Your phone is not your phone: a dive into SMS PVA fraud
https://www.first.org/resources/papers/conf2022/FIRSTCON22-Yourphoneisnotyourphone_pub.pdf
https://www.first.org/resources/papers/conf2022/FIRSTCON22-Yourphoneisnotyourphone_pub.pdf
Forwarded from Sys-Admin InfoSec
OpenBLD DNS prevented new malicious campaign that spreads through of Google Ads
Today I discovered a new malicious company that spreads through of Google Ads side...
In short - "Sponsored" link redirects to malicious site, and boom 💥 I felt "OpenBLD" effect!
OpenBLD.net DNS blocked for me browser-hijacking app which was distributing with Google Ads... Wow 💣, very unexpected and nice as I usually try to be more careful when surfing the internet.
Be safe with free and OpenBLD.net DNS 🤜🤛️️️️️️
• Look about of free and OpenBLD DNS service on project site - lab.sys-adm.in
• Страница проекта на русском - https://lab.sys-adm.in/ru
P.S. What is xg4ken and how to removal
Today I discovered a new malicious company that spreads through of Google Ads side...
In short - "Sponsored" link redirects to malicious site, and boom 💥 I felt "OpenBLD" effect!
OpenBLD.net DNS blocked for me browser-hijacking app which was distributing with Google Ads... Wow 💣, very unexpected and nice as I usually try to be more careful when surfing the internet.
Be safe with free and OpenBLD.net DNS 🤜🤛️️️️️️
• Look about of free and OpenBLD DNS service on project site - lab.sys-adm.in
• Страница проекта на русском - https://lab.sys-adm.in/ru
P.S. What is xg4ken and how to removal
Sys-Admin Up pinned «OpenBLD DNS prevented new malicious campaign that spreads through of Google Ads Today I discovered a new malicious company that spreads through of Google Ads side... In short - "Sponsored" link redirects to malicious site, and boom 💥 I felt "OpenBLD" effect!…»
Host Header Vulnerability Scanner Automated Tool
https://github.com/hemantsolo/Host-Header-Injection-Vulnerability-Scanner
https://github.com/hemantsolo/Host-Header-Injection-Vulnerability-Scanner
GitHub
GitHub - hemantsolo/Host-Header-Injection-Vulnerability-Scanner: Host Header Vulnerability Scanner Automated Tool
Host Header Vulnerability Scanner Automated Tool. Contribute to hemantsolo/Host-Header-Injection-Vulnerability-Scanner development by creating an account on GitHub.
Whisker is a C# tool for taking over Active Directory user
..and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account:
— https://github.com/eladshamir/Whisker
..and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account:
— https://github.com/eladshamir/Whisker
GitHub
GitHub - eladshamir/Whisker: Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their…
Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to...
"Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes
https://github.com/DesktopECHO/T95-H616-Malware/tree/main
https://github.com/DesktopECHO/T95-H616-Malware/tree/main
GitHub
GitHub - DesktopECHO/T95-H616-Malware: "Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes
"Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes - DesktopECHO/T95-H616-Malware
Fingerprint-Authentication-Brute-force_Attack.pdf
3.4 MB
Expose Smartphone Fingerprint Authentication to Brute-force Attack
PowerShell Obfuscation Bible
— repo: https://github.com/t3l3machus/PowerShell-Obfuscation-Bible
— video: https://www.youtube.com/watch?v=tGFdmAh_lXE
— repo: https://github.com/t3l3machus/PowerShell-Obfuscation-Bible
— video: https://www.youtube.com/watch?v=tGFdmAh_lXE
GitHub
GitHub - t3l3machus/PowerShell-Obfuscation-Bible: A collection of techniques, examples and a little bit of theory for manually…
A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell noscripts to achieve AV evasion, compiled for educational purposes. The contents of this repository...
MaccaroniC2 - Empowering Command & Control using AsyncSSH
MaccaroniC2 is a proof-of-concept Command and Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration. This tool is inspired for a specific scenario where the victim runs the AsyncSSH server and establishes a tunnel to the outside, ready to receive commands by the attacker:
— https://github.com/CalfCrusher/MaccaroniC2
MaccaroniC2 is a proof-of-concept Command and Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration. This tool is inspired for a specific scenario where the victim runs the AsyncSSH server and establishes a tunnel to the outside, ready to receive commands by the attacker:
— https://github.com/CalfCrusher/MaccaroniC2
GitHub
GitHub - CalfCrusher/MaccaroniC2: A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library…
A proof-of-concept Command & Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and u...
