incident response plans in “3 words” / план реагирования на инцидеты в “трех словах”
- [en] According to SANS, incident response plans should include preparation, identification, containment, eradication, recovery, and lessons learned.
- [ru] Согласно SANS, планы реагирования на инциденты должны включать подготовку, идентификацию, локализацию, ликвидацию, восстановление и извлечение уроков.
- is everyone like this? does anyone have such a plan at all? )
- у всех так? вообще есть ли у кого-нибудь такой план? за исключением post-mortem, которого тоже как правило нет? 🙂
#note
- [en] According to SANS, incident response plans should include preparation, identification, containment, eradication, recovery, and lessons learned.
- [ru] Согласно SANS, планы реагирования на инциденты должны включать подготовку, идентификацию, локализацию, ликвидацию, восстановление и извлечение уроков.
- is everyone like this? does anyone have such a plan at all? )
- у всех так? вообще есть ли у кого-нибудь такой план? за исключением post-mortem, которого тоже как правило нет? 🙂
#note
AIDE (Advanced Intrusion Detection Environment])
is a file and directory integrity checker
* https://aide.github.io
#tool #review
is a file and directory integrity checker
* https://aide.github.io
#tool #review
OWASP Mutillidae II
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.
— https://github.com/webpwnized/mutillidae
#tool
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.
— https://github.com/webpwnized/mutillidae
#tool
GitHub
GitHub - webpwnized/mutillidae: OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a…
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, s...
Как жестко завесить Каспи терминал
В КЗ есть такие мобильные терминалы в торговых точках, если быть точнее POS терминалы, жестко завесить такой терминал (вплоть до жесткой перезагрузки) можно…
При помощи проездной карты.
В Алматы есть проездные карты Онай, когда продавец пробьет сумму в терминале, достаточно приложить такую карту (можно попробовать подложить под платёжную карту) и терминал совместно с платежным приложением войдет в loop)
#joke
В КЗ есть такие мобильные терминалы в торговых точках, если быть точнее POS терминалы, жестко завесить такой терминал (вплоть до жесткой перезагрузки) можно…
При помощи проездной карты.
В Алматы есть проездные карты Онай, когда продавец пробьет сумму в терминале, достаточно приложить такую карту (можно попробовать подложить под платёжную карту) и терминал совместно с платежным приложением войдет в loop)
#joke
Apple resources for download open source code for their operating systems and developer tools:
https://opensource.apple.com/releases/
https://opensource.apple.com/releases/
OWASP_SCP_Quick_Reference_Guide_v2.pdf
247.6 KB
OWASP Secure Coding Practices
Dragnmove
Dragnmove is a post-exploitaition tool that infects files shared between users in order to move from one system to another. Dragnmove can detect actions like dropping a file into the browser window or attaching a file to an email client. After Dragnmove detects the action, it hooks CreateFile API calls to modify handles:
https://github.com/OccamsXor/Dragnmove
Dragnmove is a post-exploitaition tool that infects files shared between users in order to move from one system to another. Dragnmove can detect actions like dropping a file into the browser window or attaching a file to an email client. After Dragnmove detects the action, it hooks CreateFile API calls to modify handles:
https://github.com/OccamsXor/Dragnmove
A New MacOS Persistence and Deception Technique: Default Application Hijacking
This bug allows for code execution and potentially allows an attacker to trick the user into granting TCC permissions to an attacker-controlled application..:
https://medium.com/@marcusthebrody/a-new-macos-persistence-and-deception-technique-default-application-hijacking-52de66955a16
This bug allows for code execution and potentially allows an attacker to trick the user into granting TCC permissions to an attacker-controlled application..:
https://medium.com/@marcusthebrody/a-new-macos-persistence-and-deception-technique-default-application-hijacking-52de66955a16
Medium
A New MacOS Persistence and Deception Technique: Default Application Hijacking
By Gordon Long (@ethicalhax)
OSV-Scanner
Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies..:
* https://github.com/google/osv-scanner
#tool #research
Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies..:
* https://github.com/google/osv-scanner
#tool #research
GitHub
