Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.
— https://cocomelonc.github.io/persistence/2023/01/19/malware-pers-21.html
— https://cocomelonc.github.io/persistence/2023/01/19/malware-pers-21.html
cocomelonc
Malware development: persistence - part 21. Recycle Bin, My Documents COM extension handler. Simple C++ example.
﷽
Octosuite: A New Tool to Conduct Open Source Investigations on GitHub
https://www.bellingcat.com/resources/2023/01/20/octosuite-a-new-tool-to-conduct-open-source-investigations-on-github/
https://www.bellingcat.com/resources/2023/01/20/octosuite-a-new-tool-to-conduct-open-source-investigations-on-github/
bellingcat
Octosuite: A New Tool to Conduct Open Source Investigations on GitHub - bellingcat
Octosuite is an open source tool that can help researchers quickly gather data on users, organisations and repositories on GitHub
После запуска Open BLD сервиса я стал замечать некоторые "странности" переходящие в закономерности со стороны различных инстанций. Сегодня прилетела блокировка Sys-Admin Форума от РКН.
Осведомленность об ИТ и InfoSec, безопасность и помощь советами в решении технических проблем - это наше кредо на протяжении более 10 лет.
Разные инстанции производили разные "санкционные" действия направленные на мою учетную запись - ну и ладно, жил и проживу без всяких там "инстаграмов".
В итоге я решил сделать небольшую заметку о своих наблюдениях под названием "Бан или совпадение?”:
— https://lab.sys-adm.in/ru/blog/implicit-ban-bld-author
Up. En:
— https://lab.sys-adm.in/blog/implicit-ban-bld-author
Осведомленность об ИТ и InfoSec, безопасность и помощь советами в решении технических проблем - это наше кредо на протяжении более 10 лет.
Разные инстанции производили разные "санкционные" действия направленные на мою учетную запись - ну и ладно, жил и проживу без всяких там "инстаграмов".
В итоге я решил сделать небольшую заметку о своих наблюдениях под названием "Бан или совпадение?”:
— https://lab.sys-adm.in/ru/blog/implicit-ban-bld-author
Up. En:
— https://lab.sys-adm.in/blog/implicit-ban-bld-author
Ansible and ChatGPT: Putting it to the test
https://www.ansible.com/blog/ansible-wisdom-and-chatgpt-putting-it-to-the-test
https://www.ansible.com/blog/ansible-wisdom-and-chatgpt-putting-it-to-the-test
Ansible
Ansible and ChatGPT: Putting it to the test
In this blog, we wanted to put ChatGPT to the test and see how it fares with developing Ansible Playbooks and share our results.
CVE-2022-34689 - CryptoAPI spoofing vulnerability
PoC
https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689
PoC
https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689
GitHub
akamai-security-research/PoCs/CVE-2022-34689 at main · akamai/akamai-security-research
This repository includes code and IoCs that are the product of research done in Akamai's various security research teams. - akamai/akamai-security-research
DCOM Hardening Toolkit
Powershell noscript for Windows to retrieve the authentication hardening status of DCOM applications
https://github.com/otoriocyber/DCOM-HardeningTool
Powershell noscript for Windows to retrieve the authentication hardening status of DCOM applications
https://github.com/otoriocyber/DCOM-HardeningTool
GitHub
GitHub - otoriocyber/DCOM-HardeningTool: Powershell noscript for Windows to retrieve the authentication hardening status of DCOM…
Powershell noscript for Windows to retrieve the authentication hardening status of DCOM applications - GitHub - otoriocyber/DCOM-HardeningTool: Powershell noscript for Windows to retrieve the authentic...
Abusing Signal Desktop Client for fun and for Espionage
https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/
https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/
Johnjhacking
CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage
A flaw in how files are stored in Signal Desktop ≤ 6.2.0 allows a threat actor to potentially obtain sensitive attachments sent in messages. Subsequently, a similar issue with Signal Desktop ≤ 6.2.0 exists, allowing an an attacker to modify conversation attachments…
Lexmark Security Advisory
https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf
https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf
Linux System Administrator/DevOps Interview Questions
https://github.com/gracco/sysadmin-interview-questions
https://github.com/gracco/sysadmin-interview-questions
GitHub
GitHub - gracco/sysadmin-interview-questions
Contribute to gracco/sysadmin-interview-questions development by creating an account on GitHub.
Hunting Evil with the MITRE Engenuity Calculator, Atomic Red Team and Sysmon
https://medium.com/@simone.kraus/hunting-evil-with-the-mitre-engenuity-calculator-atomic-red-team-and-sysmon-9ad02e992a78
https://medium.com/@simone.kraus/hunting-evil-with-the-mitre-engenuity-calculator-atomic-red-team-and-sysmon-9ad02e992a78
Medium
Hunting Evil with the MITRE Engenuity Calculator, Atomic Red Team and Sysmon
TinyTurla backdoor Sysmon vs. Windows Event Viewer
The Dangerous Consequences of Threat Actors Abusing Microsoft’s “Verified Publisher” Status
https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher
https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher
Proofpoint
Abused Microsoft Verified App - Threat Uncovered | Proofpoint US
Threat actors are abusing Microsoft's verified apps to deploy malicious campaigns. Learn about the impersonated publisher verifications and how to remediate risks.
VMware vRealize Log Insight VMSA-2023-0001 Technical Deep Dive
https://www.horizon3.ai/vmware-vrealize-log-insight-vmsa-2023-0001-technical-deep-dive/
https://www.horizon3.ai/vmware-vrealize-log-insight-vmsa-2023-0001-technical-deep-dive/
Horizon3.ai
VMware vRealize Log Insight VMSA-2023-0001 Technical Deep Dive
Technical deep-dive and exploit POC for VMware vRealize Log Insight RCE as reported in VMSA-2023-0001. This series of vulnerabilities leads to remote code execution and full system compromise. CVE-2022-31704, CVE-2022-31706, and CVE-2022-31711.
Detecting_Lateral_Movement_through_Tracking_Event_Logs.pdf
2.2 MB
Detecting Lateral Movement through Tracking Event Logs
certsync
Сertsync is a new technique in order to dump NTDS remotely, but this time without DRSUAPI: it uses golden certificate and UnPAC the hash. It works in several steps:
— https://github.com/zblurx/certsync
Сertsync is a new technique in order to dump NTDS remotely, but this time without DRSUAPI: it uses golden certificate and UnPAC the hash. It works in several steps:
— https://github.com/zblurx/certsync
GitHub
GitHub - zblurx/certsync: Dump NTDS with golden certificates and UnPAC the hash
Dump NTDS with golden certificates and UnPAC the hash - zblurx/certsync
What l’ve learned about of Open Source from curl developer Daniel Stenberg
https://youtu.be/jVT37EmND8I
https://youtu.be/jVT37EmND8I
YouTube
Uncurled - what I've learned about Open Source! - Daniel Stenberg
Uncurled - everything I know and learned about running and maintaining OpenSource projects for three decades.
Daniel Stenberg shares personal and direct experiences, lessons learned and anecdotes collected from several decades of maintaining, running and…
Daniel Stenberg shares personal and direct experiences, lessons learned and anecdotes collected from several decades of maintaining, running and…