A Deep Dive into Cobalt Strike Malleable C2
https://posts.specterops.io/a-deep-dive-into-cobalt-strike-malleable-c2-6660e33b0e0b
#c2
https://posts.specterops.io/a-deep-dive-into-cobalt-strike-malleable-c2-6660e33b0e0b
#c2
🥰2
Forwarded from S.E.Book
• Account Creation in Linux;
• User Account Creation;
• Root/Superuser Account Creation;
• Persistance using SSH Authorized Keys;
• Persistence using Scheduled task;
• Cron Jobs;
• Systemd Timers;
• Shell Configuration Modification;
• Dynamic Linker Hijacking;
• What is LD_PRELOAD;
• Creating malicious Shared object Library for Persistence;
• SUID binary;
- Using SUID for Persistence;
- Example Scenario;
• rc.common/rc.local;
- Using rc.local for Persistence;
- Example: Starting a Service;
• Systemd Services;
- Creating a Custom systemd Service;
- Security Considerations;
- Advantages of Using systemd Services;
• Trap;
- Using trap in Scripts;
• Backdooring user startup file;
• Using System Call;
- system Call Monitoring and Blocking;
- Method 1: Emulate/Implement System Call in User-Space;
- Method 2: Use Alternate System Calls;
- Method 3: Fudging Around Parameters;
• MOTD Backdooring;
• APT Backdooring;
• Git Backdooring;
• Config;
• Backdooring OpenVPN;
• Security Researchers.
#Linux
Please open Telegram to view this post
VIEW IN TELEGRAM
👍1🔥1😁1
👾 The Malware Museum.
The fact is that when a malware infection occurred, the viruses sometimes showed animations or messages indicating that you were infected. Thanks to this museum, you can play animations and learn information about viruses.
https://archive.org/details/malwaremuseum
#malware_analysis
#malware_dev
The fact is that when a malware infection occurred, the viruses sometimes showed animations or messages indicating that you were infected. Thanks to this museum, you can play animations and learn information about viruses.
https://archive.org/details/malwaremuseum
#malware_analysis
#malware_dev
🔥2
Intel Hardware Shield deep dive: part 1 is user-mode System Management Mode (ISRD).
https://tandasat.github.io/blog/2024/02/29/ISRD.html
https://tandasat.github.io/blog/2024/02/29/ISRD.html
❤3👍1🔥1
Black Hat 2022: The Intel PPAM attack story
https://binarly.io/posts/Black_Hat_2022_The_Intel_PPAM_attack_story/
https://binarly.io/posts/Black_Hat_2022_The_Intel_PPAM_attack_story/
❤2🔥1
🔥2
How your EDR actually works
https://twitter.com/i/broadcasts/1dRKZErXPQbxB?s=20
#edr
------
@islemolecule_source
https://twitter.com/i/broadcasts/1dRKZErXPQbxB?s=20
#edr
------
@islemolecule_source
🔥4
Some Notes on Hardening IPv6 Stacks
https://theinternetprotocolblog.wordpress.com/2020/11/16/some-notes-on-hardening-ipv6-stacks/
#internals
------
@islemolecule_source
https://theinternetprotocolblog.wordpress.com/2020/11/16/some-notes-on-hardening-ipv6-stacks/
#internals
------
@islemolecule_source
🔥1
Buffer Overflow : Exploiting Easy RM to MP3 Converter
https://vandanpathak.com/kernels-and-buffers/buffer-overflow-exploiting-easy-rm-to-mp3-converter/
https://vandanpathak.com/kernels-and-buffers/buffer-overflow-exploiting-easy-rm-to-mp3-converter/
🔥2👍1
CryptoCrime_Rep_2024.pdf
20.8 MB
#book
"The 2024 Crypto Crime Report:
The latest trends in ransomware, scams, hacking and more", Feb. 2024.
"The 2024 Crypto Crime Report:
The latest trends in ransomware, scams, hacking and more", Feb. 2024.
🔥5
Advanced CyberChef Techniques for Configuration Extraction - Detailed Walkthrough and Examples
https://embee-research.ghost.io/advanced-cyberchef-operations-netsupport/
https://embee-research.ghost.io/advanced-cyberchef-operations-netsupport/
🔥5
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/
🔥4👍2
Red Teaming action practice based on MITER ATT&CK
https://mp.weixin.qq.com/s?__biz=MzAwMzAwOTQ5Nw==&mid=2650941400&idx=1&sn=cb9fda3118d1eced912f9e210c2cd734&chksm=8137396eb640b078190b7846de94f9486b3c2
https://mp.weixin.qq.com/s?__biz=MzAwMzAwOTQ5Nw==&mid=2650941400&idx=1&sn=cb9fda3118d1eced912f9e210c2cd734&chksm=8137396eb640b078190b7846de94f9486b3c2
👍3
2023 Top Vulnerabilities
https://malware.news/t/2023-top-vulnerabilities/79315
CVE-2023-28252 1– Windows Common Log File System Driver Elevation of Privilege Vulnerability.
CVE-2023-7024– Google Chromium WebRTC Heap Buffer Overflow Vulnerability.
CVE-2023-23397 2– Microsoft Outlook Elevation of Privilege Vulnerability.
CVE-2023-34362– Progress MOVEit Transfer SQL Injection Vulnerability.
CVE-2023-38831– RARLAB WinRAR Code Execution Vulnerability
CVE-2023-21674– Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability.
CVE-2023-23376– Windows Common Log File System Driver Elevation of Privilege Vulnerability.
CVE-2023-32434– Apple Multiple Products Integer Overflow Vulnerability.
CVE-2023-41763– Skype for Business Elevation of Privilege Vulnerability.
CVE-2023-36033– Windows DWM Core Library Elevation of Privilege Vulnerabilityhttps://malware.news/t/2023-top-vulnerabilities/79315
🏆3👍2
Complete Guide to Advanced Persistent Threat (APT) Security
https://securityboulevard.com/2024/03/complete-guide-to-advanced-persistent-threat-apt-security/
https://securityboulevard.com/2024/03/complete-guide-to-advanced-persistent-threat-apt-security/
❤1
open source RAT on the scene Xeno Rat
https://www.cyfirma.com/outofband/xeno-rat-a-new-remote-access-trojan-with-advance-capabilities/
https://github.com/moom825/xeno-rat
https://www.cyfirma.com/outofband/xeno-rat-a-new-remote-access-trojan-with-advance-capabilities/
https://github.com/moom825/xeno-rat
❤2
How we applied advanced fuzzing techniques to cURL
https://blog.trailofbits.com/2024/03/01/toward-more-effective-curl-fuzzing/
https://blog.trailofbits.com/2024/03/01/toward-more-effective-curl-fuzzing/
🔥1
Lazarus exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools.CVE-2024-21338
Beyond BYOVD with an Admin-to-Kernel Zero-Day
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/
Beyond BYOVD with an Admin-to-Kernel Zero-Day
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/