Home Grown Red Team: Lateral Movement With Havoc C2 And Microsoft EDR
https://assume-breach.medium.com/home-grown-red-team-lateral-movement-with-havoc-c2-and-microsoft-edr-300b7389b1f7
https://assume-breach.medium.com/home-grown-red-team-lateral-movement-with-havoc-c2-and-microsoft-edr-300b7389b1f7
Medium
Home Grown Red Team: Lateral Movement With Havoc C2 And Microsoft EDR
Lateral movement is extremely important for any red team engagement. Getting your initial shell is great, but if you can’t move off the box…
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice
https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice
https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice
Proofpoint
What Is a Threat Actor? - Definition, Types & More | Proofpoint US
A threat actor is a term used to describe individuals whose purpose is to engage in cyber-related offenses. Learn the definition, types, motivations, and more.
Infrastructure Resilience Planning Framework (IRPF)
The Cybersecurity and Infrastructure Security Agency (CISA) has developed the Infrastructure Resilience Planning Framework (IRPF) to enable the incorporation of security and resilience considerations in critical infrastructure planning and investment decisions.
NOVEMBER 2022 | VERSION 1.1:
https://www.cisa.gov/sites/default/files/publications/Infrastructure-Resilience%20Planning-Framework-%28IRPF%29%29.pdf
The Cybersecurity and Infrastructure Security Agency (CISA) has developed the Infrastructure Resilience Planning Framework (IRPF) to enable the incorporation of security and resilience considerations in critical infrastructure planning and investment decisions.
NOVEMBER 2022 | VERSION 1.1:
https://www.cisa.gov/sites/default/files/publications/Infrastructure-Resilience%20Planning-Framework-%28IRPF%29%29.pdf
Cybersecurity and Infrastructure Security Agency CISA
Infrastructure Resilience Planning Framework (IRPF) | CISA
This planning framework provides processes and a series of tools and resources for incorporating critical infrastructure resilience considerations into planning activities.
Hermit: Deterministic Linux for Controlled Testing and Software Bug-finding
https://developers.facebook.com/blog/post/2022/11/22/hermit-deterministic-linux-testing/
https://developers.facebook.com/blog/post/2022/11/22/hermit-deterministic-linux-testing/
Meta for Developers
Hermit: Deterministic Linux for Controlled Testing and Software Bug-finding
Facebook For Developers
CVE-2021-40662 Chamilo LMS 1.11.14 RCE
This article is about my third CVE that I got for finding a Remote Code Execution in a popular Learning Management Software named “Chamilo LMS”.
https://hacklido.com/d/90-cve-2021-40662-chamilo-lms-11114-rce
This article is about my third CVE that I got for finding a Remote Code Execution in a popular Learning Management Software named “Chamilo LMS”.
https://hacklido.com/d/90-cve-2021-40662-chamilo-lms-11114-rce
HACKLIDO
CVE-2021-40662 Chamilo LMS 1.11.14 RCE
This is Febin, a Security Researcher. This article is about my third CVE that I got for finding a Remote Code Execution in a popular Learning Management...
teamcity_whitepaper_cloud_cost.pdf
468.4 KB
15 Ways to Optimize Your Cloud CI/CD Costs
Python 3.11: New Features That You Will Truly Enjoy
https://towardsdatascience.com/python-3-11-new-features-that-you-will-truly-enjoy-9fd67882fdf
https://towardsdatascience.com/python-3-11-new-features-that-you-will-truly-enjoy-9fd67882fdf
poc_sec_experts_attacked.pdf
978 KB
How security professionals are being attacked: A study of malicious CVE proof of
concept exploits in GitHub
concept exploits in GitHub
heap_detective
This tool uses the taint analysis technique for static analysis and aims to identify points of heap memory usage vulnerabilities in C and C++ languages. The tool uses a common approach in the first phase of static analysis, using tokenization to collect information.
https://github.com/CoolerVoid/heap_detective
This tool uses the taint analysis technique for static analysis and aims to identify points of heap memory usage vulnerabilities in C and C++ languages. The tool uses a common approach in the first phase of static analysis, using tokenization to collect information.
https://github.com/CoolerVoid/heap_detective
Spotify’s Launched Vulnerability Management Platform
Just for information, in the article I didn’t find links to Kitsune:
https://engineering.atspotify.com/2022/11/spotifys-vulnerability-management-platform/
Just for information, in the article I didn’t find links to Kitsune:
https://engineering.atspotify.com/2022/11/spotifys-vulnerability-management-platform/
Spotify Engineering
Spotify’s Vulnerability Management Platform
Spotify’s Vulnerability Management Platform - Spotify Engineering
Google Chrome High CVE-2022-4135: Heap buffer overflow in GPU
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 107.0.5304.121 for Mac and Linux and 107.0.5304.121/.122 for Windows , which will roll out over the...
Preparing for DoS (Denial of Service) attacks_V2.pdf
148.4 KB
Denial of service (DoS) Preparing for DoS attacks
5 simple illustrated steps from ncsc (2020)
5 simple illustrated steps from ncsc (2020)
Hijacking service workers via DOM Clobbering
https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering
https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering
PortSwigger Research
Hijacking service workers via DOM Clobbering
In this post, we'll briefly review how service worker hijacking works, then introduce a variant that can be triggered via DOM clobbering thanks to a quirk in document.getElementById(). Understanding s
Fibratus - A modern tool for Windows kernel exploration and observability with a focus on security
— https://github.com/rabbitstack/fibratus
— https://github.com/rabbitstack/fibratus
GitHub
GitHub - rabbitstack/fibratus: Adversary tradecraft detection, protection, and hunting
Adversary tradecraft detection, protection, and hunting - GitHub - rabbitstack/fibratus: Adversary tradecraft detection, protection, and hunting
RE2 Regex Testing in Google Docs
I recently found out about RE2 - fast regular expression library, but where can I testing this? And boom - google docs allowing testing regex with
I recently found out about RE2 - fast regular expression library, but where can I testing this? And boom - google docs allowing testing regex with
REGEXMATCH fuction.