Evading MDATP for Full Endpoint Compromise
The purpose of this article will be showcasing the full compromise of an up-to-date Windows 10 endpoint protected by Microsoft's EDR solution Windows Defender Advanced Threat for Endpoint:
— https://www.fo-sec.com/articles/compromising-mdatp-endpoint
The purpose of this article will be showcasing the full compromise of an up-to-date Windows 10 endpoint protected by Microsoft's EDR solution Windows Defender Advanced Threat for Endpoint:
— https://www.fo-sec.com/articles/compromising-mdatp-endpoint
Firewall_Audit_Checklist.pdf
1004.7 KB
Six Best Practices Recommendations for Simplifying Firewall Compliance and Risk Mitigation, based on PCI DSS, ISO 27002
File Archiver In The Browser
This article explores a phishing technique that emulates a file archiver software in the browser while using a .zip domain:
— https://mrd0x.com/file-archiver-in-the-browser/?no-cache=1
This article explores a phishing technique that emulates a file archiver software in the browser while using a .zip domain:
— https://mrd0x.com/file-archiver-in-the-browser/?no-cache=1
Mrd0X
Security Research | mr.d0x
Providing security research and red team techniques
/ APT 29 Initial Access Killchain -MITRE ATT@CK Mappin
https://michaelkoczwara.medium.com/apt-29-initial-access-killchain-mitre-att-ck-mapping-f82286fa13ba
https://michaelkoczwara.medium.com/apt-29-initial-access-killchain-mitre-att-ck-mapping-f82286fa13ba
Medium
APT 29 Initial Access Killchain -MITRE ATT@CK Mapping
APT29/Nobelium Initial Access & ATT@CK Mapping
Forwarded from Sys-Admin InfoSec
/ Analysis of Amadey Bot Infrastructure Using Shodan
Here you'll see how to use a known c2 to craft additional queries based on html content and certificate information. In total, 12 unique servers will be identified:
https://embee-research.ghost.io/amadey-bot-infrastructure/
Here you'll see how to use a known c2 to craft additional queries based on html content and certificate information. In total, 12 unique servers will be identified:
https://embee-research.ghost.io/amadey-bot-infrastructure/
Embee Research
Shodan Query Guide - How To Track Amadey Bot Infrastructure With TLS Certificates and Russian Profanity
Identifying Amadey Bot Servers Using Shodan.
Dynamically program the kernel for efficient networking, observability, tracing, and security
this is eBPF… mf… where else to find time for all this..
— https://ebpf.io/
this is eBPF… mf… where else to find time for all this..
— https://ebpf.io/
ebpf.io
eBPF - Introduction, Tutorials & Community Resources
eBPF is a revolutionary technology that can run sandboxed programs in the Linux kernel without changing kernel source code or loading a kernel module.
Windows LAPS EventIDs and XPath Queries
The Local Administrator Password Solution (LAPS) is a vital tool for managing and securing local administrator accounts in Windows environments. Microsoft recently released an updated version of Windows LAPS, introducing new Event IDs to help administrators monitor and manage their environment effectively. In this blog post, we'll explore these Event IDs and discuss how you can use them to enhance your security and monitoring strategies:
— https://www.kaidojarvemets.com/windows-laps-eventids-and-xpath-queries/
The Local Administrator Password Solution (LAPS) is a vital tool for managing and securing local administrator accounts in Windows environments. Microsoft recently released an updated version of Windows LAPS, introducing new Event IDs to help administrators monitor and manage their environment effectively. In this blog post, we'll explore these Event IDs and discuss how you can use them to enhance your security and monitoring strategies:
— https://www.kaidojarvemets.com/windows-laps-eventids-and-xpath-queries/
Kaido Järvemets - Fuelled By Passion. Driven by Tech.
Windows LAPS EventIDs and XPath Queries | Kaido Järvemets
Explore the new Event IDs and XPath query capabilities in the latest version of Windows LAPS. Enhance your security posture with our comprehensive guide.
