یک تغییر کلید رجیستری چه ها که نمیکند!!
https://trustedsec.com/blog/specula-turning-outlook-into-a-c2-with-one-registry-change
@Engineer_Computer
https://trustedsec.com/blog/specula-turning-outlook-into-a-c2-with-one-registry-change
@Engineer_Computer
TrustedSec
Specula - Turning Outlook Into a C2 With One Registry Change
👍2
⭕️این ابزار که جهت شناسایی و بررسی RootKit ها توسعه داده شده است، با استفاده از درایور ابزار Winpmem که خود نیز قبل تر جزو ابزار Rekall بوده است(اگر Memory Forensics کار کرده باشید احتمالا باهاش آشنا هستید) و مدتی هست بصورت جداگانه توسعه داده شده، اقدام به بررسی موارد خوبی میکند.
یکی از ویژگی هایی که میتوان به آن اشاره کرد امکان متصل کردن به سرور GDB و بررسی فایل مسیر زیر میباشد.
C:\Windows\MEMORY.DMP
خلاصه ی مواردی که این ابزار آنها را بررسی میکند :
#ThreatHunting #RootKit
@Engineer_Computer
یکی از ویژگی هایی که میتوان به آن اشاره کرد امکان متصل کردن به سرور GDB و بررسی فایل مسیر زیر میباشد.
C:\Windows\MEMORY.DMP
خلاصه ی مواردی که این ابزار آنها را بررسی میکند :
Loaded modules list
Drivers in memory code (compared to on-disk version)
Callbacks of kernel objects and internal ntoskrnl lists
PlugAndPlay tree and filters
Kernel types callbacks
FltMgr callbacks
KTimers DPC functions
IRP driver's tables
Driver signing global variables with callbacks
NDIS filters and callbacks
NetIO/FwpkCLNT filtering dispatch
Devices and their attached device objects
IDT entries
PatchGuard initialization and state
#ThreatHunting #RootKit
@Engineer_Computer
GitHub
GitHub - ExaTrack/Kdrill: Python tool to check rootkits in Windows kernel
Python tool to check rootkits in Windows kernel. Contribute to ExaTrack/Kdrill development by creating an account on GitHub.
معرفی الکساندر بورگس و وبلاگش در مورد مهندسی معکوس
https://exploitreversing.com/2024/08/07/malware-analysis-series-mas-article-08/
@Engineer_Computer
https://exploitreversing.com/2024/08/07/malware-analysis-series-mas-article-08/
@Engineer_Computer
Exploit Reversing
Malware Analysis Series (MAS): article 08 | MacOS/iOS
The eighth article (62 pages) in the Malware Analysis Series (MAS), a step-by-step malware analysis and reverse engineering series, is available for reading on: (PDF): I hope this article helps pr…
This media is not supported in your browser
VIEW IN TELEGRAM
آموزش استفاده از GPT4-o
رایگان
صدرصد
به یک فیلترشکن با ip آمریکا وصل بشید
و به لینک زیر برید
https://openai.com/index/gpt-4o-and-more-tools-to-chatgpt-free/
در شبیه سازی حملات هک بسیار مفید است
It is very useful in simulating hacking attacks
@Engineer_Computer
رایگان
صدرصد
به یک فیلترشکن با ip آمریکا وصل بشید
و به لینک زیر برید
https://openai.com/index/gpt-4o-and-more-tools-to-chatgpt-free/
در شبیه سازی حملات هک بسیار مفید است
It is very useful in simulating hacking attacks
@Engineer_Computer
👍5🎉1
گفتن اینکه حریم خصوصی بی فایده است زیرا چیزی برای پنهان کردن ندارید مانند این است که بگویید آزادی بیان بی فایده است زیرا چیزی برای گفتن ندارید
Saying that privacy is useless because you have nothing to hide is like saying that freedom of speech is useless because you have nothing to say.
@Engineer_Computer
Saying that privacy is useless because you have nothing to hide is like saying that freedom of speech is useless because you have nothing to say.
