Turning EDRs to Malicious Wipers Using 0-day Exploits
https://www.blackhat.com/eu-22/briefings/schedule/index.html#aikido-turning-edrs-to-malicious-wipers-using--day-exploits-29336
https://www.blackhat.com/eu-22/briefings/schedule/index.html#aikido-turning-edrs-to-malicious-wipers-using--day-exploits-29336
Blackhat
Black Hat Europe 2022
Text editor plugins for Salt states and YAML/Jinja
https://salt.tips/text-editor-plugins-for-salt-states-and-yaml-jinja/#pycharm
https://salt.tips/text-editor-plugins-for-salt-states-and-yaml-jinja/#pycharm
salt.tips
Text editor plugins for Salt states and YAML/Jinja
Salt and YAML/Jinja plugins for Vim, Emacs, Sublime Text, Atom, Visual Studio Code, PyCharm, Kate, MC and Eclipse
incident response plans in “3 words” / план реагирования на инцидеты в “трех словах”
- [en] According to SANS, incident response plans should include preparation, identification, containment, eradication, recovery, and lessons learned.
- [ru] Согласно SANS, планы реагирования на инциденты должны включать подготовку, идентификацию, локализацию, ликвидацию, восстановление и извлечение уроков.
- is everyone like this? does anyone have such a plan at all? )
- у всех так? вообще есть ли у кого-нибудь такой план? за исключением post-mortem, которого тоже как правило нет? 🙂
#note
- [en] According to SANS, incident response plans should include preparation, identification, containment, eradication, recovery, and lessons learned.
- [ru] Согласно SANS, планы реагирования на инциденты должны включать подготовку, идентификацию, локализацию, ликвидацию, восстановление и извлечение уроков.
- is everyone like this? does anyone have such a plan at all? )
- у всех так? вообще есть ли у кого-нибудь такой план? за исключением post-mortem, которого тоже как правило нет? 🙂
#note
AIDE (Advanced Intrusion Detection Environment])
is a file and directory integrity checker
* https://aide.github.io
#tool #review
is a file and directory integrity checker
* https://aide.github.io
#tool #review
OWASP Mutillidae II
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.
— https://github.com/webpwnized/mutillidae
#tool
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.
— https://github.com/webpwnized/mutillidae
#tool
GitHub
GitHub - webpwnized/mutillidae: OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a…
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, s...
Как жестко завесить Каспи терминал
В КЗ есть такие мобильные терминалы в торговых точках, если быть точнее POS терминалы, жестко завесить такой терминал (вплоть до жесткой перезагрузки) можно…
При помощи проездной карты.
В Алматы есть проездные карты Онай, когда продавец пробьет сумму в терминале, достаточно приложить такую карту (можно попробовать подложить под платёжную карту) и терминал совместно с платежным приложением войдет в loop)
#joke
В КЗ есть такие мобильные терминалы в торговых точках, если быть точнее POS терминалы, жестко завесить такой терминал (вплоть до жесткой перезагрузки) можно…
При помощи проездной карты.
В Алматы есть проездные карты Онай, когда продавец пробьет сумму в терминале, достаточно приложить такую карту (можно попробовать подложить под платёжную карту) и терминал совместно с платежным приложением войдет в loop)
#joke
Apple resources for download open source code for their operating systems and developer tools:
https://opensource.apple.com/releases/
https://opensource.apple.com/releases/
OWASP_SCP_Quick_Reference_Guide_v2.pdf
247.6 KB
OWASP Secure Coding Practices
Dragnmove
Dragnmove is a post-exploitaition tool that infects files shared between users in order to move from one system to another. Dragnmove can detect actions like dropping a file into the browser window or attaching a file to an email client. After Dragnmove detects the action, it hooks CreateFile API calls to modify handles:
https://github.com/OccamsXor/Dragnmove
Dragnmove is a post-exploitaition tool that infects files shared between users in order to move from one system to another. Dragnmove can detect actions like dropping a file into the browser window or attaching a file to an email client. After Dragnmove detects the action, it hooks CreateFile API calls to modify handles:
https://github.com/OccamsXor/Dragnmove
A New MacOS Persistence and Deception Technique: Default Application Hijacking
This bug allows for code execution and potentially allows an attacker to trick the user into granting TCC permissions to an attacker-controlled application..:
https://medium.com/@marcusthebrody/a-new-macos-persistence-and-deception-technique-default-application-hijacking-52de66955a16
This bug allows for code execution and potentially allows an attacker to trick the user into granting TCC permissions to an attacker-controlled application..:
https://medium.com/@marcusthebrody/a-new-macos-persistence-and-deception-technique-default-application-hijacking-52de66955a16
Medium
A New MacOS Persistence and Deception Technique: Default Application Hijacking
By Gordon Long (@ethicalhax)
OSV-Scanner
Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies..:
* https://github.com/google/osv-scanner
#tool #research
Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies..:
* https://github.com/google/osv-scanner
#tool #research
GitHub
GitHub - google/osv-scanner: Vulnerability scanner written in Go which uses the data provided by https://osv.dev
Vulnerability scanner written in Go which uses the data provided by https://osv.dev - google/osv-scanner
100 000 000 морских свинок: Опасности в каждодневной еде, лекарствах и косметике - книга, написанная Артуром Каллетом и Ф.Дж. Шлинком и выпущенная в США в 1933 году "Вангард Пресс". Центральная идея книги - то, что население США используется в качестве морских свинок в гигантском эксперименте пищевых и медицинских корпораций:
https://fb2-epub.ru/load/jizn/zdorove/100_millionov_morskikh_svinok_artur_kallet_frederik_shlink/133-1-0-13384
https://fb2-epub.ru/load/jizn/zdorove/100_millionov_morskikh_svinok_artur_kallet_frederik_shlink/133-1-0-13384
Domain Name System (DNS) Parameters
Last Updated 2022-12-06
https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml
Last Updated 2022-12-06
https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml
Blindside is a technique for evading the monitoring of endpoint detection and response (EDR) and extended detection and response (XDR) platforms using hardware breakpoints to inject commands and perform unexpected, unwanted, or malicious operations. It involves creating a breakpoint handler, and setting a hardware breakpoint that will force the debugged process to load only ntdll to memory
— https://github.com/CymulateResearch/Blindside
— https://github.com/CymulateResearch/Blindside
Avoiding Detection with Shellcode Mutator
…Today we are releasing a new tool to help red teamers avoid detection. Shellcode is a small piece of code that is typically used as the payload in an exploit, and can often be detected by its “signature”, or unique pattern. Shellcode Mutator mutates exploit source code without affecting its functionality, changing its signature and making it harder to reliably detect as malicious..:
— https://labs.nettitude.com/blog/shellcode-source-mutations/
…Today we are releasing a new tool to help red teamers avoid detection. Shellcode is a small piece of code that is typically used as the payload in an exploit, and can often be detected by its “signature”, or unique pattern. Shellcode Mutator mutates exploit source code without affecting its functionality, changing its signature and making it harder to reliably detect as malicious..:
— https://labs.nettitude.com/blog/shellcode-source-mutations/
LRQA
Avoiding Detection with Shellcode Mutator
Today we are releasing a new tool to help red teamers avoid detection. Shellcode is a small piece of code that is typically used as the payload in an exploit, and can often be detected by its “signature”, or unique pattern
The FBI is warning the public that cyber criminals are using search engine advertisement services to impersonate brands and direct users to malicious sites that host ransomware and steal login credentials and other financial information:
https://www.ic3.gov/Media/Y2022/PSA221221
https://www.ic3.gov/Media/Y2022/PSA221221