3 takeaways from red teaming 100 generative AI products
https://www.microsoft.com/en-us/security/blog/2025/01/13/3-takeaways-from-red-teaming-100-generative-ai-products/
https://www.microsoft.com/en-us/security/blog/2025/01/13/3-takeaways-from-red-teaming-100-generative-ai-products/
Microsoft News
3 takeaways from red teaming 100 generative AI products
The growing sophistication of AI systems and Microsoft’s increasing investment in AI have made red teaming more important than ever. Learn more.
👍2👌2
Forwarded from Peneter Tools (Soheil Hashemi)
POC exploit for CVE-2024-49138
https://github.com/MrAle98/CVE-2024-49138-POC
https://github.com/MrAle98/CVE-2024-49138-POC
GitHub
GitHub - MrAle98/CVE-2024-49138-POC: POC exploit for CVE-2024-49138
POC exploit for CVE-2024-49138. Contribute to MrAle98/CVE-2024-49138-POC development by creating an account on GitHub.
❤6
NSA Jointly Releases Recommendations for Closing the Software Understanding Gap
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4031718/nsa-jointly-releases-recommendations-for-closing-the-software-understanding-gap/
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4031718/nsa-jointly-releases-recommendations-for-closing-the-software-understanding-gap/
National Security Agency/Central Security Service
NSA Jointly Releases Recommendations for Closing the Software Understa
FORT MEADE, Md. – A report released by the National Security Agency (NSA), the Cybersecurity and Infrastructure Agency (CISA), the Defense Advanced Research Projects Agency (DARPA), and the
❤1
ETW Threat Intelligence and Hardware Breakpoints
https://www.praetorian.com/blog/etw-threat-intelligence-and-hardware-breakpoints/
https://github.com/rad9800/hwbp4mw
https://www.praetorian.com/blog/etw-threat-intelligence-and-hardware-breakpoints/
https://github.com/rad9800/hwbp4mw
Praetorian
ETW Threat Intelligence and Hardware Breakpoints
Learn to bypass EDR detection using NtContinue for hardware breakpoints without triggering ETW Threat Intelligence. This technical blog explores kernel debugging, debug registers, and EDR evasion with code examples.
به نظر میرسه لیک NightHawkC2 واقعی است و احتمال میره سورس کد آن به سرقت رفته باشه
این c2 جزو نسخههای commercial c2 matrix هست و محصول شرکت mdsec میباشد.
https://x.com/deadvolvo/status/1882455367864770970?t=opQIfMzaGUZ2sybw9qU1pw&s=19
این c2 جزو نسخههای commercial c2 matrix هست و محصول شرکت mdsec میباشد.
https://x.com/deadvolvo/status/1882455367864770970?t=opQIfMzaGUZ2sybw9qU1pw&s=19
👍9
summary of the changes to SMB signing enforcement defaults in Windows Server 2025 and Windows 11 24H2:
https://www.dsinternals.com/en/smb-signing-windows-server-2025-client-11-24h2-defaults/
https://www.dsinternals.com/en/smb-signing-windows-server-2025-client-11-24h2-defaults/
👍3❤1
Forwarded from Peneter.com
Professional.Red.Teaming_Chapter_9.pdf
697.1 KB
کتاب: تیم قرمز حرفهای 📕
فصل نهم: تیم قرمز ضد APT
فهرست مطالب
تیم CAPTR
تحلیل بدترین حالت ممکن و تعیین محدوده 148
چشمانداز اولیه حیاتی 149
زنجیره انتقال معکوس 149
تقابل 150
روز صفر 150
تهدیدات داخلی 153
بهرهوری 154
ریسک تحمیل شده 155
معایب 156
خلاصه فصل نهم 158
فصل نهم: تیم قرمز ضد APT
فهرست مطالب
تیم CAPTR
تحلیل بدترین حالت ممکن و تعیین محدوده 148
چشمانداز اولیه حیاتی 149
زنجیره انتقال معکوس 149
تقابل 150
روز صفر 150
تهدیدات داخلی 153
بهرهوری 154
ریسک تحمیل شده 155
معایب 156
خلاصه فصل نهم 158
❤4👍1
The January 2025 Cumulative Update introduced some very interesting changes to Event IDs 4768 and 4769. Several new fields were added that provide visibility into Kerberos authentication details. Previously, one of the only options to collect this data was to perform a network packet capture. Check out the indicator for impacket's getTGT and Rubeus' default asktgt command.
Credit : https://www.linkedin.com/in/odonnell-ryan
Credit : https://www.linkedin.com/in/odonnell-ryan
Process Hollowing on Windows 11 24H2
https://hshrzd.wordpress.com/2025/01/27/process-hollowing-on-windows-11-24h2/
https://hshrzd.wordpress.com/2025/01/27/process-hollowing-on-windows-11-24h2/
hasherezade's 1001 nights
Process Hollowing on Windows 11 24H2
Process Hollowing (a.k.a. RunPE) is probably the oldest, and the most popular process impersonation technique (it allows to run a malicious executable under the cover of a benign process). It is us…
For the first time, researchers have the opportunity to test our prebuilt behavior rules against key techniques.What sets this apart? This program goes beyond the typical focus on vulnerabilities—it emphasizes rule resilience, helping us refine protections directly tied to real-world threats.🧐
https://www.elastic.co/security-labs/behavior-rule-bug-bounty
https://www.elastic.co/security-labs/behavior-rule-bug-bounty
www.elastic.co
Announcing the Elastic Bounty Program for Behavior Rule Protections — Elastic Security Labs
Elastic is launching an expansion of its security bounty program, inviting researchers to test its SIEM and EDR rules for evasion and bypass techniques, starting with Windows endpoints. This initiative strengthens collaboration with the security community…