Abusing Signal Desktop Client for fun and for Espionage
https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/
https://johnjhacking.com/blog/cve-2023-24068-cve-2023-24069/
Johnjhacking
CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage
A flaw in how files are stored in Signal Desktop ≤ 6.2.0 allows a threat actor to potentially obtain sensitive attachments sent in messages. Subsequently, a similar issue with Signal Desktop ≤ 6.2.0 exists, allowing an an attacker to modify conversation attachments…
Lexmark Security Advisory
https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf
https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf
Linux System Administrator/DevOps Interview Questions
https://github.com/gracco/sysadmin-interview-questions
https://github.com/gracco/sysadmin-interview-questions
GitHub
GitHub - gracco/sysadmin-interview-questions
Contribute to gracco/sysadmin-interview-questions development by creating an account on GitHub.
Hunting Evil with the MITRE Engenuity Calculator, Atomic Red Team and Sysmon
https://medium.com/@simone.kraus/hunting-evil-with-the-mitre-engenuity-calculator-atomic-red-team-and-sysmon-9ad02e992a78
https://medium.com/@simone.kraus/hunting-evil-with-the-mitre-engenuity-calculator-atomic-red-team-and-sysmon-9ad02e992a78
Medium
Hunting Evil with the MITRE Engenuity Calculator, Atomic Red Team and Sysmon
TinyTurla backdoor Sysmon vs. Windows Event Viewer
The Dangerous Consequences of Threat Actors Abusing Microsoft’s “Verified Publisher” Status
https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher
https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher
Proofpoint
Abused Microsoft Verified App - Threat Uncovered | Proofpoint US
Threat actors are abusing Microsoft's verified apps to deploy malicious campaigns. Learn about the impersonated publisher verifications and how to remediate risks.
VMware vRealize Log Insight VMSA-2023-0001 Technical Deep Dive
https://www.horizon3.ai/vmware-vrealize-log-insight-vmsa-2023-0001-technical-deep-dive/
https://www.horizon3.ai/vmware-vrealize-log-insight-vmsa-2023-0001-technical-deep-dive/
Horizon3.ai
VMware vRealize Log Insight VMSA-2023-0001 Technical Deep Dive
Technical deep-dive and exploit POC for VMware vRealize Log Insight RCE as reported in VMSA-2023-0001. This series of vulnerabilities leads to remote code execution and full system compromise. CVE-2022-31704, CVE-2022-31706, and CVE-2022-31711.
Detecting_Lateral_Movement_through_Tracking_Event_Logs.pdf
2.2 MB
Detecting Lateral Movement through Tracking Event Logs
certsync
Сertsync is a new technique in order to dump NTDS remotely, but this time without DRSUAPI: it uses golden certificate and UnPAC the hash. It works in several steps:
— https://github.com/zblurx/certsync
Сertsync is a new technique in order to dump NTDS remotely, but this time without DRSUAPI: it uses golden certificate and UnPAC the hash. It works in several steps:
— https://github.com/zblurx/certsync
GitHub
GitHub - zblurx/certsync: Dump NTDS with golden certificates and UnPAC the hash
Dump NTDS with golden certificates and UnPAC the hash - zblurx/certsync
What l’ve learned about of Open Source from curl developer Daniel Stenberg
https://youtu.be/jVT37EmND8I
https://youtu.be/jVT37EmND8I
YouTube
Uncurled - what I've learned about Open Source! - Daniel Stenberg
Uncurled - everything I know and learned about running and maintaining OpenSource projects for three decades.
Daniel Stenberg shares personal and direct experiences, lessons learned and anecdotes collected from several decades of maintaining, running and…
Daniel Stenberg shares personal and direct experiences, lessons learned and anecdotes collected from several decades of maintaining, running and…
Базовый курс системного администрирование Linux (г.Астана/Удаленка)
Авторы курса обещают предоставить навыки, которыми должен обладать Junior Linux System Administrator:
• Базовые знания TCP/IP
• Знание базовых системных команд Linux ("без google")
• Понимание функциональных особенностей ОС (Windows , Linux)
• Опыт работы с системами мониторинга
• Знание почтовых и файловые служб основных ОС
-- Каждое занятие завершается тестированием на знание материала. Фиксируется прогресс обучения.
