Forwarded from F.P.W Library Sec [ CyberSecurity Book ] (#M)
NUCLEUS13.pdf
1.5 MB
#SCADA_Security
"NUCLEUS:13
Dissecting the Nucleus TCP/IP stack", 2021.
// NUCLEUS:13 - a set of 13 vulnerabilities affecting the Nucleus TCP/IP stack, currently owned by Siemens and used in billions of devices
@library_Sec
"NUCLEUS:13
Dissecting the Nucleus TCP/IP stack", 2021.
// NUCLEUS:13 - a set of 13 vulnerabilities affecting the Nucleus TCP/IP stack, currently owned by Siemens and used in billions of devices
@library_Sec
Forwarded from Red Blue Team
#RedTeam
Red Team Tools used for Pros Versus Joes CTF Games. Here for Blue Teams to understand the pwnage.
https://github.com/iDigitalFlame/PvJ-CTF-RedTools
@BlueRedTeam
Red Team Tools used for Pros Versus Joes CTF Games. Here for Blue Teams to understand the pwnage.
https://github.com/iDigitalFlame/PvJ-CTF-RedTools
@BlueRedTeam
GitHub
GitHub - iDigitalFlame/PvJ-CTF-RedTools: Red Team Tools used for Pros Versus Joes CTF Games. Here for Blue Teams to understand…
Red Team Tools used for Pros Versus Joes CTF Games. Here for Blue Teams to understand the pwnage. - iDigitalFlame/PvJ-CTF-RedTools
#Malware_analysis
1. Automate Qbot Malware String Decryption
With Ghidra Script
https://www.reddit.com/r/ReverseEngineering/comments/qt0rd9/automate_qbot_malware_string_decryption_with
2. Obfuscated Maldoc: Reversed BASE64
https://isc.sans.edu/forums/diary/Obfuscated+Maldoc+Reversed+BASE64/28030
@iotpenetrationtesting
1. Automate Qbot Malware String Decryption
With Ghidra Script
https://www.reddit.com/r/ReverseEngineering/comments/qt0rd9/automate_qbot_malware_string_decryption_with
2. Obfuscated Maldoc: Reversed BASE64
https://isc.sans.edu/forums/diary/Obfuscated+Maldoc+Reversed+BASE64/28030
@iotpenetrationtesting
Reddit
From the ReverseEngineering community on Reddit: Automate Qbot Malware String Decryption With Ghidra Script
Explore this post and more from the ReverseEngineering community
#Malware_analysis
1. Sabbath Ransomware
https://www.mandiant.com/resources/sabbath-ransomware-affiliate
2. Yanluowang Ransomware
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/yanluowang-targeted-ransomware
@iotpenetrationtesting
1. Sabbath Ransomware
https://www.mandiant.com/resources/sabbath-ransomware-affiliate
2. Yanluowang Ransomware
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/yanluowang-targeted-ransomware
@iotpenetrationtesting
Google Cloud Blog
Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again | Google Cloud Blog
#Malware_analysis
Smishing Botnets
https://research.checkpoint.com/2021/smishing-botnets-going-viral-in-iran
@IotPenetrationTesting
Smishing Botnets
https://research.checkpoint.com/2021/smishing-botnets-going-viral-in-iran
@IotPenetrationTesting
Check Point Research
Smishing Botnets Going Viral in Iran - Check Point Research
Research by: Shmuel Cohen Introduction In the last few months, multiple Iranian media and social networks have published warnings about ongoing SMS phishing campaigns impersonating Iranian government services. The story is as old as time: victims click on…
#Malware_analysis
Analysis of the njRAT Malware -
A Step-by-Step Approach
https://cybergeeks.tech/just-another-analysis-of-the-njrat-malware-a-step-by-step-approach
@IotPenetrationTesting
Analysis of the njRAT Malware -
A Step-by-Step Approach
https://cybergeeks.tech/just-another-analysis-of-the-njrat-malware-a-step-by-step-approach
@IotPenetrationTesting
#Malware_analysis
Mirai-based Botnet - Moobot Targets Hikvision Vulnerability
https://www.fortinet.com/blog/threat-research/mirai-based-botnet-moobot-targets-hikvision-vulnerability
@IotPenetrationTesting
Mirai-based Botnet - Moobot Targets Hikvision Vulnerability
