2021 گروه Lazarus APT از آسیب پذیری مشابه استفاده کرده بود و کد های مخرب رو در ساختار فایل پروژه اجرا میکرد.
این باگ نه تنها در ویژوال Visual Studio بلکه در JetBrains, VSCode و چند Text Editor وجود داره که باعث اجرای کد های مخرب در ساختار فایل پروژه میشه.
@Engineer_Computer
Media is too big
VIEW IN TELEGRAM
جلسه هجدهم :
Windows Forensics Analysis 3 :
Shell Items and Removeable Device Profiling
مباحث مطرح شده :
Removeable Device Profiling
@Engineer_Computer
Windows Forensics Analysis 3 :
Shell Items and Removeable Device Profiling
مباحث مطرح شده :
Removeable Device Profiling
@Engineer_Computer
گروه های هکتویست درگیر جنگ اسراییل و غزه
گویا گروه هکتویست CyberAv3ngers ادعا کرده DORAD (نیروگاه دوراد یک نیروگاه در اشکلون اسرائیل ) و همچنین سیستم توزیع سوخت ORPAK Systems هک کرده است.
@Engineer_Computer
گویا گروه هکتویست CyberAv3ngers ادعا کرده DORAD (نیروگاه دوراد یک نیروگاه در اشکلون اسرائیل ) و همچنین سیستم توزیع سوخت ORPAK Systems هک کرده است.
@Engineer_Computer
100 گروه هکری فعال در جنگ سایبری بین اسرائیل و فلسطین شناسایی شده اند. از این میان، 20 گروه طرفدار اسرائیل بوده و 77 گروه طرفدار فلسطین هستند. 3 گروه هم بی طرف بوده اند.
@Engineer_Computer
@Engineer_Computer
Crash Dump Error: How a Chinese Espionage Group Exploited Microsoft’s Mistakes
Redmond also acknowledged a failure of its internal systems to detect sensitive secrets leaking from crash dumps.
“The key material’s presence in the crash dump was not detected by our systems (this issue has been corrected),” the company said.
The company said the 2021 crash dump with signing key was subsequently moved from the isolated production network into its debugging environment on the internet connected corporate network.
@Engineer_Computer
Redmond also acknowledged a failure of its internal systems to detect sensitive secrets leaking from crash dumps.
“The key material’s presence in the crash dump was not detected by our systems (this issue has been corrected),” the company said.
The company said the 2021 crash dump with signing key was subsequently moved from the isolated production network into its debugging environment on the internet connected corporate network.
@Engineer_Computer
SecurityWeek
Crash Dump Error: How a Chinese Espionage Group Exploited Microsoft’s Mistakes
Microsoft reveals how a crash dump from 2021 inadvertently exposed a key that Chinese cyberspies later leveraged to hack US government emails.
Intro To Honeypots
There are also honeypots that exist as public services to collect and analyze various payloads.
While some of these services are simply built as a means for professionals (and cyber criminals) to test the detection rate of their payloads, they are equally leveraged as a means to distribute payloads to anti-virus companies and law enforcement looking to get an edge on new techniques used in the field.
@Engineer_Computer
There are also honeypots that exist as public services to collect and analyze various payloads.
While some of these services are simply built as a means for professionals (and cyber criminals) to test the detection rate of their payloads, they are equally leveraged as a means to distribute payloads to anti-virus companies and law enforcement looking to get an edge on new techniques used in the field.
@Engineer_Computer
OffSec
Intro To Honeypots
Honeypots remain a relatively unexplored concept beyond the realms of security research organizations. This is largely due to the stigma where these types
Researchers Discover Critical Vulnerability in PHPFusion CMS
"Exploitation of this vulnerability has effectively two requirements," says Matthew Hogg, software engineer at Synopsys' Software Integrity Group, who discovered the vulnerability.
One of them is that the attacker needs to be able to authenticate to at least a low-privileged account, and the other is that they need to know the vulnerable endpoint.
"By fulfilling both criteria, a malicious actor would be able to craft a payload to exploit this vulnerability," Hogg says.
@Engineer_Computer
"Exploitation of this vulnerability has effectively two requirements," says Matthew Hogg, software engineer at Synopsys' Software Integrity Group, who discovered the vulnerability.
One of them is that the attacker needs to be able to authenticate to at least a low-privileged account, and the other is that they need to know the vulnerable endpoint.
"By fulfilling both criteria, a malicious actor would be able to craft a payload to exploit this vulnerability," Hogg says.
@Engineer_Computer
Dark Reading
Researchers Discover Critical Vulnerability in PHPFusion CMS
No patch is available yet for the bug, which can enable remote code execution under the correct circumstances.
Why MSPs Should Focus Their Attention on Data Protection Services, Not Backup
Each additional backup solution means more cost and not reaping the benefits of scale that comes from serving many customers with the same solution.
Each solution means more complexity and more opportunity for something to go wrong.
When almost any other system goes wrong, the problem will be flagged immediately, usually by the customer complaining.
@Engineer_Computer
Each additional backup solution means more cost and not reaping the benefits of scale that comes from serving many customers with the same solution.
Each solution means more complexity and more opportunity for something to go wrong.
When almost any other system goes wrong, the problem will be flagged immediately, usually by the customer complaining.
@Engineer_Computer
ITPro
Why MSPs should focus their attention on data protection services, not backup
Accommodating for unique customer needs should be a key focus for channel partners
IBM Notifies Janssen CarePath Customers of Data Breach
IBM said that it was notified of the issue by Janssen on August 2, 2023 and that it promptly worked with the database provider to disable the technical method that was used to gain unauthorized access.
IBM also augmented security controls to reduce the chance of a similar event occurring in the future.
@Engineer_Computer
IBM said that it was notified of the issue by Janssen on August 2, 2023 and that it promptly worked with the database provider to disable the technical method that was used to gain unauthorized access.
IBM also augmented security controls to reduce the chance of a similar event occurring in the future.
@Engineer_Computer
Hackread
IBM Notifies Janssen CarePath Customers of Data Breach
Twitter @Hackread - Facebook @ /Hackread