Attack Surface Analyzer
Attack Surface Analyzer is a Microsoft developed open source security tool that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced during the installation of software or system misconfiguration:
— https://github.com/microsoft/AttackSurfaceAnalyzer
Attack Surface Analyzer is a Microsoft developed open source security tool that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced during the installation of software or system misconfiguration:
— https://github.com/microsoft/AttackSurfaceAnalyzer
GitHub
GitHub - microsoft/AttackSurfaceAnalyzer: Attack Surface Analyzer can help you analyze your operating system's security configuration…
Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation. - microsoft/AttackSurfaceAnalyzer
Good News and New Changes in Sys-Admin Open BLD ecosystem
99.9% uptime - https://lab.sys-adm.in
New security concepts
- Security - Open BLD ecosystem fundamentally changed preventing/attacking mitigation mechanisms, now Sys-Admin Open BLD infrastructire has centralized automated hacking IP mitigation system
- Updates - With open Sys-Admin activitieas now we are have two new instruments which can change security protection prism whis based on open source tools/instruments: ip2drop 🧘, cactusd 🌵
- Speed - Extremely improved speed (🏎 faster than IBM Quad9)
Results
- Open BLD ecosystem servers partially migrated from fail2ban to ip2drop
- All servers has new firewall settings and improvements (like as ipset)
Enjoy this - https://lab.sys-adm.in
99.9% uptime - https://lab.sys-adm.in
New security concepts
- Security - Open BLD ecosystem fundamentally changed preventing/attacking mitigation mechanisms, now Sys-Admin Open BLD infrastructire has centralized automated hacking IP mitigation system
- Updates - With open Sys-Admin activitieas now we are have two new instruments which can change security protection prism whis based on open source tools/instruments: ip2drop 🧘, cactusd 🌵
- Speed - Extremely improved speed (🏎 faster than IBM Quad9)
Results
- Open BLD ecosystem servers partially migrated from fail2ban to ip2drop
- All servers has new firewall settings and improvements (like as ipset)
Enjoy this - https://lab.sys-adm.in
lab.sys-adm.in
Sys-Admin Laboratory
Open Sys-Admin BLD DNS - Focus on information for free with adblocking and implicit cybersecurity threat prevention.
Sys-Admin Up pinned «Good News and New Changes in Sys-Admin Open BLD ecosystem 99.9% uptime - https://lab.sys-adm.in New security concepts - Security - Open BLD ecosystem fundamentally changed preventing/attacking mitigation mechanisms, now Sys-Admin Open BLD infrastructire…»
Sandbox Escape in vm2@3.9.16. PoC.
There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.
https://gist.github.com/leesh3288/381b230b04936dd4d74aaf90cc8bb244
Credits: https://github.com/advisories/GHSA-7jxr-cg7f-gpgv
There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.
https://gist.github.com/leesh3288/381b230b04936dd4d74aaf90cc8bb244
Credits: https://github.com/advisories/GHSA-7jxr-cg7f-gpgv
Gist
Sandbox Escape in vm2@3.9.16
Sandbox Escape in vm2@3.9.16. GitHub Gist: instantly share code, notes, and snippets.
Get started using Attack simulation training
If your organization has Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2, which includes Threat Investigation and Response capabilities, you can use Attack simulation training in the Microsoft 365:
— More details…
If your organization has Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2, which includes Threat Investigation and Response capabilities, you can use Attack simulation training in the Microsoft 365:
— More details…
Docs
Get started using Attack simulation training - Microsoft Defender for Office 365
Admins can learn how to use Attack simulation training to run simulated phishing and password attacks in their Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 organizations.
