Cyber Security Glossary: Cyber Security Terms Listed From A To Z

https://www.allot.com/100-plus-cybersecurity-terms-definitions/

How HTTPS Works

В проекте OpenBLD.net DNS запущен режим OpenBLD+
 
Проект живет благодаря поддержке пользователей, сегодня есть возможность оформить подписку за 3$+, в замен получить:

• Персональную поддержку, помощь в расследовании Cybersecurity инцидентов
• Hardening, AppSec консультации, +консультации по SEO оптимизации Вашего сайта
• Улучшенная скорость доставки Вашего сайта/Домена пользователям OpenBLD.net DNS
• Лого компании или никнейм на сайте проекта со ссылкой на сайт или соц. профиль
• Unlimited доступ для выделенных IP
• Есть вопросы / предложения - welcome @sysadminkz

💪 Или просто закинь по братски на кофе ☕️

*en* - OpenBLD+ Benefits
*ru* - Что дает OpenBLD+

Freeze[.]rs - payload creation tool used for circumventing EDR

— https://github.com/optiv/Freeze.rs

BRUTEPRINT: Expose Smartphone Fingerprint Authentication to Brute-force Attack

Technical paper

SecList

collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more

— https://github.com/danielmiessler/SecLists

Supply Chain Risk From Gigabyte App Center Backdoor

Recently, the Eclypsium platform began detecting suspected backdoor-like behavior within Gigabyte systems in the wild.

..analysis discovered that firmware in Gigabyte systems is dropping and executing a Windows native executable during the system startup process, and this executable then downloads and executes additional payloads insecurely. It uses the same techniques as other OEM backdoor-like features like Computrace backdoor (a.k.a. LoJack DoubleAgent)..:

https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/

/ Discovering the origin host to bypass web application firewalls

— https://labs.detectify.com/2022/05/09/discovering-the-origin-host-to-bypass-waf/

Today DigitalOcean supported OpenBLD.net DNS

.. step forward in a joyful mood 🥳

How to attack to DevOps. Defence. Checkilists

1. How to attack to DevOps. 2. How to defence 3. Service configs checklists.

Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat

..new ransomware-as-a-service (RaaS) provider. In addition to offering ransomware services.. which compatible three major platforms: Windows, Linux, and macOS. Technical deep dive research.

Offensive Bookmarks

I don’t check it, it is quite possible that there may be contains some pure) .. who will check, let me know later plz

— https://github.com/kargisimos/offensive-bookmarks

Bypassing Defender with ThreatCheck & Ghidra

— https://offensivedefence.co.uk/posts/threatcheck-ghidra/

/ When Hackers hack the Hackers - Malware Analysis for a group targeting Malware Developers

Detailed analysis revealed Command & Control (C2) connections using Discord for communication.

https://www.r-tec.net/r-tec-blog-when-hackers-hack-the-hackers.html

P.S. Malicious domains with Cobalt Strike C2, Remcos C2 already blocked in OpenBLD.net DNS

/ Analysis of CVE-2023-29336 Win32k Privilege Escalation Vulnerability (with POC)

https://www.numencyber.com/cve-2023-29336-win32k-analysis/

Deep Dive into Kerberoasting Attack

https://www.hackingarticles.in/deep-dive-into-kerberoasting-attack/

toxssin

An XSS exploitation command-line interface and payload generator:

https://github.com/t3l3machus/toxssin

/ Skuld: The Infostealer that Speaks Golang

This new malware strain tries to steal sensitive information from its victims..:

https://www.trellix.com/en-us/about/newsroom/stories/research/skuld-the-infostealer-that-speaks-golang.html

/ Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust

— https://dirkjanm.io/obtaining-domain-admin-from-azure-ad-via-cloud-kerberos-trust/