@Engineer_Computer
❤5🔥3👍1
shodan dorks for recon :
1. ssl.cert.subject.CN:"*.target.com" http.noscript:"index of/"
2. ssl.cert.subject.CN:"*.target.com" http.noscript:"gitlab"
3. ssl.cert.subject.CN:"*. target.com" http.noscript:"gitlab"
4. ssl.cert.subject.CN:"*.target.com" "230 login successful" port:"21"
5. ssl.cert.subject.CN:"*. target.com" +200 http.noscript:"Admin"
@Engineer_Computer
1. ssl.cert.subject.CN:"*.target.com" http.noscript:"index of/"
2. ssl.cert.subject.CN:"*.target.com" http.noscript:"gitlab"
3. ssl.cert.subject.CN:"*. target.com" http.noscript:"gitlab"
4. ssl.cert.subject.CN:"*.target.com" "230 login successful" port:"21"
5. ssl.cert.subject.CN:"*. target.com" +200 http.noscript:"Admin"
@Engineer_Computer
👍1
tools
OpSec
LogHunter - tool for finding user sessions by analyzing event log files through RPC (MS-EVEN)
https://github.com/CICADA8-Research/LogHunter
Info
Threat Research
API Threat Landscape
https://escape.tech/resources/api-threat-landscape
@Engineer_Computer
OpSec
LogHunter - tool for finding user sessions by analyzing event log files through RPC (MS-EVEN)
https://github.com/CICADA8-Research/LogHunter
Info
Threat Research
API Threat Landscape
https://escape.tech/resources/api-threat-landscape
@Engineer_Computer
GitHub
GitHub - CICADA8-Research/LogHunter: Opsec tool for finding user sessions by analyzing event log files through RPC (MS-EVEN)
Opsec tool for finding user sessions by analyzing event log files through RPC (MS-EVEN) - CICADA8-Research/LogHunter
DFIR
Blue Team Techniques
Hard Disk Analysis Methodology:
Training Materials
https://zach-wong.gitbook.io/easy-reads/forensics-ctf-methodology/hard-disk-analysis-methodology
@Engineer_Computer
Blue Team Techniques
Hard Disk Analysis Methodology:
Training Materials
https://zach-wong.gitbook.io/easy-reads/forensics-ctf-methodology/hard-disk-analysis-methodology
@Engineer_Computer
zach-wong.gitbook.io
Hard Disk Analysis Methodology | jigsaw@jigsaw
SOC Threat Intelligence Analyst
Telecommute/home-based, Seeking a SOC Threat Intelligence Analyst for a contract role with a State Government organization in Des Moines, IA. Kindly review and let me know if you are interested in this opportunity. Role: SOC Threat Intelligence Analyst Location: Des Moines, IA - Remote Duration: Contractual Position Summary: This position supports the organization's Security Operations Center (SOC). The purpose of this p
http://jobview.monster.com/SOC-Threat-Intelligence-Analyst-Job-US-275907401.aspx
#US #SOC Threat Intelligence Analyst
@Engineer_Computer
Telecommute/home-based, Seeking a SOC Threat Intelligence Analyst for a contract role with a State Government organization in Des Moines, IA. Kindly review and let me know if you are interested in this opportunity. Role: SOC Threat Intelligence Analyst Location: Des Moines, IA - Remote Duration: Contractual Position Summary: This position supports the organization's Security Operations Center (SOC). The purpose of this p
http://jobview.monster.com/SOC-Threat-Intelligence-Analyst-Job-US-275907401.aspx
#US #SOC Threat Intelligence Analyst
@Engineer_Computer
استفاده از درایور های آسیب پذیر ولی امضا دار برای دورزدن کنترل های امنیتی نظیر EDR
مقاله ای خواندنی 👌
https://medium.com/@merasor07/byovd-a-kernel-attack-stealthy-threat-to-endpoint-security-ec809272e505
@Engineer_Computer
مقاله ای خواندنی 👌
https://medium.com/@merasor07/byovd-a-kernel-attack-stealthy-threat-to-endpoint-security-ec809272e505
@Engineer_Computer
Medium
BYOVD A Kernel Attack: Stealthy Threat to Endpoint Security
Introduction:
tools
Red Team Tactics
PenTest and Red Teams Tools
https://github.com/CyberSecurityUP/Awesome-Red-Team-Operations
Cyber_Education
Offensive security
SQL Injection Cheatsheet
https://tib3rius.com/sqli
@Engineer_Computer
Red Team Tactics
PenTest and Red Teams Tools
https://github.com/CyberSecurityUP/Awesome-Red-Team-Operations
Cyber_Education
Offensive security
SQL Injection Cheatsheet
https://tib3rius.com/sqli
@Engineer_Computer
GitHub
GitHub - CyberSecurityUP/Awesome-Red-Team-Operations
Contribute to CyberSecurityUP/Awesome-Red-Team-Operations development by creating an account on GitHub.
مقاله ی صبح شنبه
دیتا مدل های کشف
کاهش خطا در تحلیل های امنیتی
**حتی CrowdStrike هم ممکن است در تحلیل و ارائه رول برای کشف اشتباه کند . لذا چه کنیم که دچار خطا نشویم ؟
https://medium.com/@vanvleet/improving-threat-identification-with-detection-data-models-1cad2f8ce051
@Engineer_Computer
دیتا مدل های کشف
کاهش خطا در تحلیل های امنیتی
**حتی CrowdStrike هم ممکن است در تحلیل و ارائه رول برای کشف اشتباه کند . لذا چه کنیم که دچار خطا نشویم ؟
https://medium.com/@vanvleet/improving-threat-identification-with-detection-data-models-1cad2f8ce051
@Engineer_Computer
Medium
Improving Threat Identification with Detection Modeling
In this post, I’ll present a simple approach to detection modeling and demonstrate how a Detection Data Model helps identify threats.
#موقت
Mastering of Python Script for System Administrator
Coupon : 25FC2EF9F608AA536822
Link :
https://www.udemy.com/course/mastering-of-python-noscript-for-system-administrator/?couponCode=25FC2EF9F608AA536822
@Engineer_Computer
Mastering of Python Script for System Administrator
Coupon : 25FC2EF9F608AA536822
Link :
https://www.udemy.com/course/mastering-of-python-noscript-for-system-administrator/?couponCode=25FC2EF9F608AA536822
@Engineer_Computer
🔥3
با ETW بصورت عمیق آشنا شوید
https://blog.trailofbits.com/2023/11/22/etw-internals-for-security-research-and-forensics/
@Engineer_Computer
https://blog.trailofbits.com/2023/11/22/etw-internals-for-security-research-and-forensics/
@Engineer_Computer
The Trail of Bits Blog
ETW internals for security research and forensics
Why has Event Tracing for Windows (ETW) become so pivotal for endpoint detection and response (EDR) solutions in Windows 10 and 11? The answer lies in the value of the intelligence it provides to security tools through secure ETW channels, which are now also…