A deep dive into Sigma rules and how to write your own threat detection rules
https://ift.tt/cLEwP8s
Submitted June 21, 2022 at 08:22PM by sciencestudent99
via reddit https://ift.tt/dNxH719
https://ift.tt/cLEwP8s
Submitted June 21, 2022 at 08:22PM by sciencestudent99
via reddit https://ift.tt/dNxH719
FourCore
A deep dive into Sigma rules and how to write your own threat detection rules
Sigma Rules - a generic open-source signature format for SIEM Systems. What Snort is to network traffic, and YARA to files, Sigma is to logs. Released in 2017, Sigma rules are used as a common language to build detection rules for different SIEM systems.
Improving AI-based defenses to disrupt human-operated ransomware
https://ift.tt/pP8AQw0
Submitted June 21, 2022 at 09:35PM by SCI_Rusher
via reddit https://ift.tt/DAnxsdN
https://ift.tt/pP8AQw0
Submitted June 21, 2022 at 09:35PM by SCI_Rusher
via reddit https://ift.tt/DAnxsdN
Microsoft News
Improving AI-based defenses to disrupt human-operated ransomware
To disrupt human-operated ransomware attacks as early as possible, we enhanced the AI-based protections in Microsoft Defender for Endpoint with a range of specialized machine learning techniques that swiftly identify and block malicious files, processes,…
Container escapes: Detecting abuses of Linux capabilities with Falco + Intro to CAP_SYS_ADMIN
https://ift.tt/SEKFx3q
Submitted June 21, 2022 at 09:23PM by capitangolo
via reddit https://ift.tt/maVFWPK
https://ift.tt/SEKFx3q
Submitted June 21, 2022 at 09:23PM by capitangolo
via reddit https://ift.tt/maVFWPK
Sysdig
How to detect the containers’ escape capabilities with Falco – Sysdig
With a tool like Falco, it’s possible to detect when specific container capabilities like CAP_SYS_ADMIN are misused.
ShoMon V2: Shodan Monitoring Integration for TheHive written in Golang
https://ift.tt/jJ1HDpG
Submitted June 22, 2022 at 12:35PM by KaanSK
via reddit https://ift.tt/Lv6IMcJ
https://ift.tt/jJ1HDpG
Submitted June 22, 2022 at 12:35PM by KaanSK
via reddit https://ift.tt/Lv6IMcJ
GitHub
GitHub - KaanSK/shomon: Shodan Monitoring integration for TheHive.
Shodan Monitoring integration for TheHive. Contribute to KaanSK/shomon development by creating an account on GitHub.
Semgrep rules for PHP security assessment
https://ift.tt/q6YZKLM
Submitted June 22, 2022 at 02:28PM by 0xdea
via reddit https://ift.tt/tfovmJC
https://ift.tt/q6YZKLM
Submitted June 22, 2022 at 02:28PM by 0xdea
via reddit https://ift.tt/tfovmJC
hn security
Semgrep rules for PHP security assessment - hn security
Hi! According to the official documentation, Semgrep […]
Understanding the Compound File Binary Format and OLE Structures to Mess with CVE-2022-30190
https://ift.tt/1soTcXN
Submitted June 23, 2022 at 02:46PM by canmaplap
via reddit https://ift.tt/C5IGtnm
https://ift.tt/1soTcXN
Submitted June 23, 2022 at 02:46PM by canmaplap
via reddit https://ift.tt/C5IGtnm
Cymulate
Messing with CVE-2022-30190 by Understanding Compound File Binary Format and OLE Structures
Gain an understanding of the Compound File Binary Format and OLE Structures to Mess with CVE-2022-30190 in this blog post by Cymulate.
fuzzuli is a fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.
https://ift.tt/IG3vZcV
Submitted June 23, 2022 at 03:34PM by 0xmusana
via reddit https://ift.tt/WlRSwPG
https://ift.tt/IG3vZcV
Submitted June 23, 2022 at 03:34PM by 0xmusana
via reddit https://ift.tt/WlRSwPG
GitHub
GitHub - musana/fuzzuli: fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based…
fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain. - GitHub - musana/fuzzuli: fuzzuli is a url fuzzing tool that aims to find ...