https://www.fortinet.com/blog/threat-research/mirai-based-botnet-moobot-targets-hikvision-vulnerability
@IotPenetrationTesting
Fortinet Blog
Mirai-based Botnet - Moobot Targets Hikvision Vulnerability
FortiGuard Labs analyzes how an attacker can leverage CVE-2021-36260 to create targets for Moobot which is a DDoS botnet based on Mirai. In this blog we explain how an attacker delivers this payloa…
Side-channel attacks explained: All you need to know -Rambus
https://www.rambus.com/blogs/side-channel-attacks/
@IotPenetrationTesting
https://www.rambus.com/blogs/side-channel-attacks/
@IotPenetrationTesting
Rambus
Side-channel attacks explained: everything you need to know
In this blog post, we take an in-depth look at the world of side-channel attacks. We describe how side-channel attacks work and detail some of the most
#Malware_analysis
1. blueheaven: Command and Control Malware
https://www.countercraftsec.com/blog/post/rr.blueheaven.life-command-and-control-malware
2. Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes
https://www.crowdstrike.com/blog/how-doppelpaymer-hunts-and-kills-windows-processes
@IotPenetrationTesting
1. blueheaven: Command and Control Malware
https://www.countercraftsec.com/blog/post/rr.blueheaven.life-command-and-control-malware
2. Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes
https://www.crowdstrike.com/blog/how-doppelpaymer-hunts-and-kills-windows-processes
@IotPenetrationTesting
CounterCraft
blueheaven: Command and Control Malware
We set up deception decoys across the Internet to gather threat intel. With these decoys, we succeeded in luring this threat actor, which could be the beginning of a new malware family. It is based on a botnet that attacks servers with vulnerabilities, and…
#Malware_analysis
Why Emotet chose Trickbot for rebirth
https://research.checkpoint.com/2021/when-old-friends-meet-again-why-emotet-chose-trickbot-for-rebirth
@IotPenetrationTesting
Why Emotet chose Trickbot for rebirth
https://research.checkpoint.com/2021/when-old-friends-meet-again-why-emotet-chose-trickbot-for-rebirth
@IotPenetrationTesting
Check Point Research
When old friends meet again: why Emotet chose Trickbot for rebirth - Check Point Research
Research by: Raman Ladutska, Aliaksandr Trafimchuk, David Driker, Yali Magiel Overview Trickbot and Emotet are considered some of the largest botnets in history. They both share a similar story: they were taken down and made a comeback. Check Point Research…
#Malware
#Analysis
Malicious npm Packages Are After Your Discord Tokens - 17 New Packages Disclosed
https://jfrog.com/blog/malicious-npm-packages-are-after-your-discord-tokens-17-new-packages-disclosed
@IotPenetrationTesting
#Analysis
Malicious npm Packages Are After Your Discord Tokens - 17 New Packages Disclosed
https://jfrog.com/blog/malicious-npm-packages-are-after-your-discord-tokens-17-new-packages-disclosed
@IotPenetrationTesting
JFrog
Malicious npm Packages Are After Your Discord Tokens - 17 New Packages Disclosed
Software supply chain security threat: automated scanning of open-source packages in the npm registry uncovered malware that puts sensitive data and devices at risk.
#malware
#Analysis
BRATA - Mobile banking fraud
https://www.cleafy.com/cleafy-labs/mobile-banking-fraud-brata-strikes-again
@IotPenetrationTesting
#Analysis
BRATA - Mobile banking fraud
https://www.cleafy.com/cleafy-labs/mobile-banking-fraud-brata-strikes-again
@IotPenetrationTesting
Cleafy
Mobile banking fraud: BRATA strikes again | Cleafy Labs
The mobile banking malware BRATA strikes again, and it is slowly spreading all over Europe. Read here the new Technical Report, which explains in detail how it works and how to prevent it.