Malware AV/VM evasion - part 14: encrypt/decrypt payload via A5/1. Bypass Kaspersky AV. Simple C++ example.
This post is the result of research on try to evasion AV engines via encrypting payload with another function: GSM A5/1 algorithm:
— https://cocomelonc.github.io/malware/2023/03/24/malware-av-evasion-14.html
This post is the result of research on try to evasion AV engines via encrypting payload with another function: GSM A5/1 algorithm:
— https://cocomelonc.github.io/malware/2023/03/24/malware-av-evasion-14.html
usenix2023-wifi.pdf
190.2 KB
Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues
teamcity_whitepaper_cloud_cost.pdf
468.4 KB
15 Ways to Optimize Your Cloud CI/CD Costs
Malwoverview
… threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest:
— https://github.com/alexandreborges/malwoverview
… threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest:
— https://github.com/alexandreborges/malwoverview
Efficient SIEM and Detection Engineering in 10 steps
— https://maciejszymczyk.medium.com/efficient-siem-and-detection-engineering-in-10-steps-c82402a70dbd
— https://maciejszymczyk.medium.com/efficient-siem-and-detection-engineering-in-10-steps-c82402a70dbd
Medium
Efficient SIEM and Detection Engineering in 10 steps
SIEM systems and detection engineering are not just about data and detection rules. Planning and processes are becoming increasingly…
Container Security Checklist: From the image to the workload
— https://github.com/krol3/container-security-checklist
— https://github.com/krol3/container-security-checklist
GitHub
GitHub - krol3/container-security-checklist: Checklist for container security - devsecops practices
Checklist for container security - devsecops practices - krol3/container-security-checklist
A cross-platform, collaborative, Command & Control framework written in C#, designed for red teaming and ease of use
— https://github.com/DragoQCC/HardHatC2
— https://github.com/DragoQCC/HardHatC2
GitHub
GitHub - DragoQCC/CrucibleC2: A C# Command & Control framework
A C# Command & Control framework . Contribute to DragoQCC/CrucibleC2 development by creating an account on GitHub.
Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife
https://www.sentinelone.com/labs/dissecting-alienfox-the-cloud-spammers-swiss-army-knife/
https://www.sentinelone.com/labs/dissecting-alienfox-the-cloud-spammers-swiss-army-knife/
SentinelOne
Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife
A sophisticated new toolset is being used to harvest credentials from multiple cloud service providers, including AWS SES and Microsoft Office 365.
Solidity audits and secure development material
This repo contains most of the practical examples and exercises that I use during my lectures about Solidity security and auditing:
— https://github.com/jcsec-security/solidity-security-teaching-resources/
This repo contains most of the practical examples and exercises that I use during my lectures about Solidity security and auditing:
— https://github.com/jcsec-security/solidity-security-teaching-resources/
GitHub
GitHub - jcsec-security/solidity-security-course-resources: Course material about common vulnerabilities, security and audits of…
Course material about common vulnerabilities, security and audits of Solidity smart contracts that I use during my lectures - jcsec-security/solidity-security-course-resources
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access
— https://www.mandiant.com/resources/blog/alphv-ransomware-backup
— https://www.mandiant.com/resources/blog/alphv-ransomware-backup
Google Cloud Blog
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access | Mandiant | Google Cloud Blog
Microsoft Azure AD Assessment
PoweShell module noscript:
— https://github.com/AzureAD/AzureADAssessment
PoweShell module noscript:
— https://github.com/AzureAD/AzureADAssessment
GitHub
GitHub - AzureAD/AzureADAssessment: Tooling for assessing an Azure AD tenant state and configuration
Tooling for assessing an Azure AD tenant state and configuration - AzureAD/AzureADAssessment
PoC CVE-2023-27532 (Veeam Backup & Replication)
Proof of Concept code to exploit CVE-2023-27532 and either leak plaintext credentials or perform remote command execution:
— https://github.com/sfewer-r7/CVE-2023-27532
Proof of Concept code to exploit CVE-2023-27532 and either leak plaintext credentials or perform remote command execution:
— https://github.com/sfewer-r7/CVE-2023-27532
I built a Zero Day with undetectable exfiltration using only ChatGPT prompts
https://www.forcepoint.com/blog/x-labs/zero-day-exfiltration-using-chatgpt-prompts
https://www.forcepoint.com/blog/x-labs/zero-day-exfiltration-using-chatgpt-prompts
Forcepoint
Forcepoint Security Insights
writing-an-INTERPRETER-in-go.pdf
913.8 KB
Writing an Interpreter in Go
BurpGPT
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type:
— https://github.com/aress31/burpgpt
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type:
— https://github.com/aress31/burpgpt
GitHub
GitHub - aress31/burpgpt: A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering…
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any ty...