Miracle - One Vulnerability To Rule Them All
https://ift.tt/eqcEtfu
Submitted June 23, 2022 at 04:44PM by scopedsecurity
via reddit https://ift.tt/eXSndL7
https://ift.tt/eqcEtfu
Submitted June 23, 2022 at 04:44PM by scopedsecurity
via reddit https://ift.tt/eXSndL7
Medium
Miracle - One Vulnerability To Rule Them All
# Introduction
This repo contains information about EDRs that can be useful during red team exercise.
https://ift.tt/roX3Qsf
Submitted June 23, 2022 at 09:39PM by M_Reza_Bakhtiyari
via reddit https://ift.tt/yhdswJO
https://ift.tt/roX3Qsf
Submitted June 23, 2022 at 09:39PM by M_Reza_Bakhtiyari
via reddit https://ift.tt/yhdswJO
GitHub
GitHub - Mr-Un1k0d3r/EDRs
Contribute to Mr-Un1k0d3r/EDRs development by creating an account on GitHub.
The Far Point of a Static Encounter
https://ift.tt/tr1Yxei
Submitted June 24, 2022 at 09:44AM by amirshk
via reddit https://ift.tt/Zd0SWlD
https://ift.tt/tr1Yxei
Submitted June 24, 2022 at 09:44AM by amirshk
via reddit https://ift.tt/Zd0SWlD
Medium
The Far Point of a Static Encounter
A breakdown of the Anti-VM skimmer and its variants from the earliest incarnation to the latest iteration served from staticounter.]net.
CookieMonsteRCE: Stored XSS to RCE in Zena
https://ift.tt/uoWMpdV
Submitted June 24, 2022 at 09:47AM by jibblz
via reddit https://ift.tt/8bKNPce
https://ift.tt/uoWMpdV
Submitted June 24, 2022 at 09:47AM by jibblz
via reddit https://ift.tt/8bKNPce
Playing Docker? Bad Containers and What They Teach Us
https://ift.tt/4e2Toxt
Submitted June 24, 2022 at 04:38PM by Illustrious_Yard_576
via reddit https://ift.tt/n9hoKwB
https://ift.tt/4e2Toxt
Submitted June 24, 2022 at 04:38PM by Illustrious_Yard_576
via reddit https://ift.tt/n9hoKwB
Medium
Playing Docker? Bad Containers and What They Teach Us
Ci/CD gets better, faster, and stronger with containers, but the security dilemma is still on the table. See what breaches can teach us.
Use SQL to query Have I Been Pwned breaches, pastes & passwords (new open source tool!)
https://ift.tt/cBHKPVe
Submitted June 24, 2022 at 06:28PM by bobtbot
via reddit https://ift.tt/wZmjr7F
https://ift.tt/cBHKPVe
Submitted June 24, 2022 at 06:28PM by bobtbot
via reddit https://ift.tt/wZmjr7F
Steampipe Hub
Have I Been Pwned Plugin for Steampipe
Query HIBP data with SQL! Open source CLI. No DB required.
The curious tale of a fake Carrier.app
https://ift.tt/AghiRGl
Submitted June 24, 2022 at 03:04PM by lormayna
via reddit https://ift.tt/hE2kGWj
https://ift.tt/AghiRGl
Submitted June 24, 2022 at 03:04PM by lormayna
via reddit https://ift.tt/hE2kGWj
Blogspot
The curious tale of a fake Carrier.app
Posted by Ian Beer, Google Project Zero NOTE: This issue was CVE-2021-30983 was fixed in iOS 15.2 in December 2021. Towards the ...
