Frequently colleagues and clients get to my (virtual) desk and pose the following question to me: “I know which patches (KBs) are installed on a Windows syst...

JARM is an active Transport Layer Security server fingerprinting tool that provides the ability to identify and group malicious servers.

Posted in r/netsec by u/Gallus • 220 points and 32 comments

Evading Windows Defender when SysWhisper got caught!

Explore advanced cybersecurity solutions, providing proactive defense against emerging threats. Learn more about our tailored intelligence, and cybercrime investigation solutions.

Instant. Actionable. Insights.

Supply chains attacks are all the rage these days, whether to deliver RATs, cryptocurrencies miners, or credential stealers. In Rust, packages are called crates and are (most of the time) hosted on a central repository: https://crates.io for better discoverability.…

Software supply chain security threat: automated scanning of Python packages in the PyPI repository uncovered stealthy malware and more. Find out about our latest findings.

Calling themselves “Memento team”, actors use Python-based ransomware that they reconfigured after setbacks.

Passwordless is a phrase generating a lot of buzz in the consumer space. But our infrastructure is full of passwords too and that needs to stop.

Earlier this year we released our WireGuard Canarytoken. This allows you to add a “fake” wireguard VPN endpoint on your device in seconds. The idea is that if your device is compromised, a knowledg…

Vulnerability Exploitation Code Collection Repository - expbox/Hadoop Yarn RPC RCE.md at main · 0x0021h/expbox

An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing). - mrexodia/dumpulator