GitHub - google/osv-scanner: Vulnerability scanner written in Go which uses the data provided by https://osv.dev
Vulnerability scanner written in Go which uses the data provided by https://osv.dev - google/osv-scanner
100 000 000 морских свинок: Опасности в каждодневной еде, лекарствах и косметике - книга, написанная Артуром Каллетом и Ф.Дж. Шлинком и выпущенная в США в 1933 году "Вангард Пресс". Центральная идея книги - то, что население США используется в качестве морских свинок в гигантском эксперименте пищевых и медицинских корпораций:
https://fb2-epub.ru/load/jizn/zdorove/100_millionov_morskikh_svinok_artur_kallet_frederik_shlink/133-1-0-13384
https://fb2-epub.ru/load/jizn/zdorove/100_millionov_morskikh_svinok_artur_kallet_frederik_shlink/133-1-0-13384
Domain Name System (DNS) Parameters
Last Updated 2022-12-06
https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml
Last Updated 2022-12-06
https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml
Blindside is a technique for evading the monitoring of endpoint detection and response (EDR) and extended detection and response (XDR) platforms using hardware breakpoints to inject commands and perform unexpected, unwanted, or malicious operations. It involves creating a breakpoint handler, and setting a hardware breakpoint that will force the debugged process to load only ntdll to memory
— https://github.com/CymulateResearch/Blindside
— https://github.com/CymulateResearch/Blindside
Avoiding Detection with Shellcode Mutator
…Today we are releasing a new tool to help red teamers avoid detection. Shellcode is a small piece of code that is typically used as the payload in an exploit, and can often be detected by its “signature”, or unique pattern. Shellcode Mutator mutates exploit source code without affecting its functionality, changing its signature and making it harder to reliably detect as malicious..:
— https://labs.nettitude.com/blog/shellcode-source-mutations/
…Today we are releasing a new tool to help red teamers avoid detection. Shellcode is a small piece of code that is typically used as the payload in an exploit, and can often be detected by its “signature”, or unique pattern. Shellcode Mutator mutates exploit source code without affecting its functionality, changing its signature and making it harder to reliably detect as malicious..:
— https://labs.nettitude.com/blog/shellcode-source-mutations/
LRQA
Avoiding Detection with Shellcode Mutator
Today we are releasing a new tool to help red teamers avoid detection. Shellcode is a small piece of code that is typically used as the payload in an exploit, and can often be detected by its “signature”, or unique pattern
The FBI is warning the public that cyber criminals are using search engine advertisement services to impersonate brands and direct users to malicious sites that host ransomware and steal login credentials and other financial information:
https://www.ic3.gov/Media/Y2022/PSA221221
https://www.ic3.gov/Media/Y2022/PSA221221
Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689
https://github.com/zhuowei/WDBFontOverwrite
https://github.com/zhuowei/WDBFontOverwrite
GitHub
GitHub - ginsudev/WDBFontOverwrite: Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689.
Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689. - ginsudev/WDBFontOverwrite
pdfcpu: a Go PDF processor
pdfcpu is a PDF processing library written in Go supporting encryption. It provides both an API and a CLI. Supported are all versions up to PDF 1.7 (ISO-32000).
— https://github.com/pdfcpu/pdfcpu
#tool
pdfcpu is a PDF processing library written in Go supporting encryption. It provides both an API and a CLI. Supported are all versions up to PDF 1.7 (ISO-32000).
— https://github.com/pdfcpu/pdfcpu
#tool
GitHub
GitHub - pdfcpu/pdfcpu: A PDF processor written in Go.
A PDF processor written in Go. Contribute to pdfcpu/pdfcpu development by creating an account on GitHub.
Reverse Prompt Engineering for Fun and (no) Profit
Pwning the source prompts of Notion AI, 7 techniques for Reverse Prompt Engineering... and why everyone is *wrong* about prompt injection
https://lspace.swyx.io/p/reverse-prompt-eng
Pwning the source prompts of Notion AI, 7 techniques for Reverse Prompt Engineering... and why everyone is *wrong* about prompt injection
https://lspace.swyx.io/p/reverse-prompt-eng
L-Space Diaries
Reverse Prompt Engineering for Fun and (no) Profit
Pwning the source prompts of Notion AI, 7 techniques for Reverse Prompt Engineering... and why everyone is *wrong* about prompt injection