NIST.SP.800-207.pdf
944.2 KB
استاندارد NIST در مورد زیرو تراست
@Engineer_Computer
@Engineer_Computer
کانال یوتیوب برای آموزش رایگان امنیت سیستم های کنترل صنعتی
@Engineer_Computer
از افزونه های هوش مصنوعی و زیر نویس برای درک بیشتر کمک بگیرید
** یکی از افزونه های جالب ، خلاصه نویس ویدئو میباشد که کمک میکند در اولین نگاه ، کلیت ویدئو بدستتان بیاید
https://m.youtube.com/channel/UCKO03V8KB-kgWedXTFdaEHA?cbrd=1
@Engineer_Computer
از افزونه های هوش مصنوعی و زیر نویس برای درک بیشتر کمک بگیرید
** یکی از افزونه های جالب ، خلاصه نویس ویدئو میباشد که کمک میکند در اولین نگاه ، کلیت ویدئو بدستتان بیاید
https://m.youtube.com/channel/UCKO03V8KB-kgWedXTFdaEHA?cbrd=1
دو نکته را در لینک زیر بیابید:
استفاده از سرویس به روزرسانی ویندوز برای تکمیل زنجیره حمله
نحوه و روشهای تشخیص گروههای APT که انجام دهنده نفوذ هستند ( دلایل انتساب ویروس و حمله به APT خاص)
@Engineer_Computer
https://thehackernews.com/2022/01/north-korean-hackers-using-windows.html?m=1
استفاده از سرویس به روزرسانی ویندوز برای تکمیل زنجیره حمله
نحوه و روشهای تشخیص گروههای APT که انجام دهنده نفوذ هستند ( دلایل انتساب ویروس و حمله به APT خاص)
@Engineer_Computer
https://thehackernews.com/2022/01/north-korean-hackers-using-windows.html?m=1
مقاله ای دارای امتیاز آموزشی برای دارندگان مدرک از سازمان ISC2
@Engineer_Computer
https://sosafe-awareness.com/resources/reports/the-biggest-challenges-for-security-leaders/?utm_term=cyber%20challenges&utm_campaign=DACH_EN_Non-branded_Q12023&utm_source=googlesearch&utm_medium=paid&hsa_acc=2315609737&hsa_cam=19642365313&hsa_grp=150586726490&hsa_ad=679712642136&hsa_src=g&hsa_tgt=kwd-298672121030&hsa_kw=cyber%20challenges&hsa_mt=b&hsa_net=adwords&hsa_ver=3&gad_source=1&gclid=Cj0KCQiAwP6sBhDAARIsAPfK_wZQZemuY-9le45dGMrVbL6oLYa9a8oeYaCEjWfonng8iy4-vC_AJzsaApRUEALw_wcB
@Engineer_Computer
https://sosafe-awareness.com/resources/reports/the-biggest-challenges-for-security-leaders/?utm_term=cyber%20challenges&utm_campaign=DACH_EN_Non-branded_Q12023&utm_source=googlesearch&utm_medium=paid&hsa_acc=2315609737&hsa_cam=19642365313&hsa_grp=150586726490&hsa_ad=679712642136&hsa_src=g&hsa_tgt=kwd-298672121030&hsa_kw=cyber%20challenges&hsa_mt=b&hsa_net=adwords&hsa_ver=3&gad_source=1&gclid=Cj0KCQiAwP6sBhDAARIsAPfK_wZQZemuY-9le45dGMrVbL6oLYa9a8oeYaCEjWfonng8iy4-vC_AJzsaApRUEALw_wcB
SoSafe
The Biggest Challenges for Security Leaders | White Paper
Join top cyber experts in our latest white paper, shaping the future of cybersecurity with valuable insights. Read now.
فریم ورک برای عمق بخشیدن به نفوذ بدون نیاز به نصب ابزار - اجرا در حافظه
@Engineer_Computer
Command Execution over Named-Pipes (SMB)
https://github.com/Leo4j/Amnesiac
@Engineer_Computer
Command Execution over Named-Pipes (SMB)
https://github.com/Leo4j/Amnesiac
GitHub
GitHub - Leo4j/Amnesiac: Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral…
Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments - Leo4j/Amnesiac
معماران امنیت بخوانند
@Engineer_Computer
Threat Modeling is critical to achieving design goals for system security and data privacy.
This document provides a catalog of capabilities to help you cultivate value from your Threat Modeling practice.
https://www.threatmodelingmanifesto.org/capabilities/
@Engineer_Computer
Threat Modeling is critical to achieving design goals for system security and data privacy.
