از کار انداختن لاگ گیری در ویندوز
کور کردن SOC
@Engineer_Computer
https://blog.palantir.com/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63
کور کردن SOC
@Engineer_Computer
https://blog.palantir.com/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63
Medium
Tampering with Windows Event Tracing: Background, Offense, and Defense
Event Tracing for Windows (ETW) is the mechanism Windows uses to trace and log system events. Attackers often clear event logs to cover…
کشف وب شل
برای کشف وب شل لازم است از خود IIS کمک بگیرید و تنظیماتی را برای لاگ گیری انجام دهید
در مقاله زیر مایکروسافت نگاهی تقریبا جامع به حوزه وب شل و IIS انداخته است
@Engineer_Computer
** اگراز بهترین SIEM ها هم استفاده کنید و برترین تجهیزات امنیتی را داشته باشید اما سرویس خودتان را نشناخته باشید و نسبت به فعالیت آن کور باشید فضا را به هکر باخته اید .
https://www.microsoft.com/en-us/security/blog/2022/12/12/iis-modules-the-evolution-of-web-shells-and-how-to-detect-them/
برای کشف وب شل لازم است از خود IIS کمک بگیرید و تنظیماتی را برای لاگ گیری انجام دهید
در مقاله زیر مایکروسافت نگاهی تقریبا جامع به حوزه وب شل و IIS انداخته است
@Engineer_Computer
** اگراز بهترین SIEM ها هم استفاده کنید و برترین تجهیزات امنیتی را داشته باشید اما سرویس خودتان را نشناخته باشید و نسبت به فعالیت آن کور باشید فضا را به هکر باخته اید .
https://www.microsoft.com/en-us/security/blog/2022/12/12/iis-modules-the-evolution-of-web-shells-and-how-to-detect-them/
Microsoft News
IIS modules: The evolution of web shells and how to detect them
This blog aims to provide further guidance on detecting malicious IIS modules and other capabilities that you can use during your own incident response investigations.
Identifying and Mitigating Living Off the Land Technique.pdf
2.4 MB
مقاله ۴۶ صفحه ای CISA و NSA و هفت سازمان دیگر در مورد تکنیکهای هکری مبتنی بر ابزارهای سیستم عامل
✅منتشر شده در فوریه ۲۰۲۴
مقاله ای که هر متخصص سطح ۲ در مرکز عملیات باید آنرا بخواند .
در این مقاله به اهمیت موارد زیر پی میبریم:
لاگ گیری با جزئیات
کشف و ضبط یک بیس لاین از سامانه ها و شبکه
انجام هاردنینگ
اتوماتیک کردن مانیتورینگ
@Engineer_Computer
✅منتشر شده در فوریه ۲۰۲۴
مقاله ای که هر متخصص سطح ۲ در مرکز عملیات باید آنرا بخواند .
در این مقاله به اهمیت موارد زیر پی میبریم:
لاگ گیری با جزئیات
کشف و ضبط یک بیس لاین از سامانه ها و شبکه
انجام هاردنینگ
اتوماتیک کردن مانیتورینگ
@Engineer_Computer
⭕️ پروژه ای توسعه داده شده که سمپل یک Rootkit برای استفاده توی پروژه های ردتیم کاربرد داره.
این پروژه با ++C توسعه داده شده و قابلیت ارتباط آسان با C2 مورد نظر ما را دارد.
از ویژگی های این پروژه میتوان به موارد زیر پرداخت:
#RedTeam #Rootkit #Maldev
@Engineer_Computer
این پروژه با ++C توسعه داده شده و قابلیت ارتباط آسان با C2 مورد نظر ما را دارد.
از ویژگی های این پروژه میتوان به موارد زیر پرداخت:
Current Features
Process hiding and unhiding
Process elevation
Process protection (anti-kill and dumping)
Bypass pe-sieve
Thread hiding and unhiding
Thread protection (anti-kill)
File protection (anti-deletion and overwriting)
Registry keys and values protection (anti-deletion and overwriting)
Registry keys and values hiding
Querying currently protected processes, threads, files, hidden ports, registry keys and values
Function patching
Built-in AMSI bypass
Built-in ETW patch
Process signature (PP/PPL) modification
Can be reflectively loaded
Shellcode Injection
APC
NtCreateThreadEx
DLL Injection
APC
NtCreateThreadEx
Querying kernel callbacks
ObCallbacks
Process and thread creation routines
Image loading routines
Registry callbacks
Removing and restoring kernel callbacks
ETWTI tampering
Module hiding
Driver hiding and unhiding
Credential Dumping
Port hiding/unhiding
Script execution
Initial operations
#RedTeam #Rootkit #Maldev
@Engineer_Computer
GitHub
GitHub - Idov31/Nidhogg: Nidhogg is an all-in-one simple to use windows kernel rootkit.
