The Kerberos Key List Attack: The return of the Read Only Domain Controllers https://www.secureauth.com/blog/the-kerberos-key-list-attack-the-return-of-the-read-only-domain-controllers/
SecureAuth
Resource Hub
Explore SecureAuth's resources to learn more about better workforce and customer identity and access management.
Analyzing a watering hole campaign using macOS exploits https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/
Google
Analyzing a watering hole campaign using macOS exploits
To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors t…
Evading EDR Detection with Reentrancy Abuse https://www.deepinstinct.com/blog/evading-antivirus-detection-with-inline-hooks
Deep Instinct
Evading EDR Detection with Reentrancy Abuse | Deep Instinct
In this blog, we’ll explore a new way to exploit reentrancy that can be used to evade the behavioral analysis of EDR and legacy antivirus products.
Mimidrv In Depth: Exploring Mimikatz’s Kernel Driver https://posts.specterops.io/mimidrv-in-depth-4d273d19e148
Medium
Mimidrv In Depth: Exploring Mimikatz’s Kernel Driver
Mimikatz provides the opportunity to leverage kernel mode functions through the included driver, Mimidrv. Mimidrv is a signed Windows…
Practical attacks against attribute-based encryption https://research.kudelskisecurity.com/2021/11/12/practical-attacks-against-attribute-based-encryption/
Kudelski Security Research
Practical attacks against attribute-based encryption
Authors: Antonio de la Piedra (Kudelski Security Research Team) and Marloes Venema (Radboud University Nijmegen) This week at Black Hat Europe 2021 we have presented our work on attacking attribute…
Escalating XSS to Sainthood with Nagios https://blog.grimm-co.com/2021/11/escalating-xss-to-sainthood-with-nagios.html
Exploiting Grandstream HT801 ATA (CVE-2021-37748, CVE-2021-37915) https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915/
www.secforce.com
Exploiting Grandstream HT801 ATA (CVE-2021-37748, CVE-2021-37915)
This article describes two authenticated remote code execution vulnerabilities that we found during a time-bounded security assessment of Grandstream’s HT801 Analog Telephone Adapter. Both vulnerabilities are exploitable via the limited configuration shell…
Backup “Removal” Solutions - From Conti Ransomware With Love https://www.advintel.io/post/backup-removal-solutions-from-conti-ransomware-with-love
Redsense
RedSense Home
RedSense Cyber Threat Intelligence provides products and services to many of the world’s most sophisticated corporate threat intelligence departments and security organizations. As companies rethink their intelligence frameworks for greater efficacy and cost…
Fuzzing Microsoft's RDP Client using Virtual Channels: Overview & Methodology https://thalium.github.io/blog/posts/fuzzing-microsoft-rdp-client-using-virtual-channels/
OSX.CDDS: a sophisticated watering hole campaign drops a new macOS implant! https://objective-see.com/blog/blog_0x69.html
objective-see.org
OSX.CDDS (OSX.MacMa)
a sophisticated watering hole campaign drops a new macOS implant!
fee: Execute ELF files without dropping them on disk https://github.com/nnsee/fileless-elf-exec
GitHub
GitHub - nnsee/fileless-elf-exec: Execute ELF files without dropping them on disk
Execute ELF files without dropping them on disk. Contribute to nnsee/fileless-elf-exec development by creating an account on GitHub.
The hunt for NOBELIUM, the most sophisticated nation-state attack in history https://www.microsoft.com/security/blog/2021/11/10/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history/
Microsoft Security Blog
The hunt for NOBELIUM, the most sophisticated nation-state attack in history | Microsoft Security Blog
In the second of a four-part series on the NOBELIUM nation-state attack, we share the behind-the-scenes details of the detection and investigation into the threat.
SharkBot: a new generation of Android Trojans is targeting banks in Europe https://www.cleafy.com/cleafy-labs/sharkbot-a-new-generation-of-android-trojan-is-targeting-banks-in-europe
Cleafy
SharkBot: a new generation of Android Trojans is targeting banks in Europe | Cleafy Labs
SharkBot: a new generation of Android Trojans is targeting European banks. It has been discovered by the threat intelligence team of Cleafy: here's the technical analysis.
Cyber-mercenary group Void Balaur has been hacking companies for years https://therecord.media/cyber-mercenary-group-void-balaur-has-been-hacking-companies-for-years/
therecord.media
Cyber-mercenary group Void Balaur has been hacking companies for years
Cyber-security firm Trend Micro has published today a 46-page report detailing the history and activity of a hacker-for-hire group that has been advertising its services in the cybercrime underworld and conducting on-demand intrusions since the mid-2010s.
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/
Microsoft News
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks
HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans (RATs), and other payloads related to targeted…
Revealing Lamberts/Longhorn malware capabilities using a step-by-step approach (cyberespionage group linked to Vault 7) https://cybergeeks.tech/revealing-the-lamberts-malware-using-a-step-by-step-approach-cyberespionage-group-linked-to-vault-7/