This document provides a catalog of capabilities to help you cultivate value from your Threat Modeling practice.
https://www.threatmodelingmanifesto.org/capabilities/
www.threatmodelingmanifesto.org
Threat Modeling Capabilities
Documents a catalog of capabilities to help you cultivate value from your Threat Modeling practice.
تحلیل یه نفوذ با فالکن MDR
@Engineer_Computer
هدف: آشنایی با روش تحلیل
ایده برای تولید محصول
https://www.crowdstrike.com/blog/falcon-complete-thwarts-vanguard-panda-tradecraft/
@Engineer_Computer
هدف: آشنایی با روش تحلیل
ایده برای تولید محصول
https://www.crowdstrike.com/blog/falcon-complete-thwarts-vanguard-panda-tradecraft/
CrowdStrike.com
Business as Usual: Falcon Complete MDR Thwarts Novel VANGUARD PANDA (Volt Typhoon) Tradecraft
Read this blog post to learn how Falcon Complete detected and thwarted VANGUARD PANDA (Volt Typhoon) tradecraft.
https://techcommunity.microsoft.com/t5/windows-events/what-s-new-in-active-directory/ev-p/3971596
@Engineer_Computer
@Engineer_Computer
TECHCOMMUNITY.MICROSOFT.COM
What's new in Active Directory | Microsoft Technical Takeoff
Lean in as software developers from the Active Directory software engineering team dive into the latest improvements in Active Directory. We'll cover key...
Secure Coding Guidelines for Application Development.pdf
394 KB
راهنمایی های کلی برای کد نویسی امن
@Engineer_Computer
@Engineer_Computer
🔥2
CVE-2024-20674
Windows Kerberos Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674
https://nvd.nist.gov/vuln/detail/CVE-2024-20674
سیستم عامل های آسیب پذیر:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
@Engineer_Computer
Windows Kerberos Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674
https://nvd.nist.gov/vuln/detail/CVE-2024-20674
سیستم عامل های آسیب پذیر:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
@Engineer_Computer
IT Engineer with UAE experience.
The ideal candidate will possess the following skills and knowledge:
Key Requirements:
Helpdesk experience
Network expertise (switching, Firewall)
Active Directory proficiency
MS Azure knowledge
Clouding knowledge
Candidates with a valid driving license will be given more preference.
if you meet the above criteria please send your updated resume with your notice period, expected salary, and subject as IT Engineer to HR@dxcontracting.ae
@Engineer_Computer
The ideal candidate will possess the following skills and knowledge:
Key Requirements:
Helpdesk experience
Network expertise (switching, Firewall)
Active Directory proficiency
MS Azure knowledge
Clouding knowledge
Candidates with a valid driving license will be given more preference.
if you meet the above criteria please send your updated resume with your notice period, expected salary, and subject as IT Engineer to HR@dxcontracting.ae
@Engineer_Computer
اکانت شما در گوگل ؛ قابل دسترسی است.
آسیب پذیری که فعلا راهکار فنی ندارد.
اما راهکار موقت را در لینک زیر بخوانید .
@Engineer_Computer
https://www-malwarebytes-com.cdn.ampproject.org/c/s/www.malwarebytes.com/blog/news/2024/01/info-stealers-can-steal-cookies-for-permanent-access-to-your-google-account/amp
آسیب پذیری که فعلا راهکار فنی ندارد.
اما راهکار موقت را در لینک زیر بخوانید .
@Engineer_Computer
https://www-malwarebytes-com.cdn.ampproject.org/c/s/www.malwarebytes.com/blog/news/2024/01/info-stealers-can-steal-cookies-for-permanent-access-to-your-google-account/amp
Malwarebytes
Info-stealers can steal cookies for permanent access to your Google account
Several info-stealers have incorporated an exploit that allows them to gain permanent access to your Google account
تحلیلی از سوء استفاده از سایتهای مجاز در حوزه ذخیره سازی برای گسترش بدافزارها
@Engineer_Computer
https://www.cybereason.com/blog/research/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
@Engineer_Computer
https://www.cybereason.com/blog/research/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Cybereason
The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware
Cybereason is following an active campaign to deliver multiple different types of malware to victims all over the world. This attack is able to steal data, mine for cryptocurrency, and in specific cases deliver ransomware.
کپی کردن کارتهای RFID
@Engineer_Computer
https://covertaccessteam.substack.com/p/rfid-sleight-of-hand-covert-cloning
@Engineer_Computer
https://covertaccessteam.substack.com/p/rfid-sleight-of-hand-covert-cloning
Substack
RFID Sleight of Hand: Covert Cloning Techniques
On linkedin the other day I posted a video showing how an RFID card could be cloned without having a reader (eg I-copy,flipper,etc) directly on the card or using a long range reader somewhere offscreen.
❤1