Nidhogg is an all-in-one simple to use windows kernel rootkit. - Idov31/Nidhogg
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing
https://github.com/reveng007/DarkWidow
@Engineer_Computer
https://github.com/reveng007/DarkWidow
@Engineer_Computer
GitHub
GitHub - reveng007/DarkWidow: Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote…
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+Bloc...
Cobalt Strike Profiles for EDR #Evasion
https://github.com/EvilGreys/Cobalt-Strike-Profiles-for-EDR-Evasion
@Engineer_Computer
https://github.com/EvilGreys/Cobalt-Strike-Profiles-for-EDR-Evasion
@Engineer_Computer
9 Best SOC Tools to Strengthen Your Security Posture
This article will explore the most effective SOC solutions to help you make well-informed cybersecurity decisions and strengthen business defenses.
@Engineer_Computer
This article will explore the most effective SOC solutions to help you make well-informed cybersecurity decisions and strengthen business defenses.
@Engineer_Computer
UnderDefense
Best SOC Tools to Level Up Your Security Posture
Know top 9 SOC tools to strengthen your security posture. Enhance threat detection and streamline incident response with the best SOC solutions.
Cybersecurity Skills Gap Rises. Impacted Businesses Urged to Attract Talent With Education and Embrace AI
This could also mean that more cybersecurity professionals are available for hire.
But do they have the skills companies need?
Among respondents to the survey, 92% reported skills gaps at their organization, a gap that includes cloud computing security.
An inability to find people with the right skills, the struggle to keep employees who have those skills, and a shrinking hiring budget are the biggest causes cited for these skills gaps.
Indeed, 54% of respondents said that the cybersecurity skills shortage situation has been getting worse in recent years.
@Engineer_Computer
This could also mean that more cybersecurity professionals are available for hire.
But do they have the skills companies need?
Among respondents to the survey, 92% reported skills gaps at their organization, a gap that includes cloud computing security.
An inability to find people with the right skills, the struggle to keep employees who have those skills, and a shrinking hiring budget are the biggest causes cited for these skills gaps.
Indeed, 54% of respondents said that the cybersecurity skills shortage situation has been getting worse in recent years.
@Engineer_Computer
Thomson Reuters
Growing threats outpace cybersecurity workforce
Cybersecurity skills gap rises. Impacted businesses urged to attract talent with education and embrace AI to fight off cyber threats.
Reports of Data Breach on Class Charts Platform
Class Charts is used by more than 180,000 teachers, its website states.
The company says it can “save teachers time and reduce workload with our data rich seating plans” and “improve pupil behaviour with our fast and effective behaviour management”.
@Engineer_Computer
Class Charts is used by more than 180,000 teachers, its website states.
The company says it can “save teachers time and reduce workload with our data rich seating plans” and “improve pupil behaviour with our fast and effective behaviour management”.
@Engineer_Computer
Schools Week
Reports of data breach on Class Charts platform
ICO launches probe amid reports parents 'saw data of children from other schools'
JetBrains Warns of New TeamCity Auth Bypass Vulnerability
JetBrains strongly advises all TeamCity On-Premises users to update their servers to 2023.11.3 to eliminate the vulnerability.
Tracked as CVE-2024-23917, this critical severity flaw impacts all versions of TeamCity On-Premises from 2017.1 through 2023.11.2 and can be exploited in remote code execution (RCE) attacks that don't require user interaction.
@Engineer_Computer
JetBrains strongly advises all TeamCity On-Premises users to update their servers to 2023.11.3 to eliminate the vulnerability.
Tracked as CVE-2024-23917, this critical severity flaw impacts all versions of TeamCity On-Premises from 2017.1 through 2023.11.2 and can be exploited in remote code execution (RCE) attacks that don't require user interaction.
@Engineer_Computer
BleepingComputer
JetBrains warns of new TeamCity auth bypass vulnerability
JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges.
OpenAI's ChatGPT Breaches Privacy Rules, Says Italian Watchdog
Italy was the first West European country to curb ChatGPT, whose rapid development has attracted attention from lawmakers and regulators.
Under the EU's General Data Protection Regulation (GDPR) introduced in 2018, any company found to have broken rules faces fines of up to 4% of its global turnover.
@Engineer_Computer
Italy was the first West European country to curb ChatGPT, whose rapid development has attracted attention from lawmakers and regulators.
Under the EU's General Data Protection Regulation (GDPR) introduced in 2018, any company found to have broken rules faces fines of up to 4% of its global turnover.
@Engineer_Computer
Reuters
OpenAI's ChatGPT breaches privacy rules, says Italian watchdog
Italy's data protection authority has told OpenAI that its artificial intelligence chatbot application ChatGPT breaches data protection rules, the watchdog said on Monday, as it presses ahead with an investigation started last year.
🔖Google Dorks for recon
🔎 Top Google dorks for bugbounty : Link
#bugbounty #bugbountytips
@Engineer_Computer
site:*.domain.*
site:domain.*
site:*.domain.com
site:*.domain.-*.*
🔎 Top Google dorks for bugbounty : Link
#bugbounty #bugbountytips
@Engineer_Computer
🔖Who, What, Where, When, Wordlist
A detailed guide on how to create wordlists for different #cybersecurity tasks in 30 slides from twitter.com/TomNomNom.
