Hiding in Plain Sight: Unlinking Malicious DLLs from the PEB

In this post, we take a look at an anti-forensics technique that malware can leverage to hide injected DLLs. We dive into specific details of the Windows Process Environment Block (PEB) and how to abuse it to hide a malicious loaded DLL:

— https://blog.christophetd.fr/dll-unlinking/

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection

https://github.com/LordNoteworthy/al-khaser

eBPF Observability Tools Are Not Security Tools

https://www.brendangregg.com/blog/2023-04-28/ebpf-security-issues.html

Ethical Hacking in 15 Hours - 2023 Edition - Learn to Hack (Parts 1, 2)

— https://youtu.be/3FNYvj2U0HM
— https://youtu.be/sH4JCwjybGs

Python noscript as Systemd

example:
— https://docs.rockylinux.org/gemstones/systemd_service_for_python_noscript/

 
OpenBLD - Next Stage to Growth with ClouDNS

GeoDNS and Global Anycast DNS features from ClouDNS - it as a brilliant opportunity for additional OpenBLD Performance and Availability

Today ClouDNS supported OpenBLD DNS and provided own features for free:
• Anycast DNS service and Anycast GeoDNS servers
• DDoS Protection
• DNS Failover checks
• EDNS-client-subnet support
• and more...

ClouDNS providing flexible tools for managements services and very affordable pricing plans and it is I like it very much.

This can be a key milestone in the development phase of the OpenBLD project, it is a next stage for growth. I have special domain name for OpenBLD DNS project, may be it is a "that very moment"...

• All ClouDNS features you can found on ClouDNS Site
• How to protect for your self and family with OpenBLD Here

Coraza WAF Caddy Module

Go-written WAF module from fastest Caddy server:

— https://github.com/corazawaf/coraza-caddy

ReverseKit - Dynamic Reverse Engineering Toolkit

https://github.com/zer0condition/ReverseKit

Build Your Own Face Recognition Tool With Python

— https://realpython.com/face-recognition-with-python/

Android Security Bulletin—May 2023

https://source.android.com/docs/security/bulletin/2023-05-01

Step-by-step guide to implementing a DevSecOps program for any size organization

https://github.com/6mile/DevSecOps-Playbook

PentestGPT…

https://gbhackers.com/pentestgpt/amp/

Microsoft-Extractor-Suite - Powershell tool designed to streamline the process of collecting data and information from various sources

- Unified Audit Log
- Admin Audit Log
- Mailbox Audit Log
- Mailbox Rules
- Transport Rules
- Message Trace Logs
- Azure AD Sign-In Logs
- Azure AD Audit Logs
- Registered OAuth applications in Azure AD

— https://github.com/invictus-ir/Microsoft-Extractor-Suite

ETWHash - small C# tool used during Red Team engagements, that can consume ETW SMB events and extract NetNTLMv2 hashes for cracking offline

— https://labs.nettitude.com/blog/etwhash-he-who-listens-shall-receive/

Modern Test-Driven Development in Python

Testing production grade code is hard. Sometimes it can take nearly all of your time during feature development. What's more, even when you have 100% coverage and tests are green, you still may not feel confident that the new feature will work properly in production:

— https://testdriven.io/blog/modern-tdd/

A Python Shell with XOR Algorithm – Bypass Windows Defender & AV’s

Written at 9 Jan’23:
— https://mrvar0x.com/2023/01/09/a-python-shell-with-xor-algorithm-bypass-windows-defender-amp-avs/

Introducing rules_oci

https://security.googleblog.com/2023/05/introducing-rulesoci.html

AndoryuBot – New Botnet Campaign Targets Ruckus Wireless Admin Remote Code Execution Vulnerability (CVE-2023-25717)

https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717

EDR works principal in few squares..)

WhatsApp OSINT Tool

— https://github.com/jasperan/whatsapp-osint