Forwarded from Reverse Dungeon
GitHub
GitHub - EvilBytecode/NoMoreStealers: NoMoreStealers is a Windows file system minifilter driver that protects sensitive user data…
NoMoreStealers is a Windows file system minifilter driver that protects sensitive user data from untrusted processes. - EvilBytecode/NoMoreStealers
How to mitigate symbolic link attacks on Windows?
https://www.seljan.hu/posts/how-to-mitigate-symbolic-link-attacks-on-windows/
https://www.seljan.hu/posts/how-to-mitigate-symbolic-link-attacks-on-windows/
👍2👎1
Forwarded from Order of Six Angles
Time Travel Triage: An Introduction to Time Travel Debugging using a .NET Process Hollowing Case Study
https://cloud.google.com/blog/topics/threat-intelligence/time-travel-debugging-using-net-process-hollowing?linkId=17730646
https://cloud.google.com/blog/topics/threat-intelligence/time-travel-debugging-using-net-process-hollowing?linkId=17730646
Google Cloud Blog
Time Travel Triage: An Introduction to Time Travel Debugging using a .NET Process Hollowing Case Study | Google Cloud Blog
The basics of WinDbg and Time Travel Debugging necessary to start incorporating it into your analysis.
❤3
Reverse Engineering WebAssembly
https://medium.com/%40pnfsoftware/reverse-engineering-webassembly-ed184a099931
https://medium.com/%40pnfsoftware/reverse-engineering-webassembly-ed184a099931
❤2
Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets
https://dti.domaintools.com/threat-intelligence-report-apt35-internal-leak-of-hacking-campaigns-against-lebanon-kuwait-turkey-saudi-arabia-korea-and-domestic-iranian-targets/
https://dti.domaintools.com/threat-intelligence-report-apt35-internal-leak-of-hacking-campaigns-against-lebanon-kuwait-turkey-saudi-arabia-korea-and-domestic-iranian-targets/
👍3❤2😁2🔥1
Forwarded from Orca Cyber Weapons
AV-EDRpdf.pdf
274.9 KB
"Not-Too-Safe Boot : Remotely Bypassing Endpoint Security Solutions (AV/EDR/…) and Anti-Tampering Mechanisms"
❤6🔥2
Morphisec Thwarts Russian-Linked StealC V2 Campaign Targeting Blender Users via Malicious .blend Files
https://www.morphisec.com/blog/morphisec-thwarts-russian-linked-stealc-v2-campaign-targeting-blender-users-via-malicious-blend-files/
https://www.morphisec.com/blog/morphisec-thwarts-russian-linked-stealc-v2-campaign-targeting-blender-users-via-malicious-blend-files/
3👍2👎1🤯1
شرکت فناوری اطلاعات بانک تجارت بهمنظور تکمیل و تقویت تیمهای تخصصی خود، از کارشناسان توانمند و باانگیزه دعوت به همکاری مینماید.
کارشناس ارشد تیم قرمز
• آشنایی با فرآیندها و فعالیتهای تیم قرمز
• توانایی اجرای ارزیابیهای امنیتی و پیادهسازی حملات مربوط به اکتیو دایرکتوری
• تجربه کار در حوزه شبیهسازی حملات بر اساس MITRE ATT&CK
• مهارت کار تیمی و ارائه پیشنهادهای فنی برای ارتقای امنیت
مزایا و شرایط همکاری پس از انجام مصاحبه تعیین خواهد شد.
علاقهمندان میتوانند رزومه خود را از طریق لینکدین یا ایمیل ارسال نمایند.
seclab@tejaratbank.ir
کارشناس ارشد تیم قرمز
• آشنایی با فرآیندها و فعالیتهای تیم قرمز
• توانایی اجرای ارزیابیهای امنیتی و پیادهسازی حملات مربوط به اکتیو دایرکتوری
• تجربه کار در حوزه شبیهسازی حملات بر اساس MITRE ATT&CK
• مهارت کار تیمی و ارائه پیشنهادهای فنی برای ارتقای امنیت
مزایا و شرایط همکاری پس از انجام مصاحبه تعیین خواهد شد.