📚PDF : https://tomnomnom.com/talks/wwwww.pdf
Do you want to create target specific wordlist for fuzzing backup files? you can use fback
#BugBounty #BugBountyTools
@Engineer_Computer
A detailed guide on how to create wordlists for different #cybersecurity tasks in 30 slides from twitter.com/TomNomNom.
📚PDF : https://tomnomnom.com/talks/wwwww.pdf
Do you want to create target specific wordlist for fuzzing backup files? you can use fback
#BugBounty #BugBountyTools
@Engineer_Computer
🔖Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focused on offensive and defensive security.
01. The Introduction to Axiom tool
02. Axiom Bug Bounty Tool Core Functionality
03. Managing AXIOM Instances
04. Creating Custom AXIOM Modules
05. Mass Hunting For Misconfigured S3 Buckets (AXIOM)
06. Mass Cross Site Scripting Hunting (AXIOM)
07. Mass Hunting for Leaked Sensitive Documents (AXIOM)
08. Hunting Blind XSS on the Large Scale Part1 — Practical Techniques
09. Hunting Blind XSS on the Large Scale Part2 — Practical Techniques
10. Top 5 Red Flags of Bug Bounty Programs
#bugbountytips #axiom #bugbounty
@Engineer_Computer
01. The Introduction to Axiom tool
02. Axiom Bug Bounty Tool Core Functionality
03. Managing AXIOM Instances
04. Creating Custom AXIOM Modules
05. Mass Hunting For Misconfigured S3 Buckets (AXIOM)
06. Mass Cross Site Scripting Hunting (AXIOM)
07. Mass Hunting for Leaked Sensitive Documents (AXIOM)
08. Hunting Blind XSS on the Large Scale Part1 — Practical Techniques
09. Hunting Blind XSS on the Large Scale Part2 — Practical Techniques
10. Top 5 Red Flags of Bug Bounty Programs
#bugbountytips #axiom #bugbounty
@Engineer_Computer
♦️ Collection of #UAC #Bypass Techniques Weaponized as BOFs
🌐 https://github.com/icyguider/UAC-BOF-Bonanza?tab=readme-ov-file
🔺 A single module which integrates all techniques has been provided to use the BOFs via the Havoc C2 Framework
🔱 https://github.com/HavocFramework/Havoc
@Engineer_Computer
🌐 https://github.com/icyguider/UAC-BOF-Bonanza?tab=readme-ov-file
🔺 A single module which integrates all techniques has been provided to use the BOFs via the Havoc C2 Framework
🔱 https://github.com/HavocFramework/Havoc
@Engineer_Computer
GitHub
GitHub - icyguider/UAC-BOF-Bonanza: Collection of UAC Bypass Techniques Weaponized as BOFs
Collection of UAC Bypass Techniques Weaponized as BOFs - icyguider/UAC-BOF-Bonanza
With PPLDescribe, you can retrieve information about processes that are protected by PPL. The tool parses PS_PROTECTION, PS_PROTECTED_TYPE and PS_PROTECTED_SIGNER structures to retrieve the information
#Credential_access
https://github.com/MzHmO/PPLDescribe
@Engineer_Computer
#Credential_access
https://github.com/MzHmO/PPLDescribe
@Engineer_Computer
GitHub
GitHub - MzHmO/PPLDescribe: Tool for obtaining information about PPL processes
Tool for obtaining information about PPL processes - MzHmO/PPLDescribe
Remote buffer overflow over wifi_stack in wpa_supplicant binary in android 11, platform:samsung a20e, stock options so like works out of the box
https://github.com/SpiralBL0CK/Remote-buffer-overflow-over-wifi_stack-in-wpa_supplicant-binary-in-android-11-platform-samsung-a20e
@Engineer_Computer
https://github.com/SpiralBL0CK/Remote-buffer-overflow-over-wifi_stack-in-wpa_supplicant-binary-in-android-11-platform-samsung-a20e
@Engineer_Computer
GitHub
GitHub - SpiralBL0CK/Remote-buffer-overflow-over-wifi_stack-in-wpa_supplicant-binary-in-android-11-platform-samsung-a20e: Remote…
Remote buffer overflow over wifi_stack in wpa_supplicant binary in android 11, platform:samsung a20e, stock options so like works out of the box - SpiralBL0CK/Remote-buffer-overflow-over-wifi_stack...
Simulate the behavior of AV/EDR for malware development training.
https://github.com/Helixo32/CrimsonEDR/tree/main
@Engineer_Computer
https://github.com/Helixo32/CrimsonEDR/tree/main
@Engineer_Computer
GitHub
GitHub - Helixo32/CrimsonEDR: Simulate the behavior of AV/EDR for malware development training.
Simulate the behavior of AV/EDR for malware development training. - Helixo32/CrimsonEDR