A story about tampering EDRs…

Anti-virus alone is no longer sufficient to enable organizations to prevent, understand and respond to more complex attacks. As a result, more and more organizations are turning to a combination of antivirus (AV) / endpoint protection (EPP) and endpoint detection and response (EDR) systems. As a result, it has become much more difficult in recent years for attackers, including red teamers, to operate undetected or as quietly as possible on the compromised endpoint. Attackers are constantly finding new ways to bypass EDRs, such as direct or indirect system calls, and EDR vendors are constantly making improvements. In short, it is a constant game of cat and mouse. In this article, however, we will not focus on EDR bypassing, but rather on EDR manipulation.

— https://redops.at/en/blog/a-story-about-tampering-edrs

Deep Dive Into a PoshC2

PoshC2 is an open-source C2 framework used by penetration testers and threat actors. It can
generate a Powershell-based implant, a C#.NET implant that we analyze in this paper, and a
Python3 implant..:

— https://resources.securityscorecard.com/research/poshc2-implant#page=1

Havoc Across the Cyberspace

https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace

Awesome Bug Bounty Tools

— https://github.com/vavkamil/awesome-bugbounty-tools

YouTube as cloud storage for ANY files, not just video

https://github.com/DvorakDwarf/Infinite-Storage-Glitch

NIST Cybersecurity Framework 2.0 Concept Paper: Potential Significant Updates to the Cybersecurity Framework

Jan 19, 2023

https://www.nist.gov/system/files/documents/2023/01/19/CSF_2.0_Concept_Paper_01-18-23.pdf

Extract clear text passwords from Okta

— https://github.com/authomize/okta_scim_attack_tool

Spy Extension

Chrome extension will steal literally everything it can. User discretion advised.

— https://github.com/msfrisbie/spy-extension

WAF Bypass Tool

WAF bypass Tool is an open source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads:

— https://github.com/nemesida-waf/waf-bypass

Lifetime AMSI bypass

— https://github.com/ZeroMemoryEx/Amsi-Killer

Linux System Checker Script Tool

Linux System Checker Tool Script it is a bash noscript which can show system info, system load info, test disk speed I/O, show free space and more... System Checker can checks and shows Linux system info like as:

▫️ System Information
▫️ CPU and Memory Information
▫️ Boot Information
▫️ Mount and HDD IO Info
▫️ Top 5 memory and CPU usage processes
▫️ Speedtest
▫️ Defined Systemd Units Services State
▫️ Logged/Process users info
▫️ Listen ports
▫️ Running systemd units as list/tree
▫️ Unowned files

- [en]: Linux System Checker
- [ru]: Скрипт проверки Linux

Azure AD Incident Response PowerShell Module

— https://github.com/AzureAD/Azure-AD-Incident-Response-PowerShell-Module

Static malware analysis: Office documents

— Link to article on websec.nl

Shodan Cheatsheet

Decider - web application that assists network defenders, analysts, and researcher in the process of mapping adversary behaviors to the MITRE ATT&CK® framework..

— https://github.com/cisagov/decider

Simple Shellcode Loader tool

with PoC

https://github.com/BlackShell256/ShellGo

Automate your CV creation
with our AI Resume

https://www.kickresume.com/en/ai-resume-writer/

Creating a Dynamic Malware Analysis Virtual Machine

https://thelastcitadel.eu/2023/02/18/creating-a-dynamic-malware-analysis-virtual-machine/

Как можно быстро обновить зависимости NPM,https://sys-adm.in/systadm/1000-kak-mozhno-bystro-obnovit-zavisimosti-npm.html