-- Учебный центр готов вести Вас до момента пока не найдется работа. Длительность курса 20 часов, стоимость 200к тенге.
-- Кодовое слово "sys-admin" даст право на скидку
Детали курса и запись на него на сайте учебного центра
Авторы курса обещают предоставить навыки, которыми должен обладать Junior Linux System Administrator:
• Базовые знания TCP/IP
• Знание базовых системных команд Linux ("без google")
• Понимание функциональных особенностей ОС (Windows , Linux)
• Опыт работы с системами мониторинга
• Знание почтовых и файловые служб основных ОС
-- Каждое занятие завершается тестированием на знание материала. Фиксируется прогресс обучения.
-- Учебный центр готов вести Вас до момента пока не найдется работа. Длительность курса 20 часов, стоимость 200к тенге.
-- Кодовое слово "sys-admin" даст право на скидку
Детали курса и запись на него на сайте учебного центра
NTDLLReflection
Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table
— https://github.com/TheD1rkMtr/NTDLLReflection
Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table
— https://github.com/TheD1rkMtr/NTDLLReflection
Exploit Party: Bring Your Own Vulnerable Driver Attacks
https://fourcore.io/blogs/bring-your-own-vulnerable-driver-attack
https://fourcore.io/blogs/bring-your-own-vulnerable-driver-attack
FourCore
Exploit Party: Bring Your Own Vulnerable Driver Attacks
BYOVD or Bring Your Own Vulnerable Driver is an attack where a threat actor brings a legitimately signed and vulnerable driver to perform malicious actions on the system. In a BYOVD attack, the attacker can use the vulnerabilities in the driver to execute…
ESXiArgs-Recover is a tool to allow organizations to attempt recovery of virtual machines affected by the ESXiArgs ransomware attacks:
https://github.com/cisagov/ESXiArgs-Recover
https://github.com/cisagov/ESXiArgs-Recover
GitHub
GitHub - cisagov/ESXiArgs-Recover: A tool to recover from ESXiArgs ransomware
A tool to recover from ESXiArgs ransomware. Contribute to cisagov/ESXiArgs-Recover development by creating an account on GitHub.
Forwarded from Sys-Admin InfoSec
THREAT_ALERT_GootLoader_Large_payload_leading_to_compromise_BLOG.pdf
8.9 MB
/ THREAT ALERT: GootLoader - SEO Poisoning and Large Payloads Leading to Compromise
Full deep dive analyses
Full deep dive analyses
Bash noscripting - DNS Tester Tool
DNS Tester Tool can test speed response for IP addresses from list and collect and show speed statistics in terminal:
— IP address
— Average response
— Minimal time of response
— Maximum time of response
• [en] - https://lab.sys-adm.in/blog/tool-dns-tester
• [ru] - https://lab.sys-adm.in/ru/blog/tool-dns-tester
DNS Tester Tool can test speed response for IP addresses from list and collect and show speed statistics in terminal:
— IP address
— Average response
— Minimal time of response
— Maximum time of response
• [en] - https://lab.sys-adm.in/blog/tool-dns-tester
• [ru] - https://lab.sys-adm.in/ru/blog/tool-dns-tester
Aqua - IDE for test automation
Aqua provides tools for test automation engineers, along with a combination of language-specific features from IntelliJ IDEA, PyCharm, and WebStorm
Preview release:
— https://www.jetbrains.com/aqua/
Aqua provides tools for test automation engineers, along with a combination of language-specific features from IntelliJ IDEA, PyCharm, and WebStorm
Preview release:
— https://www.jetbrains.com/aqua/
The JetBrains Blog
Aqua Sunset | The Quality Assurance Blog
We’re sunsetting JetBrains Aqua. Read the blog post to learn what this means for you.