Harnessing The Power Of Cobalt Strike Profiles For EDR Evasion
— https://whiteknightlabs.com/2023/05/23/unleashing-the-unseen-harnessing-the-power-of-cobalt-strike-profiles-for-edr-evasion/
— https://whiteknightlabs.com/2023/05/23/unleashing-the-unseen-harnessing-the-power-of-cobalt-strike-profiles-for-edr-evasion/
White Knight Labs
Unleashing the Unseen: Harnessing the Power of Cobalt Strike Profiles for EDR Evasion | White Knight Labs
In this blog post, we will go through the importance of each profile's option, and explore the differences between default and customized Malleable C2
Free (9) short cources from GitLab
— GitLab 101. 1h - https://levelup.gitlab.com/courses/gitlab101
— GitLab 201. 1h - https://levelup.gitlab.com/courses/gitlab-201-certification
— GitLab CI/CD. 3h - https://levelup.gitlab.com/courses/continuous-integration-and-delivery-ci-cd-with-gitlab
— GitLab Security Essentials. 4 1/2h - https://levelup.gitlab.com/courses/security-essentials
— GitLab Technical Writing Fundamentals. 3h - https://levelup.gitlab.com/courses/gitlab-technical-writing-fundamentals
— GitLab with Git Essentials. 4h - https://levelup.gitlab.com/courses/gitlab-with-git-essentials
— GitLab Agile Project Management. 2 ½hours - https://levelup.gitlab.com/courses/gitlab-agile-project-management
— Remote Foundations Certification. 2h - https://levelup.gitlab.com/courses/remote-foundations
— TeamOps. 1-2h - https://levelup.gitlab.com/courses/teamops
— GitLab 101. 1h - https://levelup.gitlab.com/courses/gitlab101
— GitLab 201. 1h - https://levelup.gitlab.com/courses/gitlab-201-certification
— GitLab CI/CD. 3h - https://levelup.gitlab.com/courses/continuous-integration-and-delivery-ci-cd-with-gitlab
— GitLab Security Essentials. 4 1/2h - https://levelup.gitlab.com/courses/security-essentials
— GitLab Technical Writing Fundamentals. 3h - https://levelup.gitlab.com/courses/gitlab-technical-writing-fundamentals
— GitLab with Git Essentials. 4h - https://levelup.gitlab.com/courses/gitlab-with-git-essentials
— GitLab Agile Project Management. 2 ½hours - https://levelup.gitlab.com/courses/gitlab-agile-project-management
— Remote Foundations Certification. 2h - https://levelup.gitlab.com/courses/remote-foundations
— TeamOps. 1-2h - https://levelup.gitlab.com/courses/teamops
Edcast
Gitlab
LevelUp is GitLab's integrated talent enablement solution.
Cyber Security Glossary: Cyber Security Terms Listed From A To Z
https://www.allot.com/100-plus-cybersecurity-terms-definitions/
https://www.allot.com/100-plus-cybersecurity-terms-definitions/
Allot
100+ Cybersecurity Terms & Definitions You Should Know - Allot
Our cybersecurity glossary was compiled as a service to our customers to provide quick reference to over 100 important terms in the cybersecurity realm.
Forwarded from Sys-Admin InfoSec
В проекте OpenBLD.net DNS запущен режим OpenBLD+
Проект живет благодаря поддержке пользователей, сегодня есть возможность оформить подписку за 3$+, в замен получить:
• Персональную поддержку, помощь в расследовании Cybersecurity инцидентов
• Hardening, AppSec консультации, +консультации по SEO оптимизации Вашего сайта
• Улучшенная скорость доставки Вашего сайта/Домена пользователям OpenBLD.net DNS
• Лого компании или никнейм на сайте проекта со ссылкой на сайт или соц. профиль
• Unlimited доступ для выделенных IP
• Есть вопросы / предложения - welcome @sysadminkz
💪 Или просто закинь по братски на кофе ☕️
*en* - OpenBLD+ Benefits
*ru* - Что дает OpenBLD+
Проект живет благодаря поддержке пользователей, сегодня есть возможность оформить подписку за 3$+, в замен получить:
• Персональную поддержку, помощь в расследовании Cybersecurity инцидентов
• Hardening, AppSec консультации, +консультации по SEO оптимизации Вашего сайта
• Улучшенная скорость доставки Вашего сайта/Домена пользователям OpenBLD.net DNS
• Лого компании или никнейм на сайте проекта со ссылкой на сайт или соц. профиль
• Unlimited доступ для выделенных IP
• Есть вопросы / предложения - welcome @sysadminkz
💪 Или просто закинь по братски на кофе ☕️
*en* - OpenBLD+ Benefits
*ru* - Что дает OpenBLD+