The xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today.
https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/
@Engineer_Computer
https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/
@Engineer_Computer
Help Net Security
Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)
A vulnerability (CVE-2024-3094) in XZ Utils may enable a malicious actor to gain unauthorized access to Linux systems remotely.
first set of YARA rules to detect the backdoored XZ packages
report:
https://www.openwall.com/lists/oss-security/2024/03/29/4
rules:
https://github.com/Neo23x0/signature-base/blob/master/yara/bkdr_xz_util_cve_2024_3094.yar
@Engineer_Computer
report:
https://www.openwall.com/lists/oss-security/2024/03/29/4
rules:
https://github.com/Neo23x0/signature-base/blob/master/yara/bkdr_xz_util_cve_2024_3094.yar
@Engineer_Computer
GitHub
signature-base/yara/bkdr_xz_util_cve_2024_3094.yar at master · Neo23x0/signature-base
YARA signature and IOC database for my scanners and tools - Neo23x0/signature-base
https://attack.mitre.org/full-coverage.html
https://connections.swellgarfo.com/game/-NtwZSmJAjzng3eL9RH4
#foolApril's
@Engineer_Computer
https://connections.swellgarfo.com/game/-NtwZSmJAjzng3eL9RH4
#foolApril's
@Engineer_Computer
ATT&CK
100% MITRE Coverage
Can you get 100% MITRE Coverage? Test your skills and find out! Experience the matrix how it was never designed to be seen. Find out more here!
How APT groups operate in the Middle East
https://www.ptsecurity.com/ww-en/analytics/apt-groups-in-the-middle-east/
@Engineer_Computer
https://www.ptsecurity.com/ww-en/analytics/apt-groups-in-the-middle-east/
@Engineer_Computer
notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
https://github.com/amlweems/xzbot
@Engineer_Computer
https://github.com/amlweems/xzbot
@Engineer_Computer
مقاله ای جالب در خصوص تشخیص حملات در لینوکس با فعال سازی لاگ Auditd
https://izyknows.medium.com/linux-auditd-for-threat-detection-final-9d5173706b3f
@Engineer_Computer
https://izyknows.medium.com/linux-auditd-for-threat-detection-final-9d5173706b3f
@Engineer_Computer
Medium
Linux auditd for Threat Detection [Final]
Mapping behaviors to auditd log events
حواستان به خود سیسمون هم باشد و خرابی خودش را رسیدگی کنید
شماره رویداد ۲۵۵
https://systemweakness.com/list-of-sysmon-event-ids-for-threat-hunting-4250b47cd567
@Engineer_Computer
شماره رویداد ۲۵۵
https://systemweakness.com/list-of-sysmon-event-ids-for-threat-hunting-4250b47cd567
@Engineer_Computer
Medium
List of Sysmon Event IDs for Threat Hunting
Features of Sysmon:
👍2
Data Exfiltration Cheat Sheet.pdf
5.9 MB
چطور هکرها داده ها را از سازمانتان خارج میکنند؟
@Engineer_Computer
@Engineer_Computer
Now you can detect phishing websites quickly with Nuclei❤
@Engineer_Computer
nuclei -l websites_Possible_Phishing -tags phishing -itags phishing
@Engineer_Computer