We see a lot of threat actors in our Incident Response cases who disable or tamper with the local AV.

The website http://privacy.sexy has a copy & paste noscript to turn off most of Defenders features. [1] How many of these modifications (or deactivations) will trigger an alert in your environment?

@DebugPrivilege has written an excellent article about the various event logs Windows Defenders creates, in which event. [2]

Run the commands on a test system, and look for gaps in your monitoring

[1] https://privacy.sexy

[2] https://m365internals.com/2021/07/05/why-are-windows-defender-av-logs-so-important-and-how-to-monitor-them-with-azure-sentinel/

credit : @malmoeb


#AV ,
———
@islemolecule_source

VirtualBox internals and exploitation (CVE-2023-21987 and CVE-2023-21991)

credit : @qriousec

https://qriousec.github.io/post/vbox-pwn2own-2023/

#virtualbox , #analysis ,
———
@islemolecule_source

Ghidra vs Cutter vs Binary Ninja vs IDA Free
(Ida ❤️)
Link

#disassembler
@islemolecule_source

Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer

Link

#malware_analysis
@islemolecule_source

Exploits and rootkits in your browser extensions

DEFCON 2021.

Source Cocde qBit Stealer

Hello, qBit Stealer is a stealer malware designed with the red teamer in mind. It is completely written in Go, not detectable by EDRs, and is capable of uploading any file to locker of your choice. Utilizing cutting-edge con-currency engine to upload as fast as possible

Download Download


Password : blankroom

@Bl4nk_Room

Enjoy!

Azure AD Security Config Analyzer (AADSCA)
https://github.com/Cloud-Architekt/AzureAD-Attack-Defense/blob/main/AADSecurityConfigAnalyzer.md

Credit: Thomas Naunheim, Sami Lamppu & Markus Pitkäranta

#MicrosoftAzure #shiftavenue , #tool
———
@islemolecule_source

MuddyWater APT 🇮🇷 targeting telecoms orgs in North and East Africa with custom tools.
credit : @1ZRR4H

Tracking #MuddyC2Go servers with:
- Shodan: LINK
- Censys: LINK

Active C&C servers:
http://94.131.98[.]14:443/
http://95.164.38[.]99:443/
http://94.131.109[.]65:443/
http://45.67.230[.]91:443/
http://45.150.64[.]39:443/

[+] MuddyC2Go PowerShell launcher: LINK
REF: LINK

IDA Plugin Writing Tutorial

credit : http://www.openrce.org/

#old_but_gold

Windows exploit development resources

Link


#windows
@islemolecule_source

Internals of compilers, linkers, JITs and assemblers with focus on software security hardening)

Low-Level Software Security for Compiler Developers:
https://llsoftsec.github.io/llsoftsecbook/

#internals , #linker
———
@islemolecule_source

IPv6 Security & Capability Testing series
credit : @enno_insinuator

[ 1 ] : https://theinternetprotocolblog.wordpress.com/2020/05/24/ipv6-security-capability-testing-part-1/
[ 2 ] : https://theinternetprotocolblog.wordpress.com/2020/05/26/ipv6-security-capability-testing-part-2/

———
@islemolecule_source

IPv6 Security on the Stack Level
credit : @enno_insinuator

https://theinternetprotocolblog.wordpress.com/2020/08/02/ipv6-security-on-the-stack-level/

———
@islemolecule_source

Remember #stuxnet ? It was Dutch Erik van Sabben who planted the bug in Iran. I've seen it in Dutch news channels, will pop up internationally any minute I guess.

https://nos.nl/artikel/2504114-nederlander-saboteerde-atoomcomplex-in-iran-den-haag-wist-niets

#tweet
credit : @CisoDiagonal