Event Tracing for Windows detection in the kernel against rootkits
In this post, you’ll see how adversaries (both real threat actors and Red Teams) use ETW tampering, why it’s critical for modern EDR’s to detect these techniques, and how my Sanctum EDR demonstrates robust detection and response capabilities against real-world threats like Remcos and Lazarus.
In this post, you’ll see how adversaries (both real threat actors and Red Teams) use ETW tampering, why it’s critical for modern EDR’s to detect these techniques, and how my Sanctum EDR demonstrates robust detection and response capabilities against real-world threats like Remcos and Lazarus.
👍3
Problems_Python_Excel.pdf
2.7 MB
Black Hat Asia 2025:
"The Problems of Embedded Python in Excel".
"The Problems of Embedded Python in Excel".
👍2👎1
Understanding Sleep Obfuscation
How Malware Uses Sleep Cycles to Avoid Detection
How Malware Uses Sleep Cycles to Avoid Detection
👍2
Forwarded from Reverse Dungeon
Mandiant-Malware-Analysis-2025.zip
21.3 MB
Mandiant Malware Analysis 2025 Course - Manuals and Lab Solutions
(without 40GB flarevm images🥰 )
If need images - t.me/Cobalt_Strike_info/1466
(without 40GB flarevm images
If need images - t.me/Cobalt_Strike_info/1466
Please open Telegram to view this post
VIEW IN TELEGRAM
❤12👍3
Forwarded from Order of Six Angles
Xintra APT Emulation Lab - Husky Corp
https://bri5ee.sh/blue%20team/2025/04/07/xintra-apt-emulation-lab-husky-corp.html
https://bri5ee.sh/blue%20team/2025/04/07/xintra-apt-emulation-lab-husky-corp.html
bri5ee.sh
Xintra APT Emulation Lab - Husky Corp
cybersecurity blog about penetration testing, red teaming, blue teaming, and things.
🔥6👍1
Forwarded from Mehraz
mehrazino.github.io
Telegram Cybersecurity Channels
فهرست کانالهای تلگرام مرتبط با امنیت سایبری
سلام. بعضی از چنلهای تلگرام فعال در حوزه امنیت سایبری و OSINT رو اینجا جمع کردم.
خوشحال میشم اگه دوست داشتید برای افزودن کانالهای بیشتر مشارکت کنید. در گیتهاب، یا PV من.
https://mehrazino.github.io/tg-cybersec
خوشحال میشم اگه دوست داشتید برای افزودن کانالهای بیشتر مشارکت کنید. در گیتهاب، یا PV من.
https://mehrazino.github.io/tg-cybersec
👍3👎2❤1
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Decrypting Yandex Browser passwords
https://github.com/Goodies365/YandexDecrypt
@exited3n переписал на python:
https://github.com/akhomlyuk/Ya_Decrypt
#creds #pentest #redteam #ad
https://github.com/Goodies365/YandexDecrypt
@exited3n переписал на python:
https://github.com/akhomlyuk/Ya_Decrypt
#creds #pentest #redteam #ad
👍3❤2
Forwarded from Ai000 Cybernetics QLab
In April 2025, the threat actor group named Shadowbits claimed to have breached Hamrahe Avval (MCI), Iran's largest mobile operator, and to have gained access to its database. According to the threat actor, a substantial amount of data belonging to MCI's customers was taken, including full names, father names, place of birth, gender, national ID numbers, addresses, postal codes, birth dates, mobile numbers, and SIM card information.
@aioooir | #hack
@aioooir | #hack
Ai000 Cybernetics QLab
In April 2025, the threat actor group named Shadowbits claimed to have breached Hamrahe Avval (MCI), Iran's largest mobile operator, and to have gained access to its database. According to the threat actor, a substantial amount of data belonging to MCI's customers…
i check the breached data
it is new :(
it is new :(
🗿4
Source Byte
i check the breached data it is new :(
hers is detals :
1. 300 MCI employees
(Name and surname, father's name, gender, date of birth, place of birth, ID card, address, province, address, postal code, mobile, plan, email)
2. 300K client name & emails
(customerBriefInfo_custName,indvBrief_email)
1. 300 MCI employees
(Name and surname, father's name, gender, date of birth, place of birth, ID card, address, province, address, postal code, mobile, plan, email)
2. 300K client name & emails
(customerBriefInfo_custName,indvBrief_email)
🤯7👾2😱1
Waiting Thread Hijacking: A Stealthier Version of Thread Execution Hijacking
Process Injection is one of the important techniques in the attackers’ toolkit. In the constant cat-and-mouse game, attackers try to invent its new implementations that bypass defenses, using creative methods and lesser-known APIs.
Combining common building blocks in an atypical way, Check Point Research was able to create a much stealthier version of a known method, Thread Execution Hijacking.
Research by lovely hasherezade
Process Injection is one of the important techniques in the attackers’ toolkit. In the constant cat-and-mouse game, attackers try to invent its new implementations that bypass defenses, using creative methods and lesser-known APIs.
Combining common building blocks in an atypical way, Check Point Research was able to create a much stealthier version of a known method, Thread Execution Hijacking.
❤6
Forwarded from Cafe Security (Mohammad)
Problems_Python_Excel.pdf
2.7 MB
Black Hat Asia 2025:
"The Problems of Embedded Python in Excel"
https://github.com/shalomc/bhasia2025
#red_team
#offensive_security
@cafe_security
"The Problems of Embedded Python in Excel"
https://github.com/shalomc/bhasia2025
#red_team
#offensive_security
@cafe_security
👍4👎2