Risky Business #748 -- New cyber rules for US healthcare are coming (подкаст)
https://risky.biz/RB748/
https://risky.biz/RB748/
risky.biz
Risky Business #748 -- New cyber rules for US healthcare are coming - Risky Business
Leveraging macOS's Networking Frameworks to Heuristically Detect Malware (презентация)
Кратко - программно анализировать коннекты чисто на хосте
https://speakerdeck.com/patrickwardle/nothing-but-net-leveraging-macoss-networking-frameworks-to-heuristically-detect-malware
Кратко - программно анализировать коннекты чисто на хосте
https://speakerdeck.com/patrickwardle/nothing-but-net-leveraging-macoss-networking-frameworks-to-heuristically-detect-malware
Speaker Deck
Nothing but Net: Leveraging macOS's Networking Frameworks to Heuristically Detect Malware
As the majority of malware contains networking capabilities, it is well understood that detecting unauthorized network access is a powerful detection he…
Интересные курсы нашел, цена привлекательная ($450), незнаю насколько они хороши.
MCD - Certified Code Deobfuscation Specialist
MVRE - Certified Vulnerability Researcher and Exploitation Specialist
MCD - Certified Code Deobfuscation Specialist
MVRE - Certified Vulnerability Researcher and Exploitation Specialist
Еще хочу в ближайшем будущем пройти лабы от Xintra. Это лабы симулирующие атаку популярных АПТ группировок. Цена адекватная (45 баксов в месяц).
https://www.xintra.org/labs
https://www.xintra.org/labs
Mobile Malware Analysis Part 1 – Leveraging Accessibility Features to Steal Crypto Wallet
https://8ksec.io/mobile-malware-analysis-part-1-crypto-wallet-stealer/
https://8ksec.io/mobile-malware-analysis-part-1-crypto-wallet-stealer/
DFIR Labs CTF: May 19, 17:00-21:00 UTC
https://the-dfir-report-store.myshopify.com/products/dfir-labs-ctf-may-19-17-00-21-00-utc
https://the-dfir-report-store.myshopify.com/products/dfir-labs-ctf-may-19-17-00-21-00-utc
JS-Tap is a tool intended to help red teams attack web applications.
https://trustedsec.com/blog/js-tap-mark-ii-now-with-c2-shenanigans
https://trustedsec.com/blog/js-tap-mark-ii-now-with-c2-shenanigans
TrustedSec
JS-Tap Mark II: Now with C2 Shenanigans
An Event Tracing for Windows (ETW) tool that allows you to enumerate Manifest & MOF providers, as well as collect events from desired providers.
https://github.com/jsecurity101/ETWInspector
https://github.com/jsecurity101/ETWInspector
GitHub
GitHub - jonny-jhnson/ETWInspector
Contribute to jonny-jhnson/ETWInspector development by creating an account on GitHub.
Operation Triangulation: Attacks On IPhones/iPads - Marco Preuss
https://www.youtube.com/watch?v=xt6z4zExFII
https://www.youtube.com/watch?v=xt6z4zExFII
YouTube
Operation Triangulation: Attacks On IPhones/iPads - Marco Preuss
Тоже классный доклад. Вообще с этой конференции много хороших докладов
When Malware Becomes Creative: A Survey Of Android Detection Evasion Tactics
https://www.youtube.com/watch?v=t-zJ4KepbDg
When Malware Becomes Creative: A Survey Of Android Detection Evasion Tactics
https://www.youtube.com/watch?v=t-zJ4KepbDg
YouTube
When Malware Becomes Creative: A Survey Of Android Detection Evasion Tactics - Dimitrios Valsamaras
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Пропатчил THOR APT scanner, чтобы он работал без лицензии. Инструмент используется для live forensic. Официальное описание: THOR is an advanced compromise assessment tool specifically designed to detect hack tools, backdoors, and traces of hacker activities on endpoints that standard Anti-virus solutions often miss.
* пропатчил только thor.exe. thor64.exe и thor-update.exe не патчил (обновить сигнатуры нельзя). Перед запуском распакуйте архив с сигма правилами в папку signatures\sigma. запускать "thor.exe —sigma"
** оригинальный архив взял с другого телеграм канала, используйте на свой страх и риск, могут быть бэкдоры!
Скачать
* пропатчил только thor.exe. thor64.exe и thor-update.exe не патчил (обновить сигнатуры нельзя). Перед запуском распакуйте архив с сигма правилами в папку signatures\sigma. запускать "thor.exe —sigma"
** оригинальный архив взял с другого телеграм канала, используйте на свой страх и риск, могут быть бэкдоры!
Скачать
Forwarded from RME-DisCo @ UNIZAR [www.reversea.me]
Code injection on Android without ptrace https://erfur.github.io/blog/dev/code-injection-without-ptrace
erfur's bits and pieces
Code injection on Android without ptrace