Hagana - A novel approach to runtime protection for NodeJS to prevent supply chain attacks
https://ift.tt/n7TAKGu
Submitted June 24, 2022 at 06:58PM by beckerman_jacob
via reddit https://ift.tt/TQSf1Mt
https://ift.tt/n7TAKGu
Submitted June 24, 2022 at 06:58PM by beckerman_jacob
via reddit https://ift.tt/TQSf1Mt
GitHub
GitHub - yaakov123/hagana: NodeJS runtime protection for supply chain attacks
NodeJS runtime protection for supply chain attacks - GitHub - yaakov123/hagana: NodeJS runtime protection for supply chain attacks
Netsec Goggle for Brave Search
https://ift.tt/CEjdMVn
Submitted June 24, 2022 at 11:42PM by alxjsn
via reddit https://ift.tt/Jzmx2Cy
https://ift.tt/CEjdMVn
Submitted June 24, 2022 at 11:42PM by alxjsn
via reddit https://ift.tt/Jzmx2Cy
GitHub
GitHub - forcesunseen/netsec-goggle: High signal information security sources Goggle.
High signal information security sources Goggle. Contribute to forcesunseen/netsec-goggle development by creating an account on GitHub.
Basic WebAssembly buffer overflow exploitation
https://ift.tt/zZLto4q
Submitted June 26, 2022 at 01:33AM by chaplja
via reddit https://ift.tt/PjcMAzm
https://ift.tt/zZLto4q
Submitted June 26, 2022 at 01:33AM by chaplja
via reddit https://ift.tt/PjcMAzm
Protekkt
Basic WebAssembly buffer overflow exploitation | protekkt blog
Grav is an easy to use, yet powerful, open source flat-file CMS
linx - Reveals invisible links within JavaScript files
https://ift.tt/zkMZfFH
Submitted June 27, 2022 at 04:10AM by rjz4
via reddit https://ift.tt/84mA0d7
https://ift.tt/zkMZfFH
Submitted June 27, 2022 at 04:10AM by rjz4
via reddit https://ift.tt/84mA0d7
GitHub
GitHub - riza/linx: Reveals invisible links within JavaScript files
Reveals invisible links within JavaScript files. Contribute to riza/linx development by creating an account on GitHub.
Notes on OpenSSL remote memory corruption
https://ift.tt/d1mJinU
Submitted June 27, 2022 at 11:32AM by Gallus
via reddit https://ift.tt/AO5HID3
https://ift.tt/d1mJinU
Submitted June 27, 2022 at 11:32AM by Gallus
via reddit https://ift.tt/AO5HID3
Guido Vranken
Notes on OpenSSL remote memory corruption
OpenSSL version 3.0.4, released on June 21th 2022, is susceptible to remote memory corruption which can be triggered trivially by an attacker. BoringSSL, LibreSSL and the OpenSSL 1.1.1 branch are n…
VaultBoot: remote attestation
https://ift.tt/T84Nhwc
Submitted June 27, 2022 at 04:59PM by hardenedvault
via reddit https://ift.tt/ZHuBvro
https://ift.tt/T84Nhwc
Submitted June 27, 2022 at 04:59PM by hardenedvault
via reddit https://ift.tt/ZHuBvro
GitHub
GitHub - hardenedvault/vaultboot
Contribute to hardenedvault/vaultboot development by creating an account on GitHub.
Revive: from spyware to Android banking trojan | Cleafy Labs
https://ift.tt/iY4KW0c
Submitted June 27, 2022 at 07:19PM by f3d_0x0
via reddit https://ift.tt/DapCOl9
https://ift.tt/iY4KW0c
Submitted June 27, 2022 at 07:19PM by f3d_0x0
via reddit https://ift.tt/DapCOl9
Cleafy
Revive: from spyware to android banking trojan | Cleafy Labs
A new banking trojan targeting Europe has been discovered by Cleafy's Threat Intelligence Team. We dubbed it Revive and it is an evolution of simple spyware into a banking trojan, with the key capability of conducting Account Takeover attacks: here's the…