Designing and Developing Modern Applications
free Zoom Conference. I known personally some participiants from speakers, so shoult be interecting, maybe:
— https://akvelon.global/devday2023/
free Zoom Conference. I known personally some participiants from speakers, so shoult be interecting, maybe:
— https://akvelon.global/devday2023/
akvelon.global
DevDay 2023
Designing and Developing Modern Applications: Best Practices and Emerging Trends
EDR Telemetry
This repo provides a list of telemetry features from EDR products and other endpoint agents such as Sysmon broken down by category. The main motivation behind this project is to enable security practitioners to compare and evaluate the telemetry potential from those tools while encouraging EDR vendors to be more transparent about the telemetry features they do provide to their users and customers:
— https://github.com/tsale/EDR-Telemetry
This repo provides a list of telemetry features from EDR products and other endpoint agents such as Sysmon broken down by category. The main motivation behind this project is to enable security practitioners to compare and evaluate the telemetry potential from those tools while encouraging EDR vendors to be more transparent about the telemetry features they do provide to their users and customers:
— https://github.com/tsale/EDR-Telemetry
GitHub
GitHub - tsale/EDR-Telemetry: This project aims to compare and evaluate the telemetry of various EDR products.
This project aims to compare and evaluate the telemetry of various EDR products. - tsale/EDR-Telemetry
Discord DLL hijacking / Automation via Excel Macros
— https://github.com/MitchHS/Discord-DLL-Hijacking
— https://github.com/MitchHS/Discord-DLL-Hijacking
GitHub
GitHub - nullsection/Discord-DLL-Hijacking: This is a simple example of DLL hijacking enabling proxy execution.
This is a simple example of DLL hijacking enabling proxy execution. - GitHub - nullsection/Discord-DLL-Hijacking: This is a simple example of DLL hijacking enabling proxy execution.
Massive Abuse of Abandoned Eval PHP WordPress Plugin
https://blog.sucuri.net/2023/04/massive-abuse-of-abandoned-evalphp-wordpress-plugin.html
https://blog.sucuri.net/2023/04/massive-abuse-of-abandoned-evalphp-wordpress-plugin.html
Sucuri Blog
Massive Abuse of Abandoned Eval PHP WordPress Plugin
Learn how misuse of the EvalPHP WordPress plugin is allowing attackers to create malicious pages and plant backdoors on vulnerable websites.
LOOBins
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes:
— https://github.com/infosecB/LOOBins
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes:
— https://github.com/infosecB/LOOBins
GitHub
GitHub - infosecB/LOOBins: Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various…
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by t...
APT Simulator
APT Simulator is a Windows Batch noscript that uses a set of tools and output files to make a system look as if it was compromised. In contrast to other adversary simulation tools, APT Simulator is designed to make the application as simple as possible..:
— https://github.com/NextronSystems/APTSimulator
#tool #review
APT Simulator is a Windows Batch noscript that uses a set of tools and output files to make a system look as if it was compromised. In contrast to other adversary simulation tools, APT Simulator is designed to make the application as simple as possible..:
— https://github.com/NextronSystems/APTSimulator
#tool #review
GitHub
GitHub - NextronSystems/APTSimulator: A toolset to make a system look as if it was the victim of an APT attack
A toolset to make a system look as if it was the victim of an APT attack - NextronSystems/APTSimulator
new_side_attack_intel_cpu_sys-admin_,up.pdf
380.2 KB
New side-channel attack to Intel CPU report
Abstract—The transient execution attack is a type of attack leveraging the vulnerability of modern CPU optimization technologies. New attacks surface rapidly. The side-channel is a key part of transient execution attacks to leak data
Abstract—The transient execution attack is a type of attack leveraging the vulnerability of modern CPU optimization technologies. New attacks surface rapidly. The side-channel is a key part of transient execution attacks to leak data
Kubernetes Goat
The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security:
— https://github.com/madhuakula/kubernetes-goat
The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security:
— https://github.com/madhuakula/kubernetes-goat
GitHub
GitHub - madhuakula/kubernetes-goat: Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes…
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀 - madhuakula/kubernetes-goat
Attack Campaign that Uses Fake Google Chrome Error to Distribute Malware from Compromised Websites
Research:
— https://insight-jp.nttsecurity.com/post/102icvb/attack-campaign-that-uses-fake-google-chrome-error-to-distribute-malware-from-com
Research:
— https://insight-jp.nttsecurity.com/post/102icvb/attack-campaign-that-uses-fake-google-chrome-error-to-distribute-malware-from-com