علاقهمندان میتوانند رزومه خود را از طریق لینکدین یا ایمیل ارسال نمایند.
seclab@tejaratbank.ir
2❤21👎6
sidewinder uses server side polymorphism to target pakistan & turkey
https://web.archive.org/web/20240713110655/https://blogs.blackberry.com/ja/jp/2023/10/sidewinder-uses-server-side-polymorphism-to-target-pakistan
https://web.archive.org/web/20240713110655/https://blogs.blackberry.com/ja/jp/2023/10/sidewinder-uses-server-side-polymorphism-to-target-pakistan
🥰2
Source Byte
let me guess , it's CVE-2025-8088 ? md5 : 391325100384964325ed4ace788c8bc2
CVE-2025-80880 🤔
A new wiper attack has been identified by ClearSky Cyber Security affecting Ukraine.
We named this wiper "GamaWiper" (VBS-based wiper).The intrusion chain begins with the exploitation of a vulnerable WinRAR version (CVE-2025-80880). We assess with moderate confidence that this activity is linked to the Gamaredon APT group. This marks the first observed instance of Gamaredon conducting destructive operations rather than its traditional espionage activities
Related IoCs
A new wiper attack has been identified by ClearSky Cyber Security affecting Ukraine.
We named this wiper "GamaWiper" (VBS-based wiper).The intrusion chain begins with the exploitation of a vulnerable WinRAR version (CVE-2025-80880). We assess with moderate confidence that this activity is linked to the Gamaredon APT group. This marks the first observed instance of Gamaredon conducting destructive operations rather than its traditional espionage activities
Related IoCs
❤6
Diffing 7-Zip for CVE-2025-11001
https://pacbypass.github.io/2025/10/16/diffing-7zip-for-cve-2025-11001.html
https://pacbypass.github.io/2025/10/16/diffing-7zip-for-cve-2025-11001.html
2❤7👍4
Forwarded from ARVIN
Inside the Mind of a Ransomware Operator | Exclusive Interview
https://www.youtube.com/watch?v=LhLimreV-K0
https://www.youtube.com/watch?v=LhLimreV-K0
YouTube
Inside the Mind of a Ransomware Operator | Exclusive Interview
I sat down with an active ransomware operator for a conversation they didn't want me to have. No noscript, no filter.
⚠️ DISCLAIMER: This interview is for educational and research purposes only. The content discussed does not constitute endorsement of illegal…
⚠️ DISCLAIMER: This interview is for educational and research purposes only. The content discussed does not constitute endorsement of illegal…
❤5
K7 Antivirus: Named pipe abuse, registry manipulation and privilege escalation
https://blog.quarkslab.com/k7-antivirus-named-pipe-abuse-registry-manipulation-and-privilege-escalation.html
#CVE-2024-36424
https://blog.quarkslab.com/k7-antivirus-named-pipe-abuse-registry-manipulation-and-privilege-escalation.html
#CVE-2024-36424
❤6🤔2
React2Shell (CVE-2025-55182) Exploitation: Real-World Incident Response to XMRig Cryptominer Attack
https://raminfp.info/blog/server-compromise-xmrig-cryptominer-incident/
https://raminfp.info/blog/server-compromise-xmrig-cryptominer-incident/
❤5
Sliver C2 Insecure Default Network Policy (#CVE-2025-27093)
https://hngnh.com/posts/Sliver-CVE-2025-27093/
https://hngnh.com/posts/Sliver-CVE-2025-27093/
❤3
REMOTE WINDOWS CREDENTIAL DUMP WITH SHADOW SNAPSHOTS: EXPLOITATION AND DETECTION
https://labs.itresit.es/2025/06/11/remote-windows-credential-dump-with-shadow-snapshots-exploitation-and-detection/
https://labs.itresit.es/2025/06/11/remote-windows-credential-dump-with-shadow-snapshots-exploitation-and-detection/
👍7
Windows Filtering Platform: Persistent state under the hood
https://blog.quarkslab.com/windows-filtering-platform-persistent-state-under-the-hood.html
https://blog.quarkslab.com/windows-filtering-platform-persistent-state-under-the-hood.html
❤3