Forwarded from .....
But a few months ago, we informed Snapfood indirectly about the existence of vulnerabilities
Snapfood servers were vulnerable and we had access to jira.snappfood.ir and jira.snapp.ir,... for months and warned about them but they didn't pay attention.
In this post, we thank the elites of SnapFood
بهنام نصراللهی
مهدی شکری
سپهر رشادی
According to our and other people's warnings, we are happy about what happened to SnappFood!
Please open Telegram to view this post
VIEW IN TELEGRAM
Initial Access – search-ms URI Handler
credit : @hackerfantastic
https://pentestlab.blog/2024/01/02/initial-access-search-ms-uri-handler/
#initial_access ,
———
@islemolecule_source
credit : @hackerfantastic
https://pentestlab.blog/2024/01/02/initial-access-search-ms-uri-handler/
#initial_access ,
———
@islemolecule_source
SQL Brute Force Leads to BlueSky Ransomware
credit : @1ZRR4H
https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware/
———
@islemolecule_source
credit : @1ZRR4H
https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware/
———
@islemolecule_source
Rust to Assembly: Understanding the Inner Workings of Rust . collection of blog posts show how Rust code maps to Assembly
https://eventhelix.com/rust/
#rust
———
@islemolecule_source
https://eventhelix.com/rust/
#rust
———
@islemolecule_source
Fuzz Everything, Everywhere, All at Once - Advanced QEMU-based fuzzing
https://media.ccc.de/v/37c3-12102-fuzz_everything_everywhere_all_at_once
#fuzzing #LibAFL #QEMU
———
@islemolecule_source
https://media.ccc.de/v/37c3-12102-fuzz_everything_everywhere_all_at_once
#fuzzing #LibAFL #QEMU
———
@islemolecule_source
We see a lot of threat actors in our Incident Response cases who disable or tamper with the local AV.
The website http://privacy.sexy has a copy & paste noscript to turn off most of Defenders features. [1] How many of these modifications (or deactivations) will trigger an alert in your environment?
@DebugPrivilege has written an excellent article about the various event logs Windows Defenders creates, in which event. [2]
Run the commands on a test system, and look for gaps in your monitoring
[1] https://privacy.sexy
[2] https://m365internals.com/2021/07/05/why-are-windows-defender-av-logs-so-important-and-how-to-monitor-them-with-azure-sentinel/
credit : @malmoeb
#AV ,
———
@islemolecule_source
The website http://privacy.sexy has a copy & paste noscript to turn off most of Defenders features. [1] How many of these modifications (or deactivations) will trigger an alert in your environment?
@DebugPrivilege has written an excellent article about the various event logs Windows Defenders creates, in which event. [2]
Run the commands on a test system, and look for gaps in your monitoring
[1] https://privacy.sexy
[2] https://m365internals.com/2021/07/05/why-are-windows-defender-av-logs-so-important-and-how-to-monitor-them-with-azure-sentinel/
credit : @malmoeb
#AV ,
———
@islemolecule_source
• Realistic “photos” were published on Reddit , which were generated by AI and are great for identity verification)) In one photo there is a girl with a sign, and in the second - with an ID card.
LINK
#informative
LINK
#informative
VirtualBox internals and exploitation (CVE-2023-21987 and CVE-2023-21991)
credit : @qriousec
https://qriousec.github.io/post/vbox-pwn2own-2023/
#virtualbox , #analysis ,
———
@islemolecule_source
credit : @qriousec
https://qriousec.github.io/post/vbox-pwn2own-2023/
#virtualbox , #analysis ,
———
@islemolecule_source
Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer
Link
#malware_analysis
@islemolecule_source
Link
#malware_analysis
@islemolecule_source
exploits_rootkits_in_browser_extensions.pdf
2 MB
Exploits and rootkits in your browser extensions
DEFCON 2021.
DEFCON 2021.
Forwarded from BlankRoom
Source Cocde qBit Stealer
Download Download
Password : blankroom
@Bl4nk_Room
Enjoy!
Hello, qBit Stealer is a stealer malware designed with the red teamer in mind. It is completely written in Go, not detectable by EDRs, and is capable of uploading any file to locker of your choice. Utilizing cutting-edge con-currency engine to upload as fast as possible
Download Download
Password : blankroom
@Bl4nk_Room
Enjoy!
Azure AD Security Config Analyzer (AADSCA)
https://github.com/Cloud-Architekt/AzureAD-Attack-Defense/blob/main/AADSecurityConfigAnalyzer.md
Credit: Thomas Naunheim, Sami Lamppu & Markus Pitkäranta
#MicrosoftAzure #shiftavenue , #tool
———
@islemolecule_source
https://github.com/Cloud-Architekt/AzureAD-Attack-Defense/blob/main/AADSecurityConfigAnalyzer.md
Credit: Thomas Naunheim, Sami Lamppu & Markus Pitkäranta
#MicrosoftAzure #shiftavenue , #tool
———
@islemolecule_source
MuddyWater APT 🇮🇷 targeting telecoms orgs in North and East Africa with custom tools.
credit : @1ZRR4H
Tracking #MuddyC2Go servers with:
- Shodan: LINK
- Censys: LINK
Active C&C servers:
http://94.131.98[.]14:443/
http://95.164.38[.]99:443/
http://94.131.109[.]65:443/
http://45.67.230[.]91:443/
http://45.150.64[.]39:443/
[+] MuddyC2Go PowerShell launcher: LINK
REF: LINK
credit : @1ZRR4H
Tracking #MuddyC2Go servers with:
- Shodan: LINK
- Censys: LINK
Active C&C servers:
http://94.131.98[.]14:443/
http://95.164.38[.]99:443/
http://94.131.109[.]65:443/
http://45.67.230[.]91:443/
http://45.150.64[.]39:443/
[+] MuddyC2Go PowerShell launcher